Blogs Archives - CERF Solutions Pvt Ltd.

Decoding SMS Safety: How TRAI’s New Suffix System is Revolutionizing Digital Communication Security

In an era where digital communication drives business operations and personal interactions, the battle against SMS fraud has reached a critical juncture. With India recording over 75 billion spam messages in 2023 alone, the need for robust identification systems has never been more urgent. TRAI’s (Telecom Regulatory Authority of India) implementation of mandatory SMS suffixes represents a groundbreaking step toward creating a safer digital communication ecosystem.

Understanding the New SMS Classification System

Starting May 6, 2025, every SMS message in India now carries a distinctive suffix that immediately identifies its purpose and origin. This regulatory framework introduces four key categories:

-P (Promotional Messages) These suffixes identify marketing communications, product advertisements, and promotional content from businesses. When you receive a message about a sale, new product launch, or marketing campaign, the -P suffix immediately signals its promotional nature.

-T (Transactional Messages) Critical for business operations, -T suffixes mark transactional communications such as OTPs, payment confirmations, delivery updates, and account notifications. These messages contain time-sensitive information essential for completing transactions or accessing services.

-S (Service Messages) Service-related communications from banks, utility companies, telecom providers, and other service organizations carry the -S suffix. These include account statements, service updates, maintenance notifications, and customer service communications.

-G (Government Messages) Official communications from government departments, public services, and regulatory bodies are marked with -G suffixes, ensuring citizens can immediately identify authentic government correspondence.

The Business Impact of Enhanced SMS Security

For organizations like CERF Solutions and our clients, this development carries significant implications for digital communication strategies and cybersecurity frameworks.

Improved Customer Trust and Engagement

The suffix system addresses a critical challenge in business communication: message authenticity. With 87% of users previously ignoring unknown or unbranded SMS messages, the clear categorization system helps businesses establish immediate credibility. Customers can now confidently engage with legitimate business communications, improving response rates and customer satisfaction.

Enhanced Fraud Prevention

The standardized identification system creates multiple layers of protection against SMS-based fraud schemes. Cybercriminals who previously exploited the ambiguity of message sources now face a regulated framework that makes impersonation significantly more difficult.

Streamlined Compliance Management

Organizations can now align their communication strategies with regulatory requirements more effectively. The suffix system provides clear guidelines for message categorization, helping businesses ensure compliance while maintaining effective customer communication.

Technological Innovation Meets Regulatory Excellence

This initiative exemplifies how regulatory frameworks can drive technological advancement and user protection simultaneously. The implementation demonstrates India’s commitment to creating a secure digital infrastructure that supports both business growth and consumer protection.

Real-World Applications

Consider the practical impact across various scenarios:

Financial Services: Banks can now send account alerts with -S suffixes, while promotional credit card offers carry -P suffixes, helping customers immediately distinguish between critical account information and marketing materials.
E-commerce Platforms: Order confirmations and delivery updates use -T suffixes, while promotional sales notifications carry -P suffixes, creating clear communication channels.
Government Services: Citizens receiving updates about public services, tax notifications, or official announcements can immediately verify authenticity through -G suffixes.

Strategic Implications for Digital Transformation

As organizations navigate digital transformation initiatives, communication security becomes a foundational element. The SMS suffix system represents more than regulatory compliance—it’s an opportunity to enhance customer relationships and strengthen digital trust.

Building Robust Communication Frameworks

Forward-thinking organizations should leverage this system to:

Audit Current Communication Strategies: Review existing SMS campaigns and categorize them according to the new framework
Optimize Message Effectiveness: Align message content with appropriate suffixes to maximize engagement
Strengthen Security Protocols: Integrate suffix verification into broader cybersecurity frameworks

Looking Ahead: The Future of Secure Communication

The SMS suffix implementation marks the beginning of a more comprehensive approach to digital communication security. As technology evolves, we can expect similar frameworks to emerge across various communication channels, creating an ecosystem where authenticity and security are built into the infrastructure.

Preparing for Continued Evolution

Organizations must remain agile and responsive to these regulatory developments. The companies that proactively adapt to these changes will not only ensure compliance but also gain competitive advantages through enhanced customer trust and communication effectiveness.

Conclusion: Embracing Secure Communication Excellence

TRAI’s SMS suffix system represents a significant milestone in India’s digital communication landscape. By providing clear message identification, this framework protects consumers while enabling businesses to communicate more effectively with their audiences.

At CERF Solutions, we understand that successful digital transformation requires both technological innovation and robust security frameworks. The SMS suffix system exemplifies how regulatory excellence can drive positive change across the technology ecosystem.

As we move forward in this enhanced communication environment, organizations that embrace this security measures will build stronger relationships with their customers, reduce fraud risks, and contribute to a more secure digital future for all.

The message is clear: in our interconnected world, communication security isn’t just a regulatory requirement—it’s a competitive advantage and a responsibility we all share in building a safer digital ecosystem.

CERF Solutions Pvt Ltd specializes in helping organizations navigate complex technology implementations and security frameworks. Contact us to learn how we can support your digital communication strategies and cybersecurity initiatives.

