SlideShare une entreprise Scribd logo

Privacy in India: Legal issues

Télécharger en tant que PPTX, PDF
Sagar Rahurkar
Sagar Rahurkar
DroitTechnologie
1  sur  40
PRIVACY IN THE DIGITAL AGE – LEGAL SCENARIO (WITH SPECIFIC REFERENCE TO INDIA)
AGENDA  Privacy  Data Privacy  Different categories/types of Private data  Indian Legal scenario on Privacy  Some of the global laws  Mom’s gyan
PRIVACY  To separate/seclude from the rest  Types –  Personal privacy  Informational  Organizational
WE’LL EXPECT REASONABLE PRIVACY IN LIFE…..BUT THEN…! ….and so many other ways by which we’re being tracked…!
INFORMATION/DATA PRIVACY  Attitude of an organization or individual to determine what data in a computer system can be shared with third parties  Private data is known as –  Personally Identifiable Information (PII)  Personal data  Sensitive Personal Data/Information
PERSONALLY IDENTIFIABLE INFORMATION o US Privacy Laws Information that can be used on its own or with other information to identify, contact, or locate a person, or to identify an individual in context
PERSONAL DATA AND SENSITIVE PERSONAL DATA  Data Protection Act – UK  Personal data - Data relating to a living individual which helps in his identification and includes any expression of opinion him  Sensitive personal data - Personal data consisting of information as to –  the racial or ethnic origin of the data subject,  his political opinions,  his religious/spiritual beliefs  His professional associations,  his physical or mental health or condition,  his sexual life,  the commission or alleged commission by him of any offence, or  any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
SENSITIVE PERSONAL DATA/INFORMATION  The Information Technology Act, 2000 (Amd. 2008) – India SPDI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
INDIA ON PRIVACY  Constitution of India  Art. 19 - Freedom of Speech and Expression  Art. 21 – Right to Life and Personal Liberty  IT Act, 2000 (Amd. 2008)  Data privacy  Personal privacy  Powers of Government
KEY ISSUES  Liability of Company (Sec. 85)  Data protection – Concern for outsourcing industry  Privacy – Individual’s concern  Increasing Government control/interference
PREAMBLE OF THE IT ACT  Purpose behind enacting IT Act –  To provide legal recognition to e-commerce  To facilitate e-governance  To provide remedy to cyber crimes  To provide legal recognition to digital evidence o Preamble doesn’t specify that the Act aims @ establishing IT Security framework in India
SECTION 43 – UNAUTHORISED ACCESS  Unauthorised Access  Remedy – Damages by the way of compensation  Amount – Unlimited  What needs to be proved – Amount of damages suffered  Adjudication –  For claims upto Rs. 5 Crores – Adjudicating Officer (IT Secretary of State)  For claims above Rs. 5 Crores – Civil courts
If any person without permission of the owner or incharge of a computer Accesses or secures access to a computer Downloads, copies or extracts data Introduces computer contaminant or virus Damages computer Disrupts computer or networkCauses denial of access Provides assistance to facilitate illegal access Charges the services availed of by a person on the account of another person Destroys, deletes, alters , diminishes value or utility or affects injuriously Steals, conceals, destroys or alters computer source code
CASES DECIDED U/SEC. 43  Thomas Raju vs. ICICI Bank  Ramdas Pawar vs. ICICI Bank  Saurabh Jain vs. Idea Cellular  Fraudulent transfer of money from petitioners account  Duplicate SIM cards made without document verification  Court is of opinion that bank/cellular company has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access  Bank has not adhered to the RBI circular of July 2010 for 'guidelines on information security, electronic banking and cyber frauds  Idea has issued a SIM based on a fake license and police FIR
SEC. 43A – COMPENSATION FOR FAILURE TO PROTECT DATA If a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person Liability – Damages by the way of Compensation – Unlimited damages
WHO IS LIABLE? Sec. 85 Company itself, being a legal person Top managemen t including directors and Managers If it is proved that they had knowledge of the contraventio n or they have not used due diligence or that it was caused due to their negligence
ISSUES  What is Sensitive Personal data or Information?  What are Reasonable Security Practices and Procedures?
SOLUTION  The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011  Enforceable from 11th April, 11  To be read with Sec. 43A
SP DI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info SENSITIVE PERSONAL DATA OR INFORMATION Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
REASONABLE SECURITY PRACTICES Rule 8 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 An agreement between the parties regarding protection of “Sensitive Personal Information” The International Standard IS/ISO/IEC 27001 – is one of a standard Managerial, technical, operational and physical security control measures commensurate with the information assets and nature of business Implementing comprehensive documented information security programme and policies
AUDITING  Necessary to get the codes or procedure certified or audited on regular basis  Needs to be done by the Government Certified Auditor who will be known as “Govt. Certified IT Auditor”  Not appointed yet
COMPLIANCE POLICIES
