Infosys CISO Describes Approach to PrivacyVishal Salvi Describes Why Focus on Compliance Is Inadequate
Multinational companies that must comply with widely varying privacy laws around the world should focus on a broad privacy strategy rather than a compliance strategy, says Vishal Salvi, CISO at Infosys.
"We have had a dedicated data privacy officer for many years now, much before the requirements of GDPR [the EU's General Data Protection Regulation] or CCPA [the California Consumer Privacy Act] came into place," Salvi says in an interview with Information Security Media Group. "So therefore, we have been implementing controls on our applications, on our HR processes and legal processes and making sure that our commitment toward the privacy of our customer data as well as our employee data was always given high priority and importance."
Salvi says that if nations, rather than individual states, adopt privacy laws - and if those national laws have common elements, multinational companies would find it far easier to comply. "Standardization will make the implementation [of privacy laws] more efficient and more consistent, Salvi says.
In this interview (see audio link below image), Salvi also discusses:
- Infosys' approach to privacy protection;
- How the company is dealing with compliance;
- The issue of privacy laws spelling out on how to handle non-personal data.
Salvi, CISO Infosys, was previously a partner for cybersecurity at PwC. He has 21 years of industry experience in IT service delivery and cybersecurity, having served in roles at Crompton Greaves, Development Credit Bank, Global Trust Bank, Standard Chartered Bank and HDFC Bank.