A new data protection law is on the anvil and all stakeholders are keenly awaiting the outcome of the consultation process for the draft Personal Data Protection Bill, 2019, recently initiated by the Joint Parliamentary Committee. Even after the new data privacy law is enacted, it is likely to take at least a year, if not more, for the infrastructure required to implement the new law to be put in place. Therefore, it will be a useful exercise to review and understand India's existing data privacy law which can be found in the form of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("2011 Rules"). The 2011 Rules have been framed under Section 43A of the Information Technology Act, 2000 ("IT Act").
When the IT Act was enacted, its focus was on putting in place technology law fundamentals like digital signatures, providing legal recognition for electronic documents and the like. Its preamble states that its objective is to "provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic computer science vs information technology, commonly referred to as 'electronic commerce', which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto."1 It was only in 2008 that the IT Act was amended by the Information Technology (Amendment) Act, 2008, with effect from October 27, 2009, to incorporate Section 43A, which requires the maintenance of reasonable security practices and procedures by bodies corporate that possess, deal or handle any sensitive personal data or information and provides for compensation for failure to protect such data) and Section 72A, which penalizes intentional personal data breach. The aforesaid amendment did not define either personal data or sensitive personal data, though Section 43A provided that "sensitive personal data or information" would mean such personal information as would be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
When the IT Act was enacted, its focus was on putting in place technology law fundamentals like digital signatures, providing legal recognition for electronic documents and the like. Its preamble states that its objective is to "provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic computer science vs information technology, commonly referred to as 'electronic commerce', which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto."1 It was only in 2008 that the IT Act was amended by the Information Technology (Amendment) Act, 2008, with effect from October 27, 2009, to incorporate Section 43A, which requires the maintenance of reasonable security practices and procedures by bodies corporate that possess, deal or handle any sensitive personal data or information and provides for compensation for failure to protect such data) and Section 72A, which penalizes intentional personal data breach. The aforesaid amendment did not define either personal data or sensitive personal data, though Section 43A provided that "sensitive personal data or information" would mean such personal information as would be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
google 3417
ReplyDeletegoogle 3418
google 3419
google 3420
google 3421