Telecom Regularity Authority Of India
The Trust Challenge

Recommendations

Recommendations made by the Authority are as follows:

Pointer

The telecom industry is extensively regulated, and TSPs are governed by a number of user data privacy rules, which are as follows:

  • IT Act, 2000: Sec 43A, Sec 69, Sec 69B, Sec 72A, Sec 67C, and Sec 79.
  • IT Rules
  • Indian Telegraph Act, 1885: Sec 5 and Sec 26,
  • Indian Telegraph Rule 419A.
  • Unified License condition 37, 38, 39 and 40.
  • Guidelines, circulars, direction, and notifications issued by DoT and TRAI
Pointer

TRAI has provided guidelines for user privacy by implementing the "Privacy by Design" principle, which suggests that proper rules, standards, and procedures to protect user privacy must be incorporated at every point where personal data is handled.

Pointer

TRAI recommends conferring five data rights on all telecommunications consumers: the rights to Choice, Notice, Consent, Data Portability, and the Right to Be Forgotten.

Pointer

TRAI promotes the principle of Data Minimisation, improving system security by collecting the minimum amount of data essential to providing customers with service.

Pointer

Under TRAI's recommended framework, users own their own data and data collectors have a responsibility to treat that data with care.

The Trust Challenge

Challenges

The following are the issues faced by the organization in complying with the guidelines that the majority of organizations face:

Pointer

Manually managing data mapping and inventory to fulfill legal standards, as well as the organization's inability to centrally handle customer data in order to be controlled.

Pointer

Implementation of Data Minimization under the guidelines.

Pointer

Manually managing data mapping and inventory, to fulfilling consumer requests (DSR’s) as mentioned in the guidelines and uplifting the consumers trust.

Pointer

Organizations do not have a mechanism in place to generate record of assurance that provide the proof of permanent deletion.

Pointer

Organizations lack the ability to detect and filter out data that is part of a breach and has been shared to unauthorized persons.

Win-Win Situation

Solutions

Ardent Privacy’s Solutions which are helping organizations to fulfill the requirements relating to the recommendations mentioned in the guidelines:

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party “Privacy Intelligence” (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

“Data Minimization”: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

“Right to be Forgotten (RTBF)” with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

The Trust Challenge

Recommendations

Recommendations made by the Authority are as follows:

Pointer

The telecom industry is extensively regulated, and TSPs are governed by a number of user data privacy rules, which are as follows:

  • IT Act, 2000: Sec 43A, Sec 69, Sec 69B, Sec 72A, Sec 67C, and Sec 79.
  • IT Rules
  • Indian Telegraph Act, 1885: Sec 5 and Sec 26,
  • Indian Telegraph Rule 419A.
  • Unified License condition 37, 38, 39 and 40.
  • Guidelines, circulars, direction, and notifications issued by DoT and TRAI
Pointer

TRAI has provided guidelines for user privacy by implementing the "Privacy by Design" principle, which suggests that proper rules, standards, and procedures to protect user privacy must be incorporated at every point where personal data is handled.

Pointer

TRAI recommends conferring five data rights on all telecommunications consumers: the rights to Choice, Notice, Consent, Data Portability, and the Right to Be Forgotten.

Pointer

TRAI promotes the principle of Data Minimisation, improving system security by collecting the minimum amount of data essential to providing customers with service.

Pointer

Under TRAI's recommended framework, users own their own data and data collectors have a responsibility to treat that data with care.

The Trust Challenge

Challenges

The following are the issues faced by the organization in complying with the guidelines that the majority of organizations face:

Pointer

Manually managing data mapping and inventory to fulfill legal standards, as well as the organization's inability to centrally handle customer data in order to be controlled.

Pointer

Implementation of Data Minimization under the guidelines.

Pointer

Manually managing data mapping and inventory, to fulfilling consumer requests (DSR’s) as mentioned in the guidelines and uplifting the consumers trust.

Pointer

Organizations do not have a mechanism in place to generate record of assurance that provide the proof of permanent deletion.

Pointer

Organizations lack the ability to detect and filter out data that is part of a breach and has been shared to unauthorized persons.

Win-Win Situation

Solutions

Ardent Privacy’s Solutions which are helping organizations to fulfill the requirements relating to the recommendations mentioned in the guidelines:

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party “Privacy Intelligence” (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

“Data Minimization”: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

“Right to be Forgotten (RTBF)” with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

Featured News, Blogs & Events

Be the first to catch our latest updates,
happenings and more.

Follow us