Apple and Jio Power Up India’s Messaging Future Ahead of iPhone 17

India, one of the fastest growing and most dynamic digital communication markets in the world, is about to witness a revolutionary shift. Apple and Reliance Jio have joined forces to bring Rich Communication Services (RCS) messaging to iPhones in India, just ahead of the global launch of the iPhone 17 series on September 9, 2025.

This collaborative breakthrough transforms native messaging on iPhones, offering Jio’s massive subscriber base of over 490 million users an enriched messaging experience—redefining how we communicate on mobile.

What is RCS and Why Does It Matter?

RCS, conceived by the global telecom industry body GSMA in 2007, is the next-generation messaging protocol designed to upgrade and replace traditional SMS. It blends the reliability of carrier-based messaging with the rich features that users expect from over-the-top (OTT) apps like WhatsApp, Telegram, and iMessage.

Unlike the limited capabilities of SMS, RCS offers:

High-resolution photo and video sharing, even large files, over WiFi and mobile data
Interactive group chats with typing indicators and read receipts akin to the “blue ticks” iPhone users love
End-to-end encryption for enhanced security, addressing concerns around phishing and spam
Seamless file transfers and location sharing within the native messaging app
No extra cost for Jio subscribers using RCS, encouraging wide adoption

Unlocking the Power of Messaging for Millions

Jio’s dominant market presence combined with Apple’s global influence ensures that RCS arrives in India at scale and with a robust infrastructure. This partnership is a timely evolution as India emerges as one of the largest RCS markets in the world by message volume, promising to rival OTT platforms’ dominance in business and personal communication.

For the first time, iPhone users in India will enjoy seamless messaging interoperability across devices and carriers, breaking down the “blue bubble” and “green bubble” divide that has long fragmented conversations between iOS and Android users.

The Business Impact: A CPaaS Opportunity

Enterprises stand to benefit tremendously. Rich Messaging opens new avenues for customer engagement — from personalized marketing campaigns to high-security transactional alerts in BFSI, retail, healthcare, and more. Application-to-Person (A2P) messaging revenues in India are expected to skyrocket, with RCS projected to account for over $544 million by 2029, fueled by this carrier-led innovation.

CERF Solutions Pvt. Ltd.: Your Partner in Navigating the Messaging Revolution

At CERF Solutions, we deeply understand the transformative potential of RCS and next-gen communication. As a leader in CPaaS and unified communication platforms, CERF Solutions is uniquely positioned to help enterprises unlock the full benefit of RCS on iPhones and beyond.

Our powerful, cloud-native platforms empower businesses to:

Integrate RCS seamlessly alongside SMS, voice, WhatsApp, and AI-driven chatbots
Automate customer journeys with personalized, rich messaging content
Maintain robust compliance, consent, and data privacy frameworks
Scale effortlessly to meet growing customer engagement demands

This partnership between Apple and Jio perfectly aligns with CERF’s mission to enable digital-first communication, fostering trusted and interactive customer experiences that deliver tangible business value.

Embrace the Future of Communication Today

India’s leap into the future of messaging is imminent and unstoppable. With CERF Solutions as your technology and innovation partner, your organization can be at the forefront of this digital wave—leveraging RCS to enhance loyalty, boost operational efficiency, and drive growth.

Join us as Apple and Jio rewrite the rules of mobile communication in India. Together, let’s redefine how the world connects.

Get Benefitted from Consent and Preference Management Platforms

Managing your consumers consent and preferences can be complex, but it does not have to be a strain on your team. Consent management platforms help organizations comply with local and global data privacy regulations. Using a platform to streamline the process can ensure you remain compliant in the face of new and changing legislation while expediting data collection.

Essential Features of the Consent and Preference Management Platform

An effective consent and preference management platform simplifies the collection and governance of consumer requests. It should facilitate the process of informing consumers about the type(s) of data being collected and the intended use. It should also allow consumers to easily grant or deny the organization permission to collect their information and enable consumers to modify their preferences including cookies and other tracking technologies.

The best consent and preference management platforms allow organizations to:

Simplify the data collection process
Customize consent windows
Collect consents and permit consent and preference adjustments
Store a record of collected data

Simplify the Data Collection Process

CMPs streamline privacy operations by providing brands and consumers with a convenient interface for communicating consents and preferences. A consent and preference management platform also allows companies to stay compliant as global privacy legislation continues to evolve. Organizations can continue to collect data while putting the onus of compliance on the CMP and the privacy experts specialized in each regulation.

Customize Consent Windows

Consumers can access websites from anywhere in the world and depending on their location, the data privacy requirements might be different. Many data privacy laws and requirements have the same foundation, but there are still many differences between them. For this reason, it’s important that a CMP supports the creation of customised consent and preference portals and privacy experiences. A customised consent window provides the user with a relevant and simplified consent and preference experience.

