This Course Is A Necessity Of Emergency Service Personnel, Law Enforcement: Fill & Download for Free

In the end, when you think about it, law enforcement officers – the large majority of them – do the job because it’s their job and they accept that it will impact how they live their life until they retire (and honestly? Even after that). Firefighters live for the rush and pride of saving something or someone; the potential to be a hero. It’s a good thing we have each other though, because none of us could do it all by ourselves.Just this morning I was exchanging emails with my boss about various business topics. Since our owning company (Cygnus Business Media) owns properties that serve all aspects of the public safety industry (law enforcement, firefighters and emergency medical personnel), part of the discussion was about the differences that exist in the PEOPLE who fulfill those different positions. Having served in several different uniforms (military, police and firefighter) I found myself pondering the different motivations and aspects. I’d appreciate your feedback on my thoughts if you disagree or if you have a different insight.First, please understand, that I do truly believe the calling to public safety service, or even uniformed service in general, is in the blood. I am adopted child, separated from my mother at birth. I never met any of my siblings until about ten years ago. I found out, at that time, that I have six brothers and two sisters for a total of seven boys and two girls that my mom had. Of the seven boys, five of us have served in uniform. All five have worn a military uniform, and two of us have been police officers for a full career after having served in the military. How does one explain having so much in common when we didn’t have a common up-bringing?Further evidence: Not long ago I made a presentation to a group of tactical officers. There were roughly 200 officers in the room. A quick question & answer session accompanied by a show of hands revealed that about three-fourths of them were either second generation public safety personnel OR they had blood relatives also serving in a public safety uniform. About two-thirds of them were prior military before joining a law enforcement agency and about one fourth of them were both law enforcement officers AND volunteer firefighters.Second, we have to recognize that there ARE distinct differences between “cops” and “firefighters.” While many of us do serve, or have served, in both uniforms, by and large we are one or the other. Being “one or the other” is easy to observe when you consider some of our outlook or behavioral differences. Bear in mind as I list some of them, these are my observations based on my local work experience and what I’ve seen/heard as I’ve traveled around the country.“The Brotherhood”: Within law enforcement this is generally strong. Whether you’re a town, city, county, borough, state or federal cop, a brother cop is a brother cop is a brother cop – unless it’s a SISTER cop – but we’re all still family. There are the exceptions and you do run into the “I’m better than you because I have a bigger jurisdiction,” issues, but in general, if “a badge” needs help, every “badge” will come to the rescue. We’ll make time to bicker afterward about something petty that doesn’t matter and then we’ll all tip a cold one as we tell war stories and reminisce. Often this is called “Choir practice,” and if we’re not careful we get ourselves in trouble during or after.In fire departments, while firefighters will all work together to save lives and douse fires, when they’re not actively doing either one, they can fight like only brothers can. I’ve seen a whole fire house empty out into a parking lot carrying sledge hammers and axes to fight a whole ‘nother fire house that showed up on miscellaneous pieces of fire apparatus. And it can be one ugly fight. Of course, they usually also have all the necessary skills to patch one another up when they’ve gotten it all out of their system. The difference here is that firefighter PRIDE is usually what’s driving the fight. Which is the better house? Who has the better response time? Who runs the most calls? With a law enforcement agency such things aren’t usually debated except in good fun and certainly on fights over who runs the most calls. Usually we’re too busy trying to avoid assignment at the busiest district unless we’re young, highly motivated and eager to fatten up our personnel file with good stuff so we can pursue a transfer to a special unit.“The Lifestyle”: There is no doubt about it – being a law enforcement professional is a 24/7/365 lifestyle that impacts not only the cop but the cop’s family. It affects everything from absences during holiday celebrations to holding hands with your significant other when walking in public (that gun hand has to stay empty). It affects how you drive, what you wear/carry, and where you sit in a restaurant. It affects how much you relax in a movie theater, especially since the Aurora, CO theater mass shooting, and when you prefer to shop during the Christmas season. What I’m trying to say is that “the job” affects how a cop lives every minute of every day EXCEPT (possibly) when (s)he’s home, relaxing, with all communication devices turned off.Firemen are a different breed. In their “normal” life (the volunteers anyway) they do any job you can think of from plumbing to HVAC to stock broker. MOST of the ones I know are employed in “blue collar” jobs. Those jobs are what they do to pay their bills, and it’s time away from the firehouse that they tolerate out of necessity. They spend the necessary time with the families too, but they LIVE to be at the firehouse, eagerly awaiting the call to a working fire. I can’t begin to describe the disappointment I’ve heard when a fire truck arrives on the scene and there’s “smoke showing,” only to