Data encryption and proper disposal are critical for compliance with privacy laws: Ram Mohan, Happiest Minds

With increasing digital transactions and data sharing, protecting personal information has become a critical challenge for enterprises. Regulations like GDPR, CCPA, and India’s DPDP Act mandate strict data privacy measures to prevent breaches and misuse.

In a conversation with TechCircle, Ram Mohan, CEO of Infrastructure Management & Security Services (IMSS), discusses how companies ensure responsible data collection, storage, and protection. He explains the challenges of complying with evolving privacy laws, managing cross-border data transfers, and securing enterprise systems. He also explores the impact of Generative AI on data security and the role of emerging technologies like quantum-safe encryption in shaping the future of enterprise privacy.

How does your company ensure the responsible collection, storage, and protection of user data in compliance with privacy laws?

Data privacy revolves around the type of information collected from users, which typically falls into two categories: Personally Identifiable Information (PII) and Personal Health Information (PHI). PII includes details like name, address, and identification numbers, while PHI pertains to medical records and health-related data.

The key aspects of data privacy include how information is collected, stored, used, and protected. Improper handling can lead to breaches, fraud, and misuse, as seen in numerous cyber incidents. To mitigate these risks, various countries have established stringent privacy laws.

How does the DPDP Act impact your company's approach to data privacy, and what challenges do Indian enterprises face in complying with it?

The Digital Personal Data Protection (DPDP) Act was introduced in 2023 to address critical data security concerns. A telecom company, for instance, collects vast amounts of user data. If this data isn’t encrypted and gets compromised, sensitive information can fall into the wrong hands.

The challenge for enterprises is enormous. Data breaches happen through leaks or even simple email ID guesses. Organizations must encrypt data, store it securely, and determine how long they need to retain it.

How does your company help manage cross-border data transfers while ensuring compliance with laws like DPDP and GDPR?

Happiest Minds offers two key services: internal data privacy management and external security solutions. Internally, we implement strong data protection measures to safeguard information collected from employees, website visitors, vendors, job applicants, and other stakeholders.

Externally, we provide comprehensive security services to customers. Our offerings cover four key areas. First, Governance, Risk, and Compliance (GRC) helps businesses comply with regulations like GDPR, CCPA, HIPAA, and India’s DPDP through expert consulting. Second, Identity and Access Management (IAM) ensures secure system access using password controls, two-factor authentication, and role-based access. Third, Threat Management protects enterprises from cyber risks through a Security Operations Center (SOC) and advanced threat prediction. Lastly, Application Security safeguards IT assets by conducting vulnerability assessments and penetration testing.

How has the rise of Generative AI impacted data privacy in the industry?

Generative AI is still in its early stages, with many figuring out how to implement it effectively. Manual handling increases the risk of human error, making automation a smart choice. Integrating Generative AI speeds up processes, enhances security, and ensures compliance.

Which emerging technologies, like quantum-safe encryption or homomorphic encryption, will shape enterprise privacy in the next decade?

There are many tools available to ensure data repeatability and compliance with privacy regulations. Companies are developing tools to manage customer data preferences, prevent unauthorized contact, and ensure regulatory compliance.

Staying ahead with encryption tools, data disposal mechanisms, and GDPR compliance strategies is crucial for maintaining data integrity and security.