Collect Consents and Permit Consent and Preference Adjustments

Allowing consumers to provide their consent by opting in or out enables your organization to achieve data privacy compliance. Additionally, users are given increased control with the ability to request, edit, and revoke any consent or data containing personal information which your company has stored. This gives consumers (and prospects) an improved attitude towards your brand, and helps to build trust.

Store a Record of Collected Data

Organizations must identify and record details regarding their data collection practices. This means you must be able to show among other requirements, what data you are collecting, the reason for collecting it, and the source of that data. CMPs help to keep a record of this information like names of consumers, email addresses, the dates and times when consent was received or revoked, and what exactly the consumer has consented to. It provides a clear indication of whether consent was given, and the legal basis for data collection at any point in history.

With the growing demand to give consumers more control over their data grows, the need for a solution that makes managing consent and preferences easier for both consumers and companies.

Those searching for a solution can find CERF’s CONSENTICA as the best consent and preference management platform not only to streamline privacy operations, but also support marketing, sales, and customer engagement. This helps organizations comply with privacy laws without exhausting organizational resources like time and money.

CERF’s CONSENTICA can help your company comply with consumers’ requests and privacy regulations today and in the future.

Why Privacy Regulations?

Enterprises around the world have realized the value of user data, hence technologies are being developed for more accurate sifting of data and a better understanding of consumers’ requirements. Enhancement in the computational powers of modern computers coupled with the rapid development of the technology has made it possible to process voluminous data to identify correlations and discover patterns in all fields of human activity which can be utilized for problem-solving ensuring targeted delivery of benefits, and bring new products and services to the market, etc

Technology, though beneficial to mankind in general does have collateral disadvantages e.g. increasing use of smart devices in everyday life can lead to a loss of privacy for individuals, who may often not even be aware that they are being tracked or observed. Similarly, the ubiquitous presence of smart devices like mobile handsets has many benefits but it may also be a source of loss of privacy for the user e.g. when a user knowingly or unknowingly grants permission to access the camera and microphone of a smart device to an application may execute live streaming on the internet using camera and microphone, run real-time facial recognition algorithms, use advanced algorithms to create a three dimensional model of the user’s face, upload random frames of the video stream being accessed by the user, etc. Data collated by such applications over some time may be utilized for predictive profiling of the individual which may seriously jeopardize the data privacy of the users.

As stated earlier, Digital services and applications are accessed using telecommunication connectivity. When a user accesses an online application or social media website, the data generated passes through the telecom network. It is, therefore, that user privacy is ensured approximately in the telecommunications layer- both from external agents who may wish to cause harm to users (for instance, by stealing their data for purposes of fraud) and from entities in the telecom space who may wish to (mis)use user data that they have access to (for instance, in the form unsolicited target advertising).

It is worth reiterating that Telecom Service Providers (TSPs) control the “pipes” through which information is exchanged. Due to increasing computing power, TSPs may have an increased ability to analyse the contents of the pipe i.e. the data flow of the users, leading to obvious privacy concerns. In addition to TSPs, the widespread adoption of smart devices was not intelligent, now, smart devices (including Operating systems, Browsers, Applications, etc.) are increasingly playing a gate-keeping role over the network: they determine how users connect to and experience a network. As with TSPs, all user data flows through these smart devices, putting the Device manufacturers, Browsers, Operating Systems, & Applications, etc. in a prime position to collect and process the personal information of users. Given that all user data has to pass through TSPs (analogous to pipes) and devices analogous to faucets, appropriate steps must be taken to protect user privacy vis-à-vis these entities. In fact, the subject of data ownership privacy, and security is multidimensional and complex, and hence data consumers must be empowered to navigate safely and securely through the maze of the digital ecosystem.

As the economy increasingly moves to the digital/online world, it is all the more important that users are appropriately protected from all entities in the ecosystem that may seek to take advantage of their gate-keeping power. A failure to adequately protect the users from the very real possibility of harm (caused by the loss of privacy) may result in restricting the growth of the entire digital economy which include telecommunication services also.

To curb the menace of unsolicited commercial messages and calls countries and regions are coming up with privacy regulations that mandate the registration of businesses/ telemarketers such unsolicited communications and subscribers, consent for receiving the same.

Essential Features of the Consent and Preference Management Platform

The best consent and preference management platforms allow organizations to:

Simplify the data collection process
Customize consent windows
Collect consents and permit consent and preference adjustments
Store a record of collected data

Simplify the Data Collection Process

Customize Consent Windows

Consumers can access websites from anywhere in the world and depending on their location, the data privacy requirements might be different. Many data privacy laws and requirements have the same foundation, but there are still many differences between them. For this reason, it’s important that a CMP supports the creation of customized consent and preference portals and privacy experiences. A customized consent window provides the user with a relevant and simplified consent and preference experience.

Collect Consents and Permit Consent and Preference Adjustments

Store a Record of Collected Data

With the growing demand to give consumers more control over their data grows, the need for a solution that makes managing consent and preferences easier for both consumers and companies. CERF’s CONSENTICA can help your company comply with consumers’ requests and privacy regulations today and in the future.

Why CERF’s CONSENTICA?