find out that it’s “food left on the stove. No fire.”Often, if you ask these brave folks (and I’m not kidding about that; more in a moment) what they do, they’ll identify themselves as a firefighter even though that’s not where they get their paycheck. It’s how they visualize themselves. It’s the driving motivator in their day to day life. It’s what’s on their mind 24/7 as much as possible. The HUGE difference is that it’s what they CHOOSE to do with their free time while most cops WISH they could escape their profession during their time off, but can’t completely.Now, about my comment that firefighters are brave folks: I am not kidding in any way. Yes, law enforcement professionals are equally courageous and we’ll bicker with our firefighter brethren about who is the bravest. We joke about being each-others heroes and we make fun of how we each face life threatening situations.“If fighting fires was easy, cops could do it.”“If fighting crime was easy, firefighters could do it.”We joke, but here’s reality: I am a cop and was a volunteer firefighter for about six years back in the late ‘80s and early ‘90s. One day I went on a fire call – a good working fire in an apartment building – and when I got to the doorway a little voice in the back of my head said, “One day the fire’s going to win.” It was my last fire call. I did what I had to do and did it well that day. Afterward, back at the station, I went to the fire captain and told him I’d only run EMS calls from then on. I knew that my hesitation… my doubt… might get me or a fellow firefighter hurt.Why do I have that outlook about firefighting but not police work? Fire is a force of nature. Police officers enforce the law on and help PEOPLE. Think about it: fire’s not going away forever. We use it too much. Too many people are careless. It behaves in unpredictable ways sometimes. Fighting a fire is an unknown quantity and that’s exactly what appeals most to some firefighters – the unknown level of danger they face as they perform. Fighting people is more of a known quantity. Sure, they might be high on some drug that makes the fight ugly, but ultimately people can be disabled or killed; you can never be totally sure about that with a fire.In the end, when you think about it, law enforcement officers – the large majority of them – do the job because it’s their job and they accept that it will impact how they live their life until they retire (and honestly? Even after that). Firefighters live for the rush and pride of saving something or someone; the potential to be a hero. It’s a good thing we have each other though, because none of us could do it all by ourselves.

So often we spend most of our time taking care of our physical needs. We make sure our bodies are fed, cleaned, clothed, exercised and rested. We also make sure intellectual stimulation and entertainment is a priority. Yet we also overlook the most important need — love.Download a FREE Book on LOVE >>>Momentum .pdfOf course, as a society, love is not overlooked. Popular media constantly places great emphasis on what we need to do and how we should look to attract “love”. But being loved is not as powerful an emotional need as that desire to love someone else.The need to love and care for others is built into us biologically. This need is what allows parents to forgo sleep, food, and sanity while raising their children. This need is what allows people to put themselves at risk to save others from natural disasters and human threats. This need is what makes human society work on both a small and a large scale.Loving others allows us to put the needs and desires of others before our own. We will work harder and longer, sometimes at jobs we loathe, to provide for those we love. We will tolerate otherwise intolerable conditions to provide care for our loved ones whether they are young or old.Love means to cherish, hold dear, and treasure. We do not hurt, harm, or cause pain to those we love; rather, we seek to relieve their suffering. It is not about wanting people; it’s about wanting people to be happy. It’s not about wanting to possess or control others; it’s about wanting to set them free.John Oxenham described love this way: “Love ever gives. Forgives, outlives. And ever stands with open hands. And while it lives, it gives. For this are love’s prerogatives – to give, and give, and give.”Love is the grease that allows the wheel of life to continue turning. For when we love we look beyond ourselves, beyond our needs and desires. We sacrifice our time, our energy, our wishes, and sometimes even ourselves because of love. Sometimes it is for an immediate person or group that we know intimately and love completely, but other times it is for a larger group of people that we don’t really know or perhaps even like. It is love that allows law enforcement and emergency services personnel to face danger. It is love that allows soldiers to risk everything. Love makes heroes every day in every corner of the world. As Thomas Kempis said: “Love feels no burden, thinks nothing of trouble, attempts what is above its strength… It is therefore able to undertake all things, and it completes many things and warrants them to take effect, where he who does not love would faint and lie down.”The ultimate definition of love is not about feeling good but rather about doing good. A perfect example of love in action is Mother Teresa who worked so long and so hard on the behalf of others. However we see it all around us if we look for it. Robert Louis Stevenson said: “The essence of love is kindness.”Love is important because without it, life has no meaning or purpose. As Frank Tebbets says “A life without love in it is like a heap of ashes upon a deserted hearth, with the fire dead, the laughter stilled and the light extinguished.” Love allows us to be more and do more than we could ever accomplish without its power.