COLLECTION OF INFORMATION  About obtaining consent of the information provider  Consent in writing through letter/fax/email from the provider of the SPDI regarding purpose of usage before collection of such information  Need to specify –  Fact that SPDI is being collected  What type of SPDI is collected?  How long SPDI will be held? Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
COLLECTION OF INFORMATION  Provider should know –  Purpose of collection  Intended recipients  Details of the agency collecting the information and agency retaining the information  Body Corporate not to retain information longer than required  Option should be given to withdraw the information provided  SPDI shall be used only for the purpose for which it has been collected  Shall appoint “Grievance Officer” to address any discrepancies and grievances about information in a timely manner – Max. time – One month
PRIVACY POLICY  Policy about handling of SPDI  Shall be published on website or should be available to view/inspect @ any time  Shall provide for –  Type of SPDI collected  Purpose of collection and usage  Clear and easily accessible statements of IT Sec. practices and policies  Statement that the reasonable security practices and procedures as provided under rule 8 have been complied Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
DISCLOSURE OF INFORMATION  Disclosure –  Prior permission of provider necessary before disclosure to third party OR  Disclosure clause needs to be specified in the original contract OR  Must be necessary by law  Third party receiving SPDI shall not disclose it further Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
TRANSFER OF INFORMATION  Transfer to be made only if it is necessary for performance of lawful contract  Disclosure clause should be a part of Privacy and Disclosure Policy  Transferee to ensure same level of data protection is adhered while and after transfer  Details of transferee should be given to provider Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
SEC 72(A) (CRIMINAL OFFENCE)  Punishment for Disclosure of information in breach of lawful contract -  Knowingly or intentionally disclosing “Personal Information" in breach of lawful contract  IMP – Follow contract  Punishment - Imprisonment upto 3 years or fine up to 5 lakh or with both (Cognizable but Bailable)
OTHER PROVISIONS U/IT ACT o Section 66E – Punishment for Violation of personal privacy  Popularly known as Voyeurism  Covers acts like hiding cameras in changing rooms, hotel rooms, etc.  Punishment –imprisonment upto 3 years or fine upto Rs. 2 lakh or both oSection 67C – Preservation and retention of information by intermediaries oSection 69 – Power to issue directions for interception or monitoring or decryption of any information through any computer resources. oSection 69A – Power to issue directions for blocking public access to any information through any computer resource oSection 69B – Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security oSection 79 – Intermediary not liable in certain circumstances
SOME OF THE GLOBAL LAWS
GRAMM–LEACH–BLILEY ACT (GLBA, USA)  Focuses on finance  Safeguards Rule - Disclosure of Nonpublic Personal Information  It requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information.  This plan must include –  Denoting at least one employee to manage the safeguards,  Constructing a thorough risk analysis on each department handling the nonpublic information,  Develop, monitor and test a program to secure the information, and  Change the safeguards as needed with the changes in how information is collected, stored and used
THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA, USA)  Focus on economic and national security interests of the United States  Emphasized on “risk-based policy for cost-effective security”  Responsibility attached to federal agencies, NIST and the Office of Management and Budget (OMB) to strengthen information system security  Not mandatory  No penalty for non-compliance
DATA PROTECTION DIRECTIVE (EU)  European Union directive regulating the processing of personal data within the EU  Protection of individual’s personal data and its free movement  Coming soon - European Data Protection Regulation  Not mandatory  No penalty for non-compliance
OTHER LAWS IN THE US o Children's Internet Protection Act of 2001 (CIPA) o Children's Online Privacy Protection Act of 1998 (COPPA) o Driver's Privacy Protection Act of 1994 o Telephone Consumer Protection Act of 1991 (TCPA) o Video Privacy Protection Act of 1988 o Electronic Communications Privacy Act of 1986 (ECPA) o Privacy Protection Act of 1980 (PPA) o Right to Financial Privacy Act of 1978 (RFPA) o Family Education Rights and Privacy Act of 1974 o Privacy Act of 1974
MOM’S GYAN
PROTECT YOUR OWN PRIVACY o Understand – the type of personal information you disclose o Always ask – WHY they want it ? HOW will they use it ? WHO will it will be shared with ? Will YOU get access to it ? o Know your rights o Question if you are in doubt
IF YOU ARE A COMPANY o Am I complying with Law? o Do you manage (have, use, access, store, obtain, etc.) personal information ? o Am I collecting only the what is REALLY needed and not more ? o Have I differentiated between Sensitive Personal Information and other information? o Do I protect information even during Transit/Process ? o How are you making sure all employees know their responsibilities and rights ? o How will you extend the data privacy protection to your third-parties, vendors ? o What will you do if there is a privacy breach ? o Do you in-house competences to conduct basic investigations ?
GET IN TOUCH PHONE +919623444448 EMAIL CONTACT@SAGARRAHURKAR.COM