CERF’s CONSENTICA provides innovative and trustworthy consumer regulatory compliance and consent management solutions. Our vision is to be a world class solution provider to enable local and global enterprises to process data in a safe and secure manner resulting in enhanced customer satisfaction and experience.

Unlike others, our consent management platform is a comprehensive and centralized tool that is more than a band-aid offering. Its versatility covers all aspects of consent collection, storage and management to keep your company 100% compliant at all times, i.e. our platform will keep evolving with the ever-changing compliance regulations.

So, avoid falling short of consent collection, storage and processing standards by choosing CONSENTICA – our state-of-the-art consent management platform.

The platform keeps your operations compliant with the ever-changing regulations that cover consent management, including the TRAI’s TCCCPR, GDPR and CCPA. The user-friendly solution offers multiple configuration options to suit your unique consent management requirements.

Through CONSENTICA, take advantage of best practices to prevent not only fines and penalties but also improve customer experience and your company’s performance. The tool is suitable for businesses across industries and can enhance consent and data collection and processing at all levels of your organization.

To ensure that you get the best results, our experts at CONSENTICA are there to provide all the support you need to use our platform to your advantage. You can count on them to optimize consent collection for your organization in every way that matters.

CONSENTICA’s features:

Integrate our consent management platform to experience the following industry-leading features:

Robust configuration control: Gain more comprehensive control over consent segmentation and other configurations to tailor the platform to achieve your exact goals.
Expression of consent: Have convenient options for setting up ‘express consent’ on your website or mobile app.
QR codes: Provides QR codes that are user specific and provide ease in consent collection.
One-click consent revocation options: Helps in revoking either all consents or specific ones with a click.
Audit Readiness: Maintains a detailed history of consent text, date, time, source, and more. Having quick access to such information ensures that you are always ready for any compliance audit.

With these features, CONSENTICA’s consent management platform provides the configurability and functionality needed to meet the complex needs of both small and large enterprises.

Start your regulatory compliance journey with CERF’s CONSENTICA….

To quickly launch a CMP that ensures full compliance with every relevant regulation, all you need is our Consent management software based on Restful APIs. It is a ready-to-use solution that provides quick deployment for immediate compliance with TRAI’s TCCCPR, GDPR and other consent collection directives.

The platform is configurable to meet your organization’s unique consent collection and management requirements. Other benefits of the tool are its ability to:

Capture and correct consents at all levels
Maintain consent disclosure language and other history details

It also features a user-friendly editor for composing consent pop-up messages that match your website’s/ mobile app design.

Are you ready for a consent management platform that guarantees your organization’s performance, compliance, and efficiency? Contact us at CONSENTICA today to schedule a consultation.

Personal Data Protection Bill – What’s in Store?

Digital Personal Data Protection Law India: Personal Data Protection Draft Bill 2022

We are in the era of the 4th Industrial Evolution where “Data is the New Oil”, a humungous amount of data is generated by technologies viz. the Internet of Things, Big Data, Artificial Intelligence, E-commerce, and the presence of customers on the Internet applications. Hence protection of consumer data is of utmost importance. Considering the same Government of India (GoI) has also proposed a Digital Personal Data Protection Bill, 2022 the bill has been drafted by the Ministry of Electronics and Information Technology.

Background

Currently, India does not have any Data Protection Law. Though we have IT rules, 2011, but on the its basis we cannot protect digital data, hence government (Govt) has proposed the Digital Personal Data Protection Bill, 2022 in order to protect individual data privacy.

Justice B.N. Krishna Commit09/02/2023tee – 2018 was created by Govt, to create a Draft version of the Data Protection Bill.

In 2019, changes were proposed and incorporated in the 2018 bill and presented in Lok Sabha.

The bill was submitted to the review committee for their recommendations, but due to the Covid pandemic things got delayed and after 2 years, they suggested many changes. In response to this, govt withdrew the bill.

Recently, in November 2022, a new revamped version of the Digital Personal Data Protection Draft Bill was launched and is currently in the consultation phase to get inputs from the industry, and public domain.

Important Terms of Digital Personal Data Protection Bill, 2022

Below are some of the important terms considered in the bill, this will help in having a better understanding of the Bill.

Types of Data

Personal Data – An individual can have certain characteristics, traits, and attributes using which we can identify a person. E.g. Data on basis of which a person can be uniquely identified like Aadhar No., Mobile No., PAN No.

Non-Personal Data – Data points on basis of which we cannot individually identify a person fall under this category. E.g. person with a height 5.7’ and weight 57 Kgs.

Sensitive Personal Data – A person’s data that is very critical or highly sensitive in nature. E.g. Financial Transactions, Biometric Data, Health Data, Genetic Data, and Religion.

Data Localization – The country where the individual’s data is generated, the storage and processing of the data should happen in the same country of origin. E.g. In case a social media platform takes an Indian individual’s data to US and stores and processes in the US, in that case, the principle of Data Localization is not followed.

Data Principal – Users of Digital products, who give their personal data to companies, Applications, and portals or Govt bodies.