Internet privacy encompasses a wide range of issues and topics. It can be understood as privacy rights that an individual has online with respect to their data, and violations of the same that take place online. Given the dynamic nature of the online sphere, privacy concerns and issues are rapidly changing.The Changing Nature of InformationFor example – the way in which the internet allows data to be produced, collected, combined, shared, stored, and analyzed is constantly changing and re-defining personal data and what type of protections personal data deserves and can be given. For example, seemingly harmless data such IP address, key words used in searches, websites visited, can now be combined and analysed to identify individuals and learn personal information about an individual. From information shared on social media sites, to cookies collecting user browser history, to individuals transacting online, to mobile phones registering location data – information about an individual is generated through each use of the internet. In some cases the individual is aware that they are generating information and that it is being collected, but in many cases, the individual is unaware of the information trail that they are leaving online, do not know who is accessing the information, and do not have control over how their information is being handled, and for what purposes it is being used. For example, law enforcement routinely troll social media sites for information that might be useful in an investigation.The Blurry Line between the Public and Private SphereThe above example also highlights how the “sphere” of information on the internet is unclear i.e. is information posted on social media public information – free for use by any individual or entity including law enforcement, employees, data mining companies etc. or is information posted on social media – private, and thus requires authorization for further use. For example, in India, in 2013 the Mumbai police established a “social media lab” for the purposes of monitoring and tracking user behavior and activities.Authorization is not required for the lab to monitor individuals and their behavior, and individuals are not made aware of the same, as the project claims to analyze only publicly available information. Similar dilemmas have been dealt with by other countries. For example, in the U.S, individuals have contested the use of their tweets without permission, while courts in the US have ruled that tweets, private and public, can be obtained by law enforcement with only a subpoena, as technically the information has been shared with another entity, and is therefore no longer private. Indian Courts have yet to deal directly with the question of social media content being public or private information.The Complication of JurisdictionThe border-less nature of information flows over the Internet complicates online privacy, as individual's data is subjected to different levels of protection depending on which jurisdiction it is residing in. Thus, for example an Indian using Gmail, will be subject to the laws of the United States. On one hand this could be seen as a positive, if one country has stronger privacy protections than another, but could also be damaging to privacy in the reverse situation – where one company has lower privacy standards and safeguards. In addition to the dilemma of different levels of protection being provided over data as it flows through different jurisdictions, access by law enforcement to data stored in a different jurisdiction, or data from one country accessible to law enforcement because it is being processed in their jurisdiction, are two other complications that arise. These complications cannot be emphasized more than with the case of the NSA Leaks. Because Indian data was residing in US servers, the US government could access and use the data with no obligation to the individual.[4] In response to the NSA leaks, the government of India has stated that all facts need to be known before any action is taken, while citizens initially sought to hold the companies who disclosed the data to US security agencies such as Google, Facebook etc. accountable.Despite this, because the companies were acting within the legal limits of the United States where they were incorporated, they could not be held liable. In response to the dilemma, many actors in India, including government and industry are asking for the establishment of 'domestic servers'. For example, Dr. Kamlesh Bajaj, CEO of Data Security Council of India was quoted in Forbes magazine promoting the establishment of India centric social media platforms. Similarly, after the PRISM scandal became public, the National Security Adviser requested the Telecom Department to only route traffic data through Indian servers.In these contexts, the internet is a driving force behind a growing privacy debate and awareness in India.Current Policy for Internet Privacy in IndiaCurrently, India's most comprehensive legal provisions that speak to privacy on the internet can be found in the Information Technology Act (ITA) 2000. The ITA contains a number of provisions that can, in some cases, safeguard online privacy, or in other cases, dilute online privacy. Provisions that clearly protect user privacy include: penalizing child pornography, penalizing, hacking and fraud and defining data protection standards for body corporate.Provisions that serve to dilute user privacy speak to access by law enforcement to user's personal information stored by body corporate collection and monitoring of internet traffic data and real time monitoring, interception, and decryption of online communications. Additionally, legislative gaps in the ITA serve to weaken the privacy of online users. For example, the ITA does not address questions and circumstances like the evidentiary status of social media content in India, merging and sharing of data across databases, whether individuals can transmit images of their own “private areas” across the internet, if users have the right to be notified of the presence of cookies and do-not track options, the use of electronic personal identifiers across data bases, and if individuals have the right to