Advertisemsnts
Mail this linkMail this link
PrintPrint this page
Subscriber alertSubscriber alert
In focus
Security Initiative
NASSCOM Initiatives
NASSCOM has been playing a very proactive role in ensuring t...

Face to Face
Mr. Abhay Gupte, CEO, Logica India
The time has arrived for the innovation led business model w...

| India

Data Privacy

Indian Privacy Law

Most Indian vendors have in place privacy and data security measures that are contractually binding. However, it is important that India follow suit, and put into place more robust data security and privacy laws and legislations that are uniformly applicable to relevant industries and individuals/groups etc. Particularly, these laws and regulations need to make sure that they themselves are compliant with other international and country-specific laws and regulations.

As far as existing privacy regulations are concerned, India has adequately dealt with some of these by the IT Act of 2000. Chapter XI, section 72: Penalty for breach of confidentiality and privacy states that any person who secures any electronic record, book, register, correspondence, information, document or other material without prior consent and discloses the information to a third party is punishable under the Act. The punishment ranges from imprisonment or a fine which may extend to Rs. 100,000 or both.

Data Protection

To address the issue of misuse of personal information/data, India is currently in the process of reviewing the various clauses of the IT Act 2000, for inserting certain provisions to meet the adequacy norms specified by EU, as well as those given in the US-EU Safe Harbor Agreement including breach of contractual arrangements between the contracting parties.

Other than meeting the norms specified by the EU Directive as well as those of the Safe Harbor, it is important that Indian regulations comply with industry-specific and state laws such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, and California's pending SB 1386 identity-protection law etc.

The concern seems to be around whether data protection laws would have any "teeth" in India's courts. The other concern is that regulations and contractual specifications regarding data privacy should have legal jurisdiction in the country, state or province where the client company is headquartered. This is especially so in cases of non-compliance.

Given the current business environment, it is clear that India needs strong regulations for gaining the trust and confidence of clients and remaining competitive in the global economy.

For further details download the report :

Available as pdf


 

 


Updated on: 06 Jul, 2006