provide for: procedures policy; and grievance officer. email or any mode of electronic commu- nication from providers of information; information knows that information is being collected, purpose of collection, recipients of the data and the name and address of the agency collecting and retaining the information; review their information and give an opportunity to amend or correct any deficiency or inaccuracy (Entity possessing SPD is not responsible for its authenticity); to provide the information or withdraw consent already given and in the event that consent is not given or withdrawn opt not to provide goods or services; with regard to processing of information in a time bound manner; shall expeditiously or within one month of receipt of grievance (whichever is earlier), redress such grievance. unless such disclosure has been agreed to between them or where the disclosure is necessary for compliance of a legal obligation. [Exception: disclosure to government agencies mandated under law to for verification of identity, or for prevention, detection, investigation and punishment of offences.] such country ensures the same level of data protection that is adhered to by the transferor as provided under the Rules 2011, and only if the transfer is necessary for the performance of a lawful contract between the transferee or any other person on its behalf and the provider of information or where such person has consented for data transfer. from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between Entity and the provider of information or may be specified in any law for the time being in force [an Entity shall be considered to have com- plied with the above requirement if it has implemented its security practices and standards and has a comprehen- sive documented information security program and information security poli- cies that contain managerial, techni- cal, operational and physical security control measures, commensurate to the information protected]. · lawful purpose connected with function or activity of your entity and unless the collection is considered necessary for that purpose. required. are a third party receiving SPD from an Entity. which, possesses, deals with or handles any SPD in a computer resource which it owns, controls or operates, shall be liable to pay damages, not exceeding Rs. 5 crore (approx. USD 0.8 million) to the person adversely affected, for negligence in implementing and maintaining reasonable causing wrongful loss or wrongful gain to any person. Penalty for fraudulent or dishonest use of electronic signature, password or other unique identification feature of any person (identity theft), is imprisonment for a maximum of three years and fine of Rs. 1 lakh. Contravention of any rules or regulations under the IT Act, for the contravention of which no penalty is separately provided, attracts penalty or compensation not exceeding Rs. 25,000/-. penalty, the central government is required to appoint an adjudicating officer to inquire into the purported offence and decide on the penalty and/or compensation. The proceedings are quasi-judicial in nature. There is an express bar on civil courts' original jurisdiction. In adjudging quantum of compensation, the factors to be given due regard to are the amount of: quantifiable) made as a result of the default; by paying compounding fee limited to maximum penalty leviable for the contravention. central government place a legal framework for the protection of SPD. So far there has not been an occasion to test the effectiveness of these Rules 2011, and in addition a lot needs to be done for creating awareness amongst Entities that need to implement the provisions of these Rules 2011. |