request service providers to take down and delete their personal content.Online Data ProtectionSince 2010, there has been an increasing recognition by both the government and the public that India needs privacy legislation, specifically one that addresses the collection, processing, and use of personal data. The push for adequate data protection standards in India has come both from industry and industrial bodies like DSCI – who regard strong data protection standards as an integral part of business, and from the public, who has voiced increasing concerns that governmental projects, such as the UID, involved with collecting, processing, and using personal data are presently not adequately regulated and are collecting and processing data in such a way that abuses individual privacy. As mentioned above, India's most comprehensive data protection standards are found in the ITA and are known as the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules 2011.The Rules seek to provide rights to the individual with regards to their information and obligate body corporate to take steps towards protecting the privacy of consumer's information. Among other things, the Rules define “sensitive personal information' and require that any corporate body must publish an online privacy policy, provide individuals with the right to access and correct their information, obtain consent before disclosing sensitive personal information ' except in the case of law enforcement, provide individuals the ability to withdraw consent, establish a grievance officer, require companies to ensure equivalent levels of protection when transferring information, and put in place reasonable security practices. Though the Rules are the strongest form of data protection in India, they have not been recognized by the European Union as meeting the EU standards of “data secure” and many gaps still exist. For example, the Rules apply only to:Body corporate and not to the governmentElectronically generated and transmitted informationA limited scope of sensitive personal information.A body corporate when a contractual agreement is not already in place.These gaps leave a number of bodies unregulated and types of information unprotected, and limits the scope of the Rules. It is also unclear to what extent companies are adhering to these Rules, and if they are applying the Rules only to the use of their website or if they are also applying the Rules to their core business practices.Cyber CafésIn 2011 the Guidelines for Cyber Café Rules were notified under the Information Technology Act. These Rules, among other things, require Cyber Café’s to retain the following details for every user for a period of one year: details of identification, name, address, contact number, gender, date, computer terminal identification, log in time, and log out time. These details must be submitted to the same agency as directed, on a monthly basis. Cyber Cafes must also retain the history of websites accessed and logs of proxy servers installed at the cyber café for a period of one year. Furthermore, Cyber Café’s must ensure that the partitions between cubicles do not exceed four and half feet in height from floor level. Lastly, the cyber café owner is required to provide every related document, register, and information to any officer authorized by the registration agency on demand. In effect, the identification and retention requirements of these rules both impact privacy and freedom of expression, as cyber cafes users cannot use the facility anonymously and all their information, including browser history, is stored on an a-priori basis. The disclosure provisions in these rules also impact privacy and demonstrate a dilution of access standards for law enforcement to users internet communications as the provision does not define:An authorization process by which the registration agency follows to authorize individuals to conduct inspections.Circumstances on which inspection of a Cyber Café by an authorized officer is necessary and permissible.The process for which information can be requested, and instead vaguely requires cyber café owners to disclose information “on demand”.Online Surveillance and AccessThe ITA also allows for the interference of user privacy online by defining broad standards of access to law enforcement and security agencies, and providing the government with the power to determine what tools individuals can use to protect their privacy. This is most clearly demonstrated by provisions that permit the interception, monitoring, and decryption of digital communications provide for the collection and monitoring of traffic data and allow the government to set the national encryption standard. In particular, the structure of these provisions and the lack of safeguards incorporated, serve as a dilution to user privacy. For example, though these provisions create a framework for interception they are missing a number of internationally recognized safeguards and practices, such as notice to the individual, judicial oversight, and transparency requirements. Furthermore, the provisions place extensive security and technical obligations on the service provider – as they are required to extend all facilities necessary to security agencies for interception and decryption, and hold the service provider liable for imprisonment up to seven years for non-compliance. This creates an environment where it is unlikely that the service provider would challenge any request for access or interception from law enforcement. Interception is also regulated through provisions and rules under the Indian Telegraph Act 1885 and subsequent ISP and UAS licenses.Scope of Surveillance and AccessThe extent to which the Government of India lawfully intercepts communications is not entirely clear, but in 2011 news items quoted that in the month of July 8,736 phones and e-mail accounts were under lawful surveillance.Though this number is representative of authorized interception, there have been a number of instances of unauthorized interceptions that have taken place as well. For example, in 2013 it was found that in Himachel Pradesh 1371 phones were tapped based on verbal approval, while the Home Ministry had only authorized