Information Security Group
|
Home > Data Privacy

Data Privacy and Protection

Data privacy is essential to safeguard sensitive information, maintain trust and prevent unauthorized access or misuse of client and employee personal data. ISG Data privacy ensures that all data privacy laws and Tech Mahindra Data Privacy Policy are complied with and integrated into all our business operations.

Process

Identifying projects with access to PISPI information is crucial to ensure comprehensive protection and awareness of data handling controls. Once identified, a privacy risk assessment (PIA) and a Record of Processing (ROPA) must be undertaken by the project manager. Privacy VIGIL tool is utilized to identify PI/SPII, conduct PIA and ROPA and maintain required records centrally , fostering collaboration between PMs and the ISG DP team.

Once confirmed that PI/SPII information is accessed by the project, PM receives a automated email from Privacy VIGIL to start the PIA and ROPA process thereby ensuring comprehensive review and mitigation of potential risks, PMs submits PIA and ROPA in Privacy VIGIL Tool for SPM review, followed by review by ISG DP manager.

Audits are essential to ensure compliance and mitigate risks. Data Privacy Team conducts audits for high-risk projects in collaboration with PM’s. In case NCs are identified, the PM agrees on a closure plan with auditor to swiftly to mitigate risks and take necessary actions.

Bi Annual reviews are carried out to ensure that the protection of data remains current and relevant. Autogenerated email reminders are received by PMs every six months via Privacy VIGIL tool for biannual reviews and to update existing records. Additionally, PIA and ROPA activities are also reinstated for any changes in scope of project processes which has an impact on personal data processing.

Project termination can occur by various factors such as successful completion , budget constraints or changed priorities.

Through proactive data privacy measures and diligent enforcement of security protocols the ISG Teams ensures the confidentiality and protection of the organizations data assets throughout the phase.

It is essential to ensure secure handling and deletion of PI/SPI data during this phase. Upon receiving the project termination timelines, all PI/SPI is to be either deleted or archived securely in accordance with TechMahindra’s Data retention policy (BMS Link) aligning with legal , statutory, regulatory and contractual requirements for information deletion. Access for all associates is promptly revoked to safeguard data integrity and security.

For Any Queries write to : ISGDataProtection@TechMahindra.com
Copyright © Tech Mahindra Limited. All Rights Reserved