Data Fiduciary- Companies or Govt Applications which collect personal data.

Data Minimization- If a company, Govt body, or Online Application needs some data from an individual, they should seek only that much data which is relevant or essential for their purpose. Data that is not required and unnecessary should not be collected.

Post Mortem Privacy- In case a person is not in the capacity or cannot take a decision due to non-presence or, in such cases the individual can nominate another person, who can take the decision on his/her behalf for the data associated with him/her.

Grounds for Data Processing by Fiduciary

‘Consent’ is the main basis for the processing of personal data under the Bill. Specifically, Article 5 of the Bill provides that data fiduciaries may process the personal data of a data principal only for a lawful purpose for which the data principal has, or is deemed to have, given in certain limited circumstances their consent.

Further to the above, the Bill encompasses detailed provisions on ‘Consent’, including (Article 7 of the Bill):

‘Consent’ means a freely, given, specific, informed, and unambiguous indication of the data principal’s wishes by which they, by clear and affirmative action, signify agreement to the data processing; request for consent shall be presented to the data principal in a clear and plain language; and data principals shall have the right to withdraw consent at any time, and the ease of such withdrawal shall be comparable to the ease with which consent may be given.

Role of Consent Manager

Most notably, the data principal may give, manage, review, or withdraw consent to the data fiduciary through a consent manager, which is an entity, accountable to the data principal, that enables the same to manage their consent through an accessible, transparent, and interoperable platform. In this regard, the Explanatory Note details that since it may not always be possible to keep track of the instances in which an individual’s consent has been taken for processing of his/her personal data, the Bill recognizes the role of consent managers, who allow data principals to have a comprehensive view of their interactions with data fiduciaries and the declarations of consent given to them.

Digital Data Protection Bill – What It Proposes?

This Bill only deals with:
- Digital Personal Data collected Online by Data Fiduciary.
- Digital Personal Data is collected Offline but processed digitally by Data Fiduciary
- Sensitive Digital Personal Data – Should be stored in India, but can be processed outside India and the consent of the Data Principal and permission of the Data Protection Authority is must.
- Critical Personal Information – like data related to national security, need to be stored and processed only in India.
- Govt can take nonpersonal data from any data fiduciary, e.g. demographic data from Social media platforms.
Bill expressly excludes from its scope of application on:
- non-automated processing of personal data;
- offline personal data;
- personal data processed by an individual for any personal or domestic purpose; and
- personal data about an individual that is contained in a record that has been in existence for at least 100 years.
Where this Bill will apply?
Territory
- Applicable to Data Principals only in India.
- Not applicable to NRI’s Data Principals.
- Data Fiduciary who collects and process data outside of India
How Long the data can be stored?
- In case a Data Principal gives consent to store or process data, then the consent will have a time period of validity, the data cannot be held by Data Fiduciary for an Infinite period.
Controls to Data Principal
- Access to Data
- Get the Data Corrected
- Deletion of Data
Data Minimization
- Data Fiduciary should collect only that much data which is necessary or required to meet the requirements, no unnecessary data should be collected by the Data Fiduciary from Data Principal.
Data Localization – Relaxation
- Earlier bill was very stringent in the data localization policy, but in the current draft bill relaxation is given to Data Localization, this is done to benefit global majors of the world like Facebook, Twitter, and Uber and strengthen the Start-up ecosystem.
Data Protection Board – Establishment
- The Data Principal can raise issues with Data Protection Board in case they are facing any issues with Data Fiduciary regarding their personal data.
- In case, the guidelines of the Bill are not followed by data fiduciaries, high penalties can be levied upon them.
Post Mortem Privacy
- In case of incapacity or death of the Data Principal, the Data principal can nominate a person who can control the rights of the Data principal in case of their absence.
Deemed Consent
- In case of Public interest deemed consent is allowed in the interest of the sovereignty of the country.
Social Media – Responsibility
- Verify the identity and information sharing of its user and share the same with Govt.

Data Protection Authority

DPO – The company needs to appoint Data Protection Officer (DPO). The Data Protection body will check whether the Data Fiduciary is in compliance with the Bill.
Purpose Limitation – If Data principals’ consents need to be stored or processed, then it should have a legal purpose.
Collection Limitation – If data is collected a clear-cut purpose for the collection of data should be defined.
Right to be forgotten
- In case the data principal has given consent to use his/her data for a purpose, but if the customer wants to take his consent back for the use of data and wants to get deleted from the records, then the same should be facilitated by Data Fiduciary.

Right to information about personal data

Recognizing that every individual should be able to obtain certain basic information about their personal data, Article 12 of the Bill grants data principals the right to obtain from the data fiduciary confirmation about the processing, a summary of the personal data being processed, and the identities of all the data fiduciaries with whom the data has been shared, as well as the categories of data shared.

Right to correction and erasure of personal data

To enable correction, update, completion, and erasure of personal data where it is no longer needed, data principals are recognised with the right to correction and erasure of personal data.

Right of grievance redressal

The Bill gives data principals the right to register a grievance with the data fiduciary and to escalate the complaint to the Board, in case of a lack of response or unsatisfactory response from the data fiduciary.