Recommandé

Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?Martin Hawksey
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakDipayan Sarkar
 

Recommandé

Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?Martin Hawksey
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakDipayan Sarkar
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
introduction to cyber law and cyber crime
introduction to cyber law and cyber crimeintroduction to cyber law and cyber crime
introduction to cyber law and cyber crimeAbhinav Tyagi
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
DATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLDDATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLDJason Rusch - CISSP CGEIT CISM CISA GNSA
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfDarylBallesteros3
 
Right to privacy
Right to privacyRight to privacy
Right to privacyRoopanshi Virang
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)Hairul Hafiz Hasbullah
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speechUc Man
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
IPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTIONIPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTIONR KUMARAVENKATESAN
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 

Contenu connexe

Tendances

An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
introduction to cyber law and cyber crime
introduction to cyber law and cyber crimeintroduction to cyber law and cyber crime
introduction to cyber law and cyber crimeAbhinav Tyagi
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfDarylBallesteros3
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speechUc Man
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 

Tendances (20)

An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
introduction to cyber law and cyber crime
introduction to cyber law and cyber crimeintroduction to cyber law and cyber crime
introduction to cyber law and cyber crime
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
DATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLDDATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLD
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
 
Right to privacy
Right to privacyRight to privacy
Right to privacy
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speech
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 

En vedette

Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Industrial design [compatibility mode]
Industrial design [compatibility mode]Industrial design [compatibility mode]
Industrial design [compatibility mode]Delwin Arikatt
 
Intellectual Property Rights
Intellectual Property RightsIntellectual Property Rights
Intellectual Property Rightsharshhanu
 

En vedette (6)

IPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTIONIPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTION
 
Data protection act
Data protection act Data protection act
Data protection act
 
Industrial design [compatibility mode]
Industrial design [compatibility mode]Industrial design [compatibility mode]
Industrial design [compatibility mode]
 
Design act 2000
Design act 2000Design act 2000
Design act 2000
 
Intellectual Property Rights (IPR)
Intellectual Property Rights (IPR)Intellectual Property Rights (IPR)
Intellectual Property Rights (IPR)
 
Intellectual Property Rights
Intellectual Property RightsIntellectual Property Rights
Intellectual Property Rights
 

Similaire à Privacy in India: Legal issues

Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11mrmwood
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxStephenQuijano3
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong若水 鲁
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptSamir Jha
 

Similaire à Privacy in India: Legal issues (20)

Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOP
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 

