The industry-wide scramble to comply with the stringent requirements posed by the IT Rules 2011 notification finds Airtel on firm footing, with its customer data privacy program well underway. Airtel’s customer data privacy program is now successfully clearing the pilot stage, and will soon be implemented across the company’s businesses.
“The need for facilitating business in a secure environment was also a factor,” says Sodhi. Given the large environment of third parties (over 3,000) associated with Airtel’s business, a decision to go beyond ISO 27001 — which Airtel has been compliant with for over two years now — was taken.
Company data states that over 60,000 users within Airtel’s ecosystem have access to customer data. This includes associates such as authorized retail centers, contact centers and VAS (value added services) vendors.
Under Airtel’s customer data privacy program, associates must sign third-party security policies and adhere to stringent controls. These are validated through ongoing monitoring and surprise audits, with relevant governance interventions as required.
The pilot customer data privacy program was executed by the Airtel head office in Gurgaon, as most processes were centralized there. To emulate processes at the circle level, Airtel used representative sample circles. Since Airtel’s multiple lines of business have now been re-organized into B2C (mobile, DTH and telemedia) and B2B (enterprise) segments, this has simplified the process, says Sodhi.
The scope covers businesses and associated partners. “Anyone dealing with customer data falls under the program’s purview,” says Sodhi. The entire rollout is expected to take a year, with phased implementation incorporating lessons learned from the pilot phase.
The circle-wise rollout is expected to be time consuming, since the reorganization will require educating each stakeholder on potential privacy gaps. Administration and monitoring will be handled by Airtel’s Gurgaon program management office.
From a technology perspective, the customer data privacy program covers IT systems and networks. While online privacy is already in place, the internal policy is in the review stage.
The customer data privacy program has facilitated study of the customer life cycle, according to Sodhi. The initiative enjoyed complete management support throughout, with the beneficial fallout of successfully cultivating involvement of the business in information security.