Right to nominate

A data principal shall have the right to nominate any other individual, so that, in the event of death or incapacity of the data principal, the nominees may exercise the rights of the data principal on their behalf. In relation to the right in question, the Explanatory Note outlines that the right to the nomination has been borrowed from other sectors, where it is a basic practice and a right available to individuals.

Duties of data principals

Interestingly, the Bill also lists various duties that data principals are expected to abide by. The Explanatory Note explains that the inclusion of duties for data principals aims at ensuring that there is no misuse of rights and that the exercise of rights does not lead to an adverse effect on others’ rights. Bill prohibits data principals from registering a false or frivolous grievance or complaint with a data fiduciary or the Board.

Situations where taking consent of the Data Principal would not be necessary

In a situation where the data principal voluntarily provides their personal data to the data fiduciary and it is reasonably expected that they would provide such personal data;
for the performance of any function under any law, or the provision of any service or benefit to the data principal, or the issuance of any certificate, license, or permit by the State or other state body;
for compliance with any judgment or order issued under any law;
for responding to a medical emergency;
for taking measures to provide medical treatment or health services to any individual during a period of threat to public health;
for taking measures to ensure the safety of, or provide assistance or services to, any individual during any disaster, or any breakdown of public order;
for the purposes related to employment; or
in the public interest, such as the prevention and detection of fraud, credit scoring, and processing of publicly available personal data.

Penalties – Data Fiduciary

Penalties will be levied on Data Fiduciary in case of any violation.

In case of a minor violation, the penalties can be INR 5 Cr or 2 percent of annual global revenue
In case of a major violation, the penalties can be INR 15 Cr or 4 percent of annual global revenue

Strengths of Digital Personal Data Protection Bill

Data Sovereignty
Protect against Cyber Attacks
Avoid Data Breach
Verification for Social media to counter anonymity
Upholds Fundamental Right – Right to Privacy for Data Privacy.
Ease of Doing Business for Start-ups
Alignment with Global Data Privacy Policies like GDPR.

Weaknesses of Digital Personal Data Protection Bill

Point of View – Empowering Data Fiduciary
Less Strict, resulting in a reduction in protection.
How independent will the Data Protection board will be?

Definitely, a step forward for protecting the Digital Personal Data of the Indian Citizens (Bhartiya Nagric).

The Importance of Privacy in Digital Marketing

How many times has an advertisement for a product appeared on your social media feed while you were having a real-time conversation about a similar subject? This is the subtlety and sophistication of the world of digital marketing, a world heavily reliant on customer data, as it is beneficial in providing a more targeted, and personalized experience to a customer.

Moreover, accelerated internet penetration in India, along with the proliferation of mobile telephony, has increased the user base, leading to scaling up the volume of personal data points provided to content, e-commerce, and social media applications and websites at unprecedented levels. This trend of providing personal data instead of a personalised user experience attracts a host of privacy considerations, such as data permissions, user consent, profiling, and informed data sharing.

Reliance on Data

Since the advent of the internet, the marketing industry has experimented and leveraged new mediums in ways that are beneficial to its clients. Marketing is integral to businesses all across the globe given that it can prove to be extremely profitable if done the right way. From market research to advertising, a good marketing strategy can make a business float, sink or thrust ahead.

When it comes to market research for the digital medium(s), data analysis is crucial as it facilitates not just the development of the right message, but also understanding how to reach the right person with the message, be it through search engines or social media platforms. Using data related to markers, such as age, gender, past purchase behaviour, and geographical regions, marketers can create personalized advertisements that strike the perfect balance between what the business is selling and what a consumer is looking for.

This balance rests on the bedrock of thousands of cookies that lie semi-dormant in our browsers, analysing our web-surfing patterns, noting the time we spend on a particular video or a photograph, our cursor movements on a particular social media post or the listings or articles we read and share over the internet.

One could safely say our online personas are a culmination of multiple layers of data, data that the marketers depend on to create accurate personality profiles for them to deliver the right product, and services, which we as consumers appreciate due to the salient personalization aspect of it.

Regulatory landscape and privacy considerations

In India, currently, Section 43A of the Information Technology Act, 2000 read with the Information Technology Rules (reasonable security practices and procedures and sensitive personal data or information) would amount to the applicable legal regime vis-a-vis privacy requirements for organizations.

The tipping point for a serious discussion on the need for a comprehensive privacy law came with the Supreme Court’s judgment in KS Puttaswamy (Retd.) and Anr v Union of India which recognized the right to privacy as a part of the right to life and personal liberty.

However, India is on the cusp of introducing a privacy law, the Personal Data Protection Bill, 2019. It was tabled in Lok Sabha in the winter session of the Parliament (December 2020).

If passed in its current form, PDPB will likely increase the cost of operations for organizations’ marketing campaigns. The impact would be due to the requirement to obtain explicit consent from users before processing personal data and inform the user about the nature and categories of personal data collected, along with the purpose, including profiling, for which the data is processed.

