The latest recommendations of the JPC (Joint Committee of both Houses of Parliament) seem to be in best interest of Indian citizens. Companies will have to proactively ensure their business processes stay aligned with best practices around managing personal data, says Amit Jaju, Senior Managing Director, Ankura Consulting Group, in an interaction with CIO AXIS. He shares his thoughts on data privacy and security.
CIO AXIS: How Ankura is helping multiple organisations to comply with data privacy and security regulations? Any particular industry you’re keen to work with?
Amit Jaju: Over the past several years, we have helped Clients in several industries deal with emerging risks around data privacy, data governance, localisation and cyber security. In the recent past we have witnessed Indian companies look at these areas from a domestic and international lens.
Although we cover many industries, majority of our Clients fall under sectors that are either highly regulated such as Pharma and Financial Services or, the Clients have cross border operations.
CIO AXIS: How Ankura is ensuring digital data forensic practices pre- and post-breach in an enterprise?
Amit Jaju: It is important for enterprises to look at digital risks in a holistic way. No defences can claim to prevent these risks entirely and it is important for enterprises to follow a cycle of prevent, detect and respond model for their cyber incidents. Digital forensics plays a key role where digital evidence related to incidents is collected, preserved and analysed. Digital forensic analysis and cyber incident investigation together provide clued to an enterprise around the loop holes, risks and their impact. These findings are important inputs for creating a robust defence strategy for an enterprise.
CIO AXIS: Please tell us about your overall growth in the previous FY and future roadmap of Ankura in India?
Amit Jaju: We are constantly growing our service portfolio and developing industry specific products catering to the customized requirements of our existing and new potential clients. In our first year itself, we have onboarded over 100 clients and are continuing to add new clients and innovative solutions to our portfolio. We launched Relativity One eDiscovery offering in India along with our digital platforms around Pharma Data Integrity and Software license compliance and cost optimizations. With our recent global acquisitions of technology platforms, we are also actively helping clients around emerging threats that originate from social media such as misinformation / disinformation, surface web and dark-web such as cyber threats.
We have robust plans to expand our team in India in the upcoming few months as we are constantly growing our client base, and finding qualitative talent in the technology space in India is comparatively easier. We aim to create a significant benchmark in the technology consultancy segment where we can service each single client with a customized approach while delivering efficient outcomes for them.
CIO AXIS: What is your take on the current on-going situations with data accessibility laws in India?
Amit Jaju: The government of India not only wants to build a robust digital ecosystem but also wishes to provide a favourable environment to support the same. To achieve this, the government must ensure the protection of personal data and ease of data access. The India Data Accessibility & Use Policy is important because it will help build a digital ecosystem that enables ease of data access and use, while also protecting people’s data.
In terms of implementation of this policy, there are certain areas where there is a scope of improvement such as coverage of policy should be extended to all the states. The policy will be more beneficial if all state and central government systems come under the ambit of the policy. In terms of integrity, there is a lack of provision to ensure data integrity management as it is transferred between different departments. Also, role of third parties is bit unclear, though the draft policy talks about inclusion of third parties to assist with data processing, it doesn’t talk about the responsibilities and penalties that will be levied on third parties if they mishandle the data or if there is a breach. It is also not clear if third parties will be asked to ensure data localization whilst they are handling the data.
CIO AXIS: What’s your current role and responsibilities in driving Ankura’s growth across multiple industries?
Amit Jaju: I joined Ankura in March last year as a Senior managing director for India, I am responsible for growing the firm in India and to help clients with market leading solutions around technology led investigations, cyber, analytics, data privacy etc. I ensure that our clients get the best available expertise from around the world to solve their business challenges. I lead our propositions globally around software asset management and pharma data integrity. I am also on the EMEIA/Asia data & technology Advisory board.
In my prior roles, I served large global consulting brands for over 18 years in leadership roles in India and abroad as a Partner and regional leader. I have delivered engagements for Indian and Global Clients in over 20 countries covering a wide array of solutions around risk, compliance and digital transformation. India has witnessed a positive divergence in recent years where factors such as improved access to digital technologies, ease of doing business, push for make in India, start-up ecosystem, fintech revolution, 4G, have opened up opportunities at unprecedented scale. Under Ankura’s global network of experts and solutions, we are able to offer some very unique solutions to problems that Indian companies face.
CIO AXIS: Briefly explain about Ankura’s key solutions and offerings.
Amit Jaju: We at Ankura are providing our expert services in a wide range of industries starting BFSI, Education, Retail, Healthcare, Manufacturing and heavy industries, logistics, Energy, Government and Public sectors, etc. to name a few key ones.
We have a core set of capabilities that are combined to create unique solutions that are efficient and cost effective.
In the last quarter of previous financial year, we had launched a Pharmaceutical Data integrity platform within our Data and Technology practice, bolstering its comprehensive client advisory capabilities.With the introduction of this solution, Ankura has enhanced its team of experts to support pharmaceutical clients’ compliance with the Data Integrity guidelines of multiple regulators through advanced digital technology. In this quarter, we have introduced a new Software License Compliance and cost optimization tool, called Ankura SAM Manager. The addition of this solution to Ankura’s technology advisory portfolio enables the Firm to continue to handle the increasing complexity of clients’ software infrastructure and inventory using innovative digital technology.
We are witnessing significant demand for some of our solutions where we are global leaders such as Cyber incident response & security, intellectual property, protecting trade secrets, preventing espionage, international arbitration, asset tracing, data privacy, digital forensics, online threats mitigation, insider risks, executive cyber security etc.
CIO AXIS: What kind of recommendations you would prefer for better data security in the upcoming PDP bill?
Amit Jaju: The latest recommendations of the JPC seem to be in best interest of Indian citizens, companies will have to proactively ensure their business processes stay aligned with best practices around managing personal data.
To be specific there are two areas where JPC committee have given some better recommendations such as:
I. The JPC noted, there is no mention in the PDP Bill about the rights of the deceased person and, has recommended adding clauses related to rights of data subject to exercise his or her rights in case of death. In such a situation, the data subject should have options of nominating a legal representative or heir, or the right to be forgotten.
II. Unlike the GDPR, the JPC observed that the original PDPB has no mention of specific qualification or position of the DPO in the company. GDPR states that the DPO (Data Protection Officer) should have expert knowledge of data protection law in addition to other related experience. The JPC has recommended that DPO should be a senior level officer in the state or key managerial personnel of the company in addition to the technical qualifications and experiences required for a DPO.
CIO AXIS: Tell us little bit about Data disclosure norms around the globe, and what companies need to ensure while they are operating in different continents?
Amit Jaju: The best way to navigate these laws is to be aware of what they are. To do this, it’s important to review the laws in various jurisdictions that your company may have operations. Data breaches are an unfortunate reality, but there are ways to protect your company against them. Data protection is paramount for any business, but it’s even more crucial for global business with many operating in different jurisdictions.
Laws about data breach disclosure vary by country, so it’s important to know what to disclose and what to keep confidential. One way that global companies can navigate these various laws is by investing in a comprehensive data protection framework that includes a technology solution and expertise to detect, respond and remediate a data breach incident.
Companies should keep in mind not just their own interests in mind but also of those entities whose data potentially got breached.