Zebeth Media Solutions

data protection

India proposes permitting cross-border data transfers with certain countries in new privacy bill • ZebethMedia

By zebethcontrolPosted on Posted in data protection, Government & Policy, indiaNo Comments on India proposes permitting cross-border data transfers with certain countries in new privacy bill • ZebethMedia

India has proposed a new comprehensive data privacy law that will mandate how companies handle data of its citizens, including permitting cross-border transfer of information with certain nations, three months after it abruptly withdrew the previous proposal amid scrutiny and concerns from privacy advocates and tech giants. The nation’s IT ministry published a draft of the proposed rules (PDF), called the Digital Personal Data Protection Bill 2022, on Friday for public consultation. It will hear views from the public until December 17. “The purpose of this Act is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto,” the draft says. The draft permits cross-border interactions of data with “certain notified countries and territories,” in a move that is seen as a win for tech companies. “The Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified,” the draft says, without naming the countries. Asia Internet Coalition, a lobby group that represents Meta, Google, Amazon and many other tech firms, had requested New Delhi to permit cross-border transfer of data. “Cross-border transfer decisions should be free from executive or political interference, and should ideally be minimally regulated,” they wrote in a letter to the IT ministry earlier this year. “Placing restrictions on cross-border data flows is likely to result in higher business failure rates, introduce barriers for start-ups, and lead to more expensive product offerings from existing market players. Ultimately, the above mandates will affect digital inclusion and the ability of Indian consumers to access a truly global internet and quality of services,” the group had said. The draft also proposes that companies only use the data they have collected on users for the purpose they obtained them originally. It also seeks accountability from the firms that they ensure that they are processing the personal data for the users for the precise purpose they collected it. It also asks that companies do not store the data perpetually by default. “The storage should be limited to such duration as is necessary for the stated purpose for which personal data was collected,” a note from the ministry said. The draft proposes a penalty of up to $30.6 million in the event a firm fails to provide “reasonable security safeguards to prevent personal data breach.” Another $24.5 million fine if the firm fails to notify the local authority and users for failure to disclose personal data breach. The earlier proposed rules were touted to help protect the citizens’ personal data by categorizing it into different segments based on their nature, such as sensitive or critical. However, the new version does not segregate data as such, according to the draft. Similar to Europe’s GDPR and the CCPA (California Consumer Privacy Act) in the U.S., India’s proposed Digital Personal Data Protection Bill 2022 will apply to businesses operating in the country and to any entities processing the data of Indian citizens. The proposed rules, which are expected to be discussed in the parliament after receiving public consultation, would not bring any changes to select controversial laws in the country that were drafted more than a decade ago. New Delhi is, though, working on updating its two-decade-old IT law that would debut as the Digital India Act. It will segregate intermediaries and come as the endgame, India’s minister of state for IT Rajeev Chandrasekhar told ZebethMedia in a recent interview. In August, the Indian government withdrew its earlier Personal Data Protection Bill that was unveiled in 2019 after much anticipation and judicial pressure. At the time, India’s IT Minister Ashwini Vaishnaw said that the withdrawal was considered to “present a new bill that fits into the comprehensive legal framework.” Meta, Google and Amazon were some of the companies that had expressed concerns about some of the recommendations by the joint parliamentary committee on the proposed bill. The move to bring a data protection law came privacy was declared as a fundamental right by the Supreme Court of India in 2017. However, the country faced strong criticism over its earlier data protection bills due to their intrinsic nature of granting government agencies the power to access citizens’ data. At one of the sessions during the G-20 Summit in Bali earlier this week, Prime Minister Narendra Modi talked about the principle of “Data for development” and said that the country would work with G-20 partners to bring “digital transformation in the life of every human being” during its next year’s presidency for the 19 countries-comprising intergovernmental forum.

