- Page 1
- Page 2
- Page 3
- Page 4
- Page 5
- Page 6
- Page 7
- Page 8
- Page 9
- Page 10
- Page 11
- Page 12
- Page 13
- Page 14
- Page 15
- Page 16
- Page 17
- Page 18
- Page 19
- Page 20
- Page 21
- Page 22
- Page 23
- Page 24
- Page 25
- Page 26
- Page 27
- Page 28
- Page 29
- Page 30
- Page 31
- Page 32
- Page 33
- Page 34
- Page 35
- Page 36
- Page 37
- Page 38
- Page 39
- Page 40
- Page 41
- Page 42
- Page 43
- Page 44
- Page 45
- Page 46
- Page 47
- Page 48
- Page 49
- Page 50
- Page 51
- Page 52
- Page 53
- Page 54
- Page 55
- Page 56
- Page 57
- Page 58
- Page 59
- Page 60
- Page 61
- Page 62
- Page 63
- Page 64
- Page 65
- Page 66
- Page 67
- Page 68

- Flash version

© UniFlip.com
background image
56
T H E P R I M E R U S P A R A D I G M
Data Privacy and Protection of
Sensitive Personal Data
Preethi Sharma is an associate at S Eshwar Consultants House of
Corporate & IPR Laws. She specializes in contract management and
employment law, as well as handles writ litigation and arbitrations.
S Eshwar Consultants House of
Corporate & IPR Laws
No 37/57, 53rd Street, 9th Avenue
Chennai, India 600083
+91 44 42048235 Phone
+91 44 42048335 Fax
preethisharma@eshwars.com
www.eshwars.com
Preethi Sharma
As a global forerunner in the Information
Technology (IT) industry, data privacy
and protection laws have assumed more
importance than ever before in India. The
department of information technology,
under the ministry of communication
and information technology ­ the nodal
ministry administering The Information
Technology Act, 2000 ("IT Act") ­ has
put in place The Information Technology
(reasonable security practices and
procedures and sensitive personal data or
information) Rules, 2011 ("Rules 2011"),
pursuant to powers to make rules (S.
43A read with S. 87 of the IT Act). The
Rules 2011 read with the departmental
clarification dated August 24, 2011,
govern the aspects relating to sensitive
personal data or information (SPD).
Personal Information
Any information that relates to a natural
person, which either directly or indirectly,
in combination with other information
available or likely to be available with a
corporate body, is capable of identifying
such person.
Sensitive Personal Data or
Information
Personal information considered sensitive
is that consisting of information relating to:
·
password;
·
financial information such as bank
account or credit/debit card/other
payment instrument details;
·
physical, physiological and mental
health condition;
·
sexual orientation;
·
medical records and history;
·
biometric information;
·
detail relating to above clauses
as provided to body corporate for
providing service; and
·
information received under above
clauses by body corporate for
processing, stored or processed under
lawful contract or otherwise.
Exceptions: information freely available/
accessible in public domain/furnished
under Right to Information Act, 2005/other
laws in force.
Applicability of the Rules 2011
The Rules 2011 are applicable to a
corporate body (any company including
a firm, sole proprietorship or other
association of individuals engaged in
commercial or professional activities) or
any person located within India (Entity).
As per the clarification dated August
24, 2011, the provisions of the Rules
2011 relating to collection and disclosure
of SPD are not applicable to an Entity
providing services relating to collection,
storage, dealing or handling of SPD under
contractual obligation with any legal entity
located within or outside India. Entities
providing services to the provider of
information (being natural persons) under
a contractual obligation directly with them
however are bound by all provisions of
Rules 2011.
Dos and Don'ts for Entities for
Use and Protection of SPD
Dos:
1. Provide for a policy for privacy,
disclosure and reasonable security
practices and procedures for handling
or dealing of the SPD.
2. The policy should be clear and easily
accessible to providers of information.
Asia Pacific