Hence, it is prudent for organizations to initiate their readiness efforts to integrate privacy as the backbone of their processing activities. A few best practices are as follows.

Transparency and consent: Ensure you actively seek permission from your perspective and in-life customers, to contact them for marketing purposes only if their consent is in place. Therefore, a pre-ticked box that automatically opts a user will not cut it anymore as opt-ins need to be a deliberate choice. Additionally, consider prompting users to add themselves to your mailing list by launching a pop-up on your website.
Purpose limitation: Focus on the data that you need, and refrain from asking for additional data elements. So, collect only the data that you need for efficient marketing and customer service.
Data quality: Consider centralizing the personal data collection into a customer relationship management system, and make sure your users can access their data to review its proposed usage and make any changes as necessary. Additionally, you could explore auditing your mailing list by removing anyone who has not provided opt-in consent.
Access: Ensure users have an overview of how their data is processed and what their rights are concerning privacy. Consider creating mechanisms that will let users easily access their data and withdraw consent for its use.

Therefore, with reliance on data for efficient target marketing on one hand and compliance-related obligations on the other, marketers and organizations must tread this thin line between value creation through data and the privacy of the customers.

Trust – A New Business KPI

Commercial success is established on trusted relationships powered by the data.

In the new digital era, ‘Trust’ has become a new business KPI. It acts as a glue that binds customers to companies.

Businesses can gain customer trust in the way they manage their data and get their consent to use it in innovative ways. It can make customers confident about security and responsible use of their personal data, which can lead to valuable insights for business growth.

That’s why I think regulations like GDPR, CCPA, and DPDPB should really be seen as a positive opportunity that would provide a stimulus for enterprises to be more transparent about how customer data should be used. Ultimately, this will lead to building customer confidence and establishing greater levels of trust.

What is trust? How do we define and quantify it?

Trust – not a Straightforward Rather a Quite Subjective Term.

We as customers have different expectations from different organizations. The level of trust we demand from BFSI and the healthcare industry is quite different from what we accept from the likes of Google and Facebook.

As a matter of fact, we as consumers have accepted that the big digital players will share our interests with retailers for advertising purposes. We have accepted that it’s a value exchange, allowing us to access their platforms, often for free.

With the changing digital landscape customers are becoming aware of the importance of their data privacy. They expect businesses to take consent from them explicitly. This implies that today’s consumers want total control of their data i.e. the purpose for which their data will be used, how it is being used etc. This means transgressing customers’ privacy, which will lead to risk of losing trust and confidence in an enterprise at any moment.

Here, it becomes imperative to understand the nuances around consumer trust. Getting it right depends on the specific operating model and the value exchange between your offerings and your customers’ data.

Despite the variance in customer expectations and trust, the underlying principle of enhancing the level of trust is transparency. If a business is transparent in managing and sharing how they manage and share customer data, there would be arousal of a common set of expectations that will help to better understand the meaning of consent.

Now-a-days, Consent is becoming the buzz word in the digital world with flurry of regulations like GDPR, CCPA, TCCCPR and DPDP, Bill 2022 etc. that are putting transparency and consumer interest at their core. Therefore, it is required, for organizations to keep their focus on creating and maintaining a sustainable automated business model in compliance with these data privacy regulations. As per these regulations transparency offers two ways to drive growth by:

Improving Service Quality

By taking customers’ consent and remaining transparent on how you use their data will provide enterprises the clarity on customer data and can flag off processes that aren’t working or are impacting their service levels. Further, this will enable in proactively fixing the problem, enhancing customer satisfaction leading to heightened customer experience.

Implementing Data-Driven Services

With the demonstration of data accountability, businesses are more likely to earn customer consent, which can further be used in new and innovative ways. As the data has become truly transformative, it can well be used to deliver hyper-personalised services that address customers’ needs and wants.

Ultimately, clear and transparent way of data collection results in enhanced customer trust that can be leveraged to increase the share of the wallet and would facilitate in attracting new customers. This is when your customer become your advocate. Also, it is most likely that they would recommend your services.

In a nutshell, I certainly feel that by embodying data transparency businesses can build greater levels of trust with customers. Also, by earning customer’s consent, customer data can be used in innovative ways – viz. creating products, services, and experiences. This will provide clear differentiation and an implicit increase in wallet share in today’s highly competitive market.

The Importance of Privacy in Digital Marketing

The Importance of Privacy in Digital Marketing

Moreover, accelerated internet penetration in India, along with the proliferation of mobile telephony, has increased the user base, leading to scaling up the volume of personal data points provided to content, e-commerce, and social media applications and websites at unprecedented levels. This trend of providing personal data instead of a personalized user experience attracts a host of privacy considerations, such as data permissions, user consent, profiling, and informed data sharing.

Reliance on Data

This balance rests on the bedrock of thousands of cookies that lie semi-dormant in our browsers, analyzing our web-surfing patterns, noting the time we spend on a particular video or a photograph, our cursor movements on a particular social media post or the listings or articles we read and share over the internet.