Read More

Laika laps up $50M for its automated security compliance platform • ZebethMedia

By zebethcontrolPosted on Posted in compliance, data protection, Enterprise, laika, SecurityNo Comments on Laika laps up $50M for its automated security compliance platform • ZebethMedia

Compliance with privacy and security frameworks like SOC 2, HIPAA and GDPR has become a central component not just of how organizations build trust with their users, but of how organizations work together these days: fail to meet the requirements of these frameworks, and you might lose your business relationship. Today, Laika — one of the bigger startups providing tools to help meet those compliance demands — is announcing $50 million in funding, underscoring the growth in this space. Laika will be using the equity, a Series C, to continue expanding the functionality of its platform and its wider business funnel. Laika today has some 500 customers, with that number growing four-fold in the last 12 months; and it provides integrations for some 100 different software packages to measure how client compliance stacks up across them, with tools including integrated audits, penetration testing and security questionnaires (which are using in RFPs and due diligence ahead of securing contracts). In an interview, Austin Ogilvie, Laika’s co-founder and co-CEO, said the plan will be to expand in both customer numbers and the number of sources Laika can tap to measure data protection and other compliance metrics across an organization’s wider digital footprint. Fin Capital is leading this round, with new backers Centana Growth Partners and previous investors J.P. Morgan Growth Equity Partners, Canapi, and ThirdPrime all also participating, among others not being named. Other notable past investors have included some very big names in the world of fintech, including PayPal, and fintech specialist VCs NYCA and Dash Fund — a fuller list that points to Laika’s traction in financial services in particular. The finance sector has for years at this point been a significant user of compliance software for regulatory and business reasons. But, as Ogilvie pointed out to me, we are long past the point of financial companies being the primary users of compliance tools: that is one reason why growth is motoring along for companies like Laika right now, and why Laika specifically is able to raise a decent round at a time when funding is much harder to come by for startups. On top of this, combined with Laika’s other co-founders Sam Li and Eva Pittas (respectively the co-CEO and COO, with all three pictured above), the three have collective exposure and experience across insurance, data science and risk protection that speaks to the bigger opportunity that the company is tackling. Including this latest Series C, Laika has now raised $98 million in total. While it’s not disclosing valuation, Ogilvie confirmed it was a “healthy step up” from its Series B, which PitchBook notes was $235 million post-money when that closed in 2021. (In other words it’s now more than $335 million.) For a little more context, two of Laika’s close competitors in the world of monitoring data protection compliance, Vanta and Drata, each raised rounds this year that valued them at or just above $1 billion. (See here and here.) Laika’s growing coffers come at a timely moment, and that’s not just because its competitors are also raising. First, the number of compliance frameworks being formed globally is growing; and second, the bigger an organization or its operations, the more complicated the task of ensuring compliance becomes. “Compliance has been a top for at least the last 10 years, but it’s really dialed up in the last three, where there has been just an explosion of these, some regulatory but others like PCI just a non-option when it comes to compliance,” Ogilvie said. “If you sell or work with any brand of consequence, they will do due diligence that includes security assessments, and you also have to demonstrate that you are continuously operating according to those principles.” The biggest customers might have as many as 5,000 vendors that need to be assessed and regularly audited, a task in itself that necessitates automation and a platform approach. But smaller organizations need software, too, often for a slightly different set of reasons, he said. “Some come to us having never needed to look at this. Using Laika will be the first time seeing security assessment document,” Ogilvie said. Others might be using Laika in place of having adequate staff or infosec teams in-house to monitor and maintain these data relationships. Covid, he added, increased the need for these tools, with more working remotely and in the cloud typically needing more apps and more generally a different kind of security and data protection environment. There are a number of compliance tools in the market today — no surprise considering the ever-persistent cybersecurity threats and a growing awareness among regulators and the general public of data protection. Even before Covid really became a vector, the industry was already worth some $32 billion annually. That number is projected to reach nearly $75 billion by 2028. Investors say that Laika — named after the Russian dog, the first non-human sent into space, and a “gentle nod towards pioneering and exploration,” said Ogilvie — stands out by being one of the easier tools to adopt and regularly use. “Laika has filled a unique gap in the rapidly-growing compliance automation and audit management space, by providing the only comprehensive, centralized compliance platform,” said Christian Ostberg, a partner at Fin Capital, in a statement. “By combining automation of InfoSec workflows with the integrated, tech-enabled audits, Laika has set themselves as the clear market leader shaping this fast-growing category.”

Read More
Subscribe to Zebeth Media Solutions

You may contact us by filling in this form any time you need professional support or have any questions. You can also fill in the form to leave your comments or feedback.

We respect your privacy.
business and solar energy