Dernier

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxRRR Chambers
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...PsychicRuben LoveSpells
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理Airst S
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Dr. Oliver Massmann
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxRRR Chambers
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理Airst S
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理bd2c5966a56d
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptJosephCanama
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxelysemiller87
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...SUHANI PANDEY
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理bd2c5966a56d
 
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理A AA
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategyJong Hyuk Choi
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxRRR Chambers
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...James Watkins, III JD CFP®
 

Dernier (20)

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
一比一原版(USYD毕业证书)澳洲悉尼大学毕业证如何办理
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 

Privacy in India: Legal issues

  • 1. PRIVACY IN THE DIGITAL AGE – LEGAL SCENARIO (WITH SPECIFIC REFERENCE TO INDIA)
  • 2. AGENDA  Privacy  Data Privacy  Different categories/types of Private data  Indian Legal scenario on Privacy  Some of the global laws  Mom’s gyan
  • 3. PRIVACY  To separate/seclude from the rest  Types –  Personal privacy  Informational  Organizational
  • 4. WE’LL EXPECT REASONABLE PRIVACY IN LIFE…..BUT THEN…! ….and so many other ways by which we’re being tracked…!
  • 5. INFORMATION/DATA PRIVACY  Attitude of an organization or individual to determine what data in a computer system can be shared with third parties  Private data is known as –  Personally Identifiable Information (PII)  Personal data  Sensitive Personal Data/Information
  • 6. PERSONALLY IDENTIFIABLE INFORMATION o US Privacy Laws Information that can be used on its own or with other information to identify, contact, or locate a person, or to identify an individual in context
  • 7. PERSONAL DATA AND SENSITIVE PERSONAL DATA  Data Protection Act – UK  Personal data - Data relating to a living individual which helps in his identification and includes any expression of opinion him  Sensitive personal data - Personal data consisting of information as to –  the racial or ethnic origin of the data subject,  his political opinions,  his religious/spiritual beliefs  His professional associations,  his physical or mental health or condition,  his sexual life,  the commission or alleged commission by him of any offence, or  any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
  • 8. SENSITIVE PERSONAL DATA/INFORMATION  The Information Technology Act, 2000 (Amd. 2008) – India SPDI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 9. INDIA ON PRIVACY  Constitution of India  Art. 19 - Freedom of Speech and Expression  Art. 21 – Right to Life and Personal Liberty  IT Act, 2000 (Amd. 2008)  Data privacy  Personal privacy  Powers of Government
  • 10. KEY ISSUES  Liability of Company (Sec. 85)  Data protection – Concern for outsourcing industry  Privacy – Individual’s concern  Increasing Government control/interference
  • 11. PREAMBLE OF THE IT ACT  Purpose behind enacting IT Act –  To provide legal recognition to e-commerce  To facilitate e-governance  To provide remedy to cyber crimes  To provide legal recognition to digital evidence o Preamble doesn’t specify that the Act aims @ establishing IT Security framework in India
  • 12. SECTION 43 – UNAUTHORISED ACCESS  Unauthorised Access  Remedy – Damages by the way of compensation  Amount – Unlimited  What needs to be proved – Amount of damages suffered  Adjudication –  For claims upto Rs. 5 Crores – Adjudicating Officer (IT Secretary of State)  For claims above Rs. 5 Crores – Civil courts
  • 13. If any person without permission of the owner or incharge of a computer Accesses or secures access to a computer Downloads, copies or extracts data Introduces computer contaminant or virus Damages computer Disrupts computer or networkCauses denial of access Provides assistance to facilitate illegal access Charges the services availed of by a person on the account of another person Destroys, deletes, alters , diminishes value or utility or affects injuriously Steals, conceals, destroys or alters computer source code
  • 14. CASES DECIDED U/SEC. 43  Thomas Raju vs. ICICI Bank  Ramdas Pawar vs. ICICI Bank  Saurabh Jain vs. Idea Cellular  Fraudulent transfer of money from petitioners account  Duplicate SIM cards made without document verification  Court is of opinion that bank/cellular company has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access  Bank has not adhered to the RBI circular of July 2010 for 'guidelines on information security, electronic banking and cyber frauds  Idea has issued a SIM based on a fake license and police FIR
