Organizations collect a variety of customer data right from the customer's initial onboarding and throughout the tenure of customer engagement. Some of this data form a basic pre-requisite for establishing and sustaining customer relationship. Additional data may also be gathered by organizations to understand customer preferences and behavior, and to enhance customer experience. In either case, the collected customer data could be sensitive or personally identifiable.
Several nations across the world have implemented specific laws that govern how organizations can collect and process citizen data. Citizens have also become extremely conscious about the protection of their data that is being collected, stored and processed by organizations. The citizens are quick to change loyalties if data privacy is breached. Data protection has, therefore, emerged as a key factor of business growth for organizations across business verticals. Data protection measures taken by organizations entail the key aspects of data security and privacy.
India has proposed a bill (Personal Data Protection Bill, 2019), which when adopted into a law (Personal Data Protection Act, 2019), will require Indian organizations to safeguard personal data of its citizens when the same is collected, shared and processed. The bill defines specific requirements for Data Fiduciary (this can include an organization that determines the purpose and means of processing personal data) and Data Processor (this can include an organization which processes personal data on behalf of a data fiduciary) in the context of safeguarding data of Data Principal (a natural person whose personal data is being referred to). The bill recognizes personal data as attributes and features (even in combination), which can identify a natural person directly or indirectly. Organizations will be required to protect the personal data, when it is collected and processed either by them or their partner entities.
Further, this bill identifies special categories of personal data as Sensitive Personal Data, which includes financial, health, genetic and biometric data, passwords, official identifiers, caste, tribe among others. For such sensitive personal data, the bill has proposed additional data protection requirements. The bill also requires the organizations to ensure the personal data is complete, accurate and updated. For more information about this bill, please refer to the awareness video here.
TCS MasterCraft DataPlus is an integrated data management software, which provides data privacy, data quality management, test data provisioning, data modeling and data analysis features, which help an organization elevate trust on its data and metadata.
Through TCS MasterCraft DataPlus, Indian organizations can ensure reliable and privacy-safe sharing and access of data. This will be of paramount importance to Indian organizations, as they strive towards compliance with the Personal Data Protection Act, when it comes into force.