Sensitive Personal Data Corporate & IPR Laws. She specializes in contract management and employment law, as well as handles writ litigation and arbitrations. Corporate & IPR Laws No 37/57, 53rd Street, 9th Avenue Chennai, India 600083 +91 44 42048235 Phone +91 44 42048335 Fax preethisharma@eshwars.com www.eshwars.com Technology (IT) industry, data privacy and protection laws have assumed more importance than ever before in India. The department of information technology, under the ministry of communication and information technology the nodal ministry administering The Information Technology Act, 2000 ("IT Act") has put in place The Information Technology (reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 ("Rules 2011"), pursuant to powers to make rules (S. 43A read with S. 87 of the IT Act). The Rules 2011 read with the departmental clarification dated August 24, 2011, govern the aspects relating to sensitive personal data or information (SPD). person, which either directly or indirectly, in combination with other information available or likely to be available with a corporate body, is capable of identifying such person. Information is that consisting of information relating to: account or credit/debit card/other payment instrument details; health condition; as provided to body corporate for providing service; and clauses by body corporate for processing, stored or processed under lawful contract or otherwise. accessible in public domain/furnished laws in force. corporate body (any company including a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities) or any person located within India (Entity). As per the clarification dated August 24, 2011, the provisions of the Rules 2011 relating to collection and disclosure of SPD are not applicable to an Entity providing services relating to collection, storage, dealing or handling of SPD under contractual obligation with any legal entity located within or outside India. Entities providing services to the provider of information (being natural persons) under a contractual obligation directly with them however are bound by all provisions of Rules 2011. Use and Protection of SPD practices and procedures for handling or dealing of the SPD. |