Drivers for Information privacy initiatives in Indian organizations.

Majority of Indian companies, across verticals are today aware that Information Security is a priority as a business concern. Organizations today are part of an ecosystem which also encapsulates their clients & partners as well. With such interdependence, looking at solutions, which are best in class and scalable, and mitigate risks arising our of information breach with sensitive content, becomes statutory. Further, Global information privacy regulations are also driving Indian Companies to have an information breach solution in their setup.


In India majority of organizations are not encrypting the sensitive emails which contains confidential information. Printout & extensive usage of usb devices are also a concern area in Indian organizations because sensitive information can very easily leak via usb drives, CD etc.



Critical Information which Organizations need to protect

  • Employee details.
  • Customer data.
  • Intellectual property related docs like process & research docs.
  • Payroll, receipts and expenditure.
  • Business plan, proposals, presentations, business Strategy documents & minutes of meeting etc.
  • Marketing campaign information.


Consequences of Information breach

  • Financial Damage
  • Legal Consequences
  • Brand Damage
  • Intellectual Property information breach
  • Loss of Productivity


Mediums which could cause information breach:

  • Business Website Usage
  • Personal Website Usage
  • Email attachments
  • Webmail
  • File download & upload
  • Application Installations/Uninstalls
  • Registry Editor
  • Removable Mass storage devices -Add/Remove Device
  • Removable Mass storage devices -File Activities
  • Print
  • Instant Messaging


Legal and Regulatory Environment in India

The Indian legal system derives a strength to deal with cyber security and data protection measures from various enactments, namely, (i) The Indian Telegraph Act, 1885, (ii) The Indian Contract Act, 1872, (iii) The Specific Relief Act, 1963, (iv) The Public Financial Institutions Act, 1983, (v) The Consumer Protection Act, 1986 and (vi) The Credit Information Companies (Regulations) Act, 2005 and the IT Act 2000. However, recent IT (Amendment) Act, 2008, for the first time, introduces the concept of “sensitive personal information”, and fixes the liability of the ‘body corporate’ to protect the same. On the other hand, it helps to take legal action against an individual for the breach of confidentiality and privacy, under a lawful contract.