interception of 170. This demonstrates that there are instances of when existing safeguards for interception and surveillance are undermined and highlights the challenge of enforcement for even existing safeguards.Demonstrating the tensions between right to privacy and governmental access to communications, and at the same time highlighting the issue of jurisdiction was the standoff between RIM/BlackBerry and the Indian Government. For several years, the Indian Government has requested that RIM provide access to the company’s communication traffic, both BIS and BES, as Indian security agencies have been unable to decrypt the data. Solutions that the Indian Government has proposed include: RIM providing the decryption keys to the government, RIM establishing a local server, local ISPs and telcos developing an indigenous monitoring solution. In 2012, RIM finally established a server in Mumbai and in 2013 provided a lawful interception solution that satisfied the Indian Government.The implementation of the Central Monitoring System by the Indian Government is another example of the Government seeking greater access to communications. The system will allow security agencies to bypass service providers and directly intercept communications. It is unclear if the system will provide for the interception of only telephonic communications or if it will also allow for the interception of digital communications and internet traffic. It is also unclear what checks and balances exist in the system. By removing the service provider from the equation the government is not only taking away a potential check, as service providers can resist unauthorized requests, but it is also taking away the possibility for companies to be transparent about the interception requests that they comply with.Future frameworks for privacy in India: The Report of the Group of Experts on PrivacyIn October 2012 the Report of the Group of Experts on Privacy was published by a committee of experts chaired by Justice A.P. Shah. The report creates a set of recommendations for a privacy framework and legislation in India. Most importantly, the Report recognizes privacy as a fundamental right and defines nine National Privacy Principles that would apply to all data controllers both in the private sector and the public sector. This would work to ensure that businesses and governments are held accountable to protecting privacy and that legislation and practices found across sectors, states/governments, organizations, and governmental bodies are harmonized. The privacy principles are in line with global standards including the EU, OECD, and APEC principles on privacy, and include: notice, choice & consent, collection limitation, purpose limitation, access and correction, accountability, openness, disclosure of information, security.The Report also envisions a system of co-regulation, in which the National Privacy Principles will be binding for every data controller, but Self Regulatory Organizations at the industry level will have the option of developing principles for that specific sector. The principles developed by industry must be approved by the privacy commissioner and be in compliance with the National Privacy Principles. In addition to defining principles, the Report recommends the establishment of a privacy commissioner for overseeing the implementation of the right to privacy in India and specifies that aggrieved individuals can seek redress either through issuing a complaint the privacy commissioner or going before a court.The nine national privacy principles include:Notice: Principle 1: NoticeA data controller shall give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include:During CollectionWhat personal information is being collected;Purposes for which personal information is being collected;Uses of collected personal information;Whether or not personal information may be disclosed to third persons;Security safeguards established by the data controller in relation to the personal information;Processes available to data subjects to access and correct their own personal information;Contact details of the privacy officers and SRO ombudsmen for filing complaints.Other NoticesData breaches must be notified to affected individuals and the commissioner when applicable. Individuals must be notified of any legal access to their personal information after the purposes of the access have been met. Service providers would have to explain how the information would be used and if it may be disclosed to third persons such as advertisers, processing Individuals must be notified of changes in the data controller’s privacy policy. Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.Example of Implementation: A telecom service provider must make available to individuals a privacy policy before any personal information is collected by the company. The notice must include all categories of information as identified in the principle of notice. For example, the service provider must identify the types of personal information that will be collected from the individual from the initial start of the service and during the course of the consumer using the service. For a telecom service provider this could range from name and address to location data. The notice must identify if information will be disclosed to third parties such as advertisers, processors, or other telecom companies. If a data breach that was the responsibility of the company takes place, the company must notify all affected customers. If individuals have their personal data accessed or intercepted by Indian law enforcement or for other legal purposes, they have the right to be notified of the access after the case or other purpose for the data has been met.Principle 2: Choice and ConsentA data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Only after consent has been taken will the data controller collect, process, use, or disclose such information to third parties, except in the case of authorized agencies. When provision of information is mandated by law, it should be in compliance with all other National Privacy Principles. Information collected on a mandatory basis should be anonymized within a reasonable