Keeping with the theme of Data Privacy this May, Analytics India Magazine caught up with Subramanyam Sreenivasaiah, founder, president and CEO of AscentHR. The company provides customised HR solutions to their clients and businesses. The noted company is a hybrid framework of customised technology solutions provided supported by an efficient and tightly integrated services layer.
Sreenivasaiah is also a corporate lawyer and a fellow member of the Institute of Company Secretaries of India, with close to two decades of experience in financial, legal, tax, business and management. He has worked in these areas in various corporates as a passionate professional before venturing into entrepreneurship by setting up AscentHR in the year 2002. He has been instrumental in enhancing the company’s value chain, from payroll and benefits administration, to a full-service HR solutions company covering multiple geographies.
Analytics India Magazine: Why do you think there’s a dire need for data piracy law in India?
Subramanyam Sreenivasaiah: Data Privacy is very critical today given its omnipresent character across human lives. Privacy has been recognised traditionally as a ‘right’ across all the countries and with data around human life assuming significance, given its adoption and usage, data privacy is highly relevant — even more so in a vast population like India. Though the constitution does not patently grant privacy as a fundamental right, Courts in India have considered privacy as a right while reading into freedom of expression or life and personal Liberty under Article 19 and Article 21 respectively. The current judicial scrutiny of Aadhar by the Supreme Court also appears veering towards granting a fundamental right to privacy including data privacy.
AIM: How can India provide adequate protection for electronically-transferred data?
SS: India currently does not have a law that protects data privacy adequately. We have the Information Technology Act which leans towards how to treat a violation of privacy by a person holding such data with civil and criminal consequences. India needs a formal codification of data privacy rights and methods for data protection. Globally the trend has been to create policy or procedure towards that and India is no exception.
AIM: What can be the lessons learned from Facebook data leak?
SS: Misuse of data supplied by an individual is a serious concern and this happened under the nose of such a large organisation as Facebook which professed Free Internet is appalling. The biggest challenge in a globalised IT Infrastructure would be ways of identifying the liability of person holding data, particularly when such data is held beyond the physical boundaries of the country in which such data element is created. In early commerce high sea sales used to a favourite practice owing to lack of regulations around the transaction. Should a country take the initiative of restricting the data storage within its boundaries, it will weaken the system and hamper efficiencies of scale. Therefore, it is a delicate balance of how to impose restrictions while ensuring data protection and privacy.
AIM: With a lot of data flooding in, what are some of the best practices that companies can take to ensure that no data is misused?
SS: PII or personally identifiable information is what requires the most attention under Data protection regulations and new norms in managing such sensitive data have begun arising. For example, the General Data Protection Regulation (GDPR), which is likely to be followed up with each country or a cluster of countries adopting similar practices. Corporations who have access to such PII data are very conscious of methods of storage and processes for which such data is applied or used. Global standards in Information Security and Data protection would drive this practice. In addition countries must address the need of recognition of data privacy as a right to prevent misuse with adequate penal consequences
AIM: What are steps taken by the company to ensure data protection of its clients/users?
SS: As of now, the regulations are not stringent but the practice is driven by standards on Information Security and Data Privacy. In certain geographies penal consequences in not adhering to newly announced practices around data protection For example, the GDPR in Europe is extremely high with penal consequence being four percent of the revenues of such corporation for any breach.