Regulatory landscape and privacy considerations

However, India is on the cusp of introducing a privacy law, the Personal Data Protection Bill, 2019. It was tabled in Lok Sabha in the winter session of the Parliament (December 2020).

Hence, it is prudent for organizations to initiate their readiness efforts to integrate privacy as the backbone of their processing activities. A few best practices are as follows.

Transparency and consent: Ensure you actively seek permission from your perspective and in-life customers, to contact them for marketing purposes only if their consent is in place. Therefore, a pre-ticked box that automatically opts a user will not cut it anymore as opt-ins need to be a deliberate choice. Additionally, consider prompting users to add themselves to your mailing list by launching a pop-up on your website.
Purpose limitation: Focus on the data that you need, and refrain from asking for additional data elements. So, collect only the data that you need for efficient marketing and customer service.
Data quality: Consider centralizing the personal data collection into a customer relationship management system, and make sure your users can access their data to review its proposed usage and make any changes as necessary. Additionally, you could explore auditing your mailing list by removing anyone who has not provided opt-in consent.
Access: Ensure users have an overview of how their data is processed and what their rights are concerning privacy. Consider creating mechanisms that will let users easily access their data and withdraw consent for its use.

How to Authenticate Your Customers that they are who they are?

Traditionally, whenever your customers sign in their online accounts they have to prove through their username and password to the service that ‘they are who they are.’ This is done by a process called ‘Authentication’. To their dismay that’s not a very safe way to go for authentication as usernames are often easy to explore. At times customers have the proclivity to just use their name as complicated password can be hard to remember, people tend to choose the simple ones or same password at many different sites. That’s why almost all online services – banks, insurance, social media, ecommerce etc – have added a way for the customer’s accounts to be more secure. This is done either as a “Two-Factor Authentication (2FA)” or “Multifactor Authentication (MFA)” but all the good ones operate off the same principle. When the customer signs into their account for the first time on an app he/she needs more than just the username and password. The customer needs a second thing (like OTP, Captcha, or finger print etc) – what is called a second “factor” – to prove who they are.

A factor in authentication is a way of confirming customers’ identity when they try to sign in. For example, a password is one kind of factor, it’s a thing that your customer know. The three most common kinds of factors are:

Something he/she knows – Like a password, or a memorized PIN.

Something he/she has – Like a smartphone, or a secure USB key.

Something he/she is – Like a fingerprint, or facial recognition.

How Does Multi-Factor Authentication Work?

Suppose a customer is going to sign into his/her work account, and enters the username and password for the same. If that’s all the customer need then anybody who knows the username and password can sign in as him/her from anywhere in the world.

But if the customer’s multifactor authentication is enabled, things get more interesting. The first time he/she signs in on a app or device by entering his/her username and password as usual, then he/she gets prompted to enter his/her second factor to verify identity.

The OTP is used as a second factor for authentication. Once the customer will open the app on his/her smartphone, a unique dynamic 6-digit number is sent to him/her through SMS or email that the customer type into the site and gets in.

If some other person tries to sign in, however, that person will enter the customer’s username and password, and gets prompted for that second factor, then that person is stuck. Unless they have the customer’s smartphone or email account, they have no way of getting that 6-digit number to enter. Generally, this 6-digit number has time validity and expires in multiples of 30 seconds. So, even if that person knew the number that was used to sign in on a given day, they’re still locked out.

Important Things to Know About MFA

Some people worry that MFA is going to be really inconvenient, but generally it’s only used the first time a customer signs into an app, or the first time he/she signs in after changing the password. After that you’ll just need your primary factor, usually a password.

The extra security comes from the fact that when somebody other than the customer tries to break into the customer’s account, probably not using his/her device, a need to have that second factor arise.

Presently, MFA is almost used by every online service or transaction that a customer does from bank to personal email to social media accounts as compromised passwords are one of the most common ways for data breach and cheat on your customer data, identity, or money. By using MFA, data breach is made exhausting/harder for them.

What to Consider While Purchasing a MFA Platform?

For selecting the right MFA platform businesses must consider following key factors to ensure that the platform meets their security requirements and can be well integrated with their existing processes:

Security: Enhanced and robust security is the primary reason to implement a MFA platform. So, while selecting a MFA platform, businesses should look into either for token-based authentication, smart card-based authentication, or biometric authentication.

Adaptability: The MFA platform must be adaptable with the enterprise existing IT infrastructure.

Customer Experience: The MFA platform must be easy to use and provide an enhanced and seamless experience to the customers.

Integration and Scalability: The MFA platform should be able to seamlessly integrate with business applications and services and scale up and handle a large number of users and authentication requests.

Compliance: The MFA should comply with industry standards.

Cost & Efficiency: The MFA platform should offer cost-effective and efficient solutions.

Explore a comprehensive MFA platform, AUTHENTRICA that is simple, flexible, robust, reliable, secured and scalable. It also ensures the security and integrity of authentication data for businesses via encryption, secured communication channels, and audit logs. Not to miss its cost effective and guaranteed authentication-token delivery.

Connect with our team of experts by asking for a DEMO.