time-frame if published in public databases. As long as the additional transactions are performed within the purpose limitation, fresh consent will not be required. The data subject shall, at any time while availing the services or otherwise, also have an option to withdraw his/her consent given earlier to the data controller. In such cases the data controller shall have the option not to provide goods or services for which the said information was sought if such information is necessary for providing the goods or services. In exceptional cases, where it is not possible to provide the service with choice and consent, then choice and consent should not be required.Example of implementation: If an individual is signing up to a service, a company can only begin collecting, processing, using and disclosing their data after consent has been taken. If the provision of information is mandated by law, as is the case for the census, this information must be anonymized after a certain amount of time if it is published in public databases. If there is a case where consent is not possible, such as in a medical emergency, consent before processing information, does not need to be taken.Principle 3: Collection LimitationA data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means.Example of Implementation: If a bank is collecting information to open an account for a potential customer, they must collect only that information which is absolutely necessary for the purpose of opening the account, after they have taken the consent of the individual.Principle 4: Purpose LimitationPersonal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. A data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals. If there is a change of purpose, this must be notified to the individual. After personal information has been used in accordance with the identified purpose it should be destroyed as per the identified procedures. Data retention mandates by the government should be in compliance with the National Privacy Principles.Example of Implementation: If a bank is collecting information from a customer for opening a bank account, the bank can only use that information for the purpose of opening the account and any other reasons consented to. After a bank has used the information to open an account, it must be destroyed. If the information is retained by the bank, it must be done so with consent, for a specific purpose, with the ability of the individual to access and correct the stored information, and in a secure fashion.Principle 5: Access and CorrectionIndividuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Access and correction to personal information may not be given by the data controller if it is not, despite best efforts, possible to do so without affecting the privacy rights of another person, unless that person has explicitly consented to disclosure.Example of Implementation: An individual who has opened a bank account, has the right to access the information that was initially provided and subsequently generated. If there is a mistake, the individual has the right to correct the mistake. If the individual requests information related to him that is stored on a family member from the bank, the bank cannot disclose this information without explicit consent from the family member as it would impact the privacy of another.Principle 6: Disclosure of InformationA data controller shall only disclose personal information to third parties after providing notice and seeking informed consent from the individual for such disclosure. Third parties are bound to adhere to relevant and applicable privacy principles. Disclosure for law enforcement purposes must be in accordance with the laws in force. Data controllers shall not publish or in any other way make public personal information, including personal sensitive information.Example of Implementation: If a website, like a social media site, collects information about how a consumer uses its website, this information cannot be sold or shared with other websites or partners, unless notice of such sharing has been given to the individual and consent has been taken from the individual. If websites provide information to law enforcement, this must be done in accordance with laws in force, and cannot be done through informal means. The social media site would be prohibited from publishing, sharing, or making public the personal information in any way without obtaining informed consent.Principle 7: SecurityA data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorized access, destruction, use, processing, storage, modification, deanonymization, unauthorized disclosure [either accidental or incidental] or other reasonably foreseeable risks.Example of Implementation: If a company is a telecommunication company, it must have security measures in place to protect customers communications data from loss, unauthorized access, destruction, use, processing, storage, modification, denanonmyization, unauthorized disclosure, or other foreseeable risk. This could include encrypting communications data, having in place strong access controls, and establishing clear chain of custody for the handling and processing communications data.Principle 8: OpennessA data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.Example of Implementation: If a hospital is collecting and processing personal information of, for example, 1,000 patients, their policies and practices must reflect and be applicable to the amount, sensitivity, and nature of information that they are collecting. The policies about the same must be made available to all individuals – this includes individuals of different intelligence, skill, and developmental levels.Principle 9: AccountabilityThe data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies; including tools, training, and education; external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the specific and general orders of the Privacy Commissioner.Example of Implementation: To ensure that a hospital is in compliance with the national privacy principles, it must undertake activities like running trainings and providing educational information to employees on how to handle patient related information, conducting