Please share your comments; critics make life meaningful!

Tuesday, February 7, 2012

Privacy & India

Privacy as a concept is far from being a part of the Indian culture. Our names reveal our state, our sect/caste, religion, and sometimes village and many times our father’s name:). We love to  boast about our salary, of course adding a 40% to the 20% bonus on our CTC. The list of examples is long, and sometimes not at all comprehensible. But that’s the way it is. Hence, in India, Regulation would have to drive cultural change as regards Privacy; and we have seen a first detailed and strong Regulation, with another more detailed and stronger one in the pipeline. But relying on regulation to change culture is too much to ask for, because Indian culture is very old, and consequently deep rooted. Govt. and corporation are primarily comprised of people, and in India, bulk of them being Indian and hence far from familiar with Privacy, we will not reach far in adoption of privacy practices in India, if we rely on regulation alone.
So who or what can help?

Most large international corporations see Privacy as a compliance burden, which is complied with just to be on the right side of law and as a regulatory risk mitigation exercise. With more and more of them having to do something or the other with new age business (cloud computing, social networking and mobility platforms), they are more and more inclined to give lip service to concepts like privacy which come in their way of exploiting and leveraging customer data, which is viewed as a pile of gold by marketers and sales folks.

Microsoft (MS) is uniquely placed in this regard. Having been one of the initial leaders of the computing industry and having been at the receiving end of security and privacy concerns of customers, corporates and regulators, MS decided very on to ingrain security, privacy and reliability as design pillars in all its products and platforms. In fact, 10 years ago in Jan 2002, Bill Gates himself wrote the now famous Trustworthy Computing (TwC) note, and focused MS’s developer community on building strong privacy and security protections into all of MS products and services as part of the TwC initiative. TwC still drives the ethos at MS today. There are numerous practical examples of how MS’s commitment to the concept of privacy by design protects consumers using several of MS products & platforms. Besides ensuring that Privacy principles are integral to all that it sells, MS also focuses on Privacy compliance in all its internal operations and that included its sales and marketing engines. There are more than 40 full time Privacy professional like me who are constantly maintaining strict vigil and oversight over all MS operations worldwide, and ensuring adherence to MS Privacy Policy and Standards which meet and better Privacy regulations in each and every country in the world. That’s why you will notice now that in the news when you find other big names being dragged into courtrooms around the world for Privacy violations, the only mention of Microsoft in the news is of how it contributed to spreading the message of Privacy during the DPD through awareness campaigns, primary research on consumer opinions around privacy and other such constructive activity.

I must mention that part of my role as the Privacy leader for MS in India is to be available as a subject matter expert and thought leader on data security & privacy, and make MS available as a partner committed to Privacy, in any venture that is undertaken on the domains connected to Privacy.

1 comment:

Sam said...

Very timely. Very apt!
Changing mindsets and culture takes sustained efforts. Getting organizations to understand the implications and their responsibility (not just legal liability) of privacy requires lot of education.

If the organization is following 27001 practices, some security managers feel we are covered from privacy risks point of view. Is this a fair assumption?