audits, and establishing an officer or body for overseeing the implementation of privacy.Public Discourses on PrivacyIn India, there have been a number of important discourses related to privacy around various projects and topics. These discourses have been driving public awareness about privacy in India, and represent an important indication of public perception of privacy and privacy concerns.The Unique Identification ProjectOne of these discourses is a public dialogue and debate on the Unique Identification Project. Since 2009 the Government of India has been rolling out an identity scheme known as UID or Aadhaar. The scheme is applicable to all residents in India, and seeks to provide individuals with an identity based on their fingerprints, iris scans, and photograph. The project has been heavily supported by some, and at the same time, heavily critiqued by others. Of those critiquing the project, which included a Parliamentary Standing Committee on Finance, privacy has been a driving force behind the concerns about the project. Arguing that not only does the UID Bill not have sufficient privacy safeguards in its provisions but the design of the project and the technology of the project places individual privacy at risk. For example, the project relies on centralized storage of bio-metrics collected under the scheme; it does not account for or address how transaction data that is generated each time an individual identifies himself/herself with the UID will be stored, processed, and shared; and does not provide adequate security measures to protect sensitive information like bio-metrics.The Human DNA Profiling BillIn 2006 the Department of Biotechnology piloted a draft human DNA Profiling Bill with the objective of creating DNA databases at the national and regional levels, and enabling the creation and storage of DNA profiles for forensic purposes. Since 2006 there have been two more drafts of the bill released to the public, and an expert committee has been created to finalize the text of the bill. Individuals, including the Center for Internet and Society, publicly raising concern about the bill, cite a lack of privacy safeguards in the provisions, and expansive circumstances and reasons that the bill permits the creation and storage of DNA profiles.SurveillanceFor many years there has been running public discourse about the surveillance that the Indian government has been undertaking. This discourse is growing and is now being linked to privacy and the need for India to enact a privacy legislation. As discussed above, the current surveillance regime is lacking on many fronts, while at the same time the government continues to seek greater interception powers and more access to larger sets of information in more granularity. Projects like the Central Monitoring System, NATGRID, and Lawful Interception Solutions have caused individuals to question the government on the proportionality of State surveillance and ask for a comprehensive privacy legislation that also regulates surveillance.The need for strong and enforceable surveillance provisions is not unique to India, and in 2013 the International Principles on the Application of Human Rights to the Surveillance of Communications were drafted. The principles lay out standards that ensure that surveillance is in compliance with international human rights law and serve as safeguards that countries can incorporate into their regimes to ensure the same. The principles include: legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, user notification, transparency, public oversight, integrity of communications and systems, safeguards for international cooperation, safeguards against illegitimate access. Along with defining safeguards, the principles highlight the challenge of rapidly changing technology and how it is constantly changing how information can be surveilled by governments and what information surveilled by governments, and how information can be combined and analysed to draw conclusions about individuals.A Privacy Legislation for IndiaSince 2010, there has been a strong public discourse around the need for a privacy legislation in India. In November 2010, a “Privacy Approach” paper was released to the public which envisioned the creation of a data protection legislation. In 2011, the Department of Personnel and Training released a draft privacy bill that defined a privacy regime that encompassed data protection, surveillance, and mass marketing, and recognized privacy as a fundamental right. In 2012 the Report of the Group of Experts on Privacy, as discussed above, was published. Presently, the Department of Personnel and Training is drafting the text of the Governments Privacy Bill. In 2013, the Center for Internet and Society drafted the Citizen’s Privacy Protection Bill – a citizen’s version of a privacy legislation for India. From April 2013 – October 2013, the Center for Internet and Society, in collaboration with the Federation of Indian Chambers of Commerce and Industry and the Data Security Council of India, held a series of seven Privacy Round-tables across India. The objective of the Round-tables was to gain public feedback to a privacy framework in India. Topics discussed during the meetings included, how to define sensitive personal information vs. Personal information, if co-regulation should be a model adopted as a regulatory framework, and what should be the legal exceptions to the right to privacy.ConclusionClearly, privacy is an emerging and increasingly important field in India’s internet society. As companies collect greater amounts of information from and about online users, and as the government continues to seek greater access and surveillance capabilities, it is critical that India prioritizes privacy and puts in place strong safeguards to protect the privacy of both Indians and foreigners whose data resides temporarily or permanently in India. The first step towards this is the enactment of a comprehensive privacy legislation recognizing privacy as a fundamental right. The Report of the Group of Experts on Privacy and the government considering a draft privacy bill are all steps in the right direction.Source: Internet Privacy in India