  • 15. SEC. 43A – COMPENSATION FOR FAILURE TO PROTECT DATA If a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person Liability – Damages by the way of Compensation – Unlimited damages
  • 16. WHO IS LIABLE? Sec. 85 Company itself, being a legal person Top managemen t including directors and Managers If it is proved that they had knowledge of the contraventio n or they have not used due diligence or that it was caused due to their negligence
  • 17. ISSUES  What is Sensitive Personal data or Information?  What are Reasonable Security Practices and Procedures?
  • 18. SOLUTION  The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011  Enforceable from 11th April, 11  To be read with Sec. 43A
  • 19. SP DI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info SENSITIVE PERSONAL DATA OR INFORMATION Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 20. REASONABLE SECURITY PRACTICES Rule 8 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 An agreement between the parties regarding protection of “Sensitive Personal Information” The International Standard IS/ISO/IEC 27001 – is one of a standard Managerial, technical, operational and physical security control measures commensurate with the information assets and nature of business Implementing comprehensive documented information security programme and policies
  • 21. AUDITING  Necessary to get the codes or procedure certified or audited on regular basis  Needs to be done by the Government Certified Auditor who will be known as “Govt. Certified IT Auditor”  Not appointed yet
  • 23. COLLECTION OF INFORMATION  About obtaining consent of the information provider  Consent in writing through letter/fax/email from the provider of the SPDI regarding purpose of usage before collection of such information  Need to specify –  Fact that SPDI is being collected  What type of SPDI is collected?  How long SPDI will be held? Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 24. COLLECTION OF INFORMATION  Provider should know –  Purpose of collection  Intended recipients  Details of the agency collecting the information and agency retaining the information  Body Corporate not to retain information longer than required  Option should be given to withdraw the information provided  SPDI shall be used only for the purpose for which it has been collected  Shall appoint “Grievance Officer” to address any discrepancies and grievances about information in a timely manner – Max. time – One month
  • 25. PRIVACY POLICY  Policy about handling of SPDI  Shall be published on website or should be available to view/inspect @ any time  Shall provide for –  Type of SPDI collected  Purpose of collection and usage  Clear and easily accessible statements of IT Sec. practices and policies  Statement that the reasonable security practices and procedures as provided under rule 8 have been complied Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 26. DISCLOSURE OF INFORMATION  Disclosure –  Prior permission of provider necessary before disclosure to third party OR  Disclosure clause needs to be specified in the original contract OR  Must be necessary by law  Third party receiving SPDI shall not disclose it further Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 27. TRANSFER OF INFORMATION  Transfer to be made only if it is necessary for performance of lawful contract  Disclosure clause should be a part of Privacy and Disclosure Policy  Transferee to ensure same level of data protection is adhered while and after transfer  Details of transferee should be given to provider Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 28. SEC 72(A) (CRIMINAL OFFENCE)  Punishment for Disclosure of information in breach of lawful contract -  Knowingly or intentionally disclosing “Personal Information" in breach of lawful contract  IMP – Follow contract  Punishment - Imprisonment upto 3 years or fine up to 5 lakh or with both (Cognizable but Bailable)
  • 29. OTHER PROVISIONS U/IT ACT o Section 66E – Punishment for Violation of personal privacy  Popularly known as Voyeurism  Covers acts like hiding cameras in changing rooms, hotel rooms, etc.  Punishment –imprisonment upto 3 years or fine upto Rs. 2 lakh or both oSection 67C – Preservation and retention of information by intermediaries oSection 69 – Power to issue directions for interception or monitoring or decryption of any information through any computer resources. oSection 69A – Power to issue directions for blocking public access to any information through any computer resource oSection 69B – Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security oSection 79 – Intermediary not liable in certain circumstances
  • 30. SOME OF THE GLOBAL LAWS
  • 31. GRAMM–LEACH–BLILEY ACT (GLBA, USA)  Focuses on finance  Safeguards Rule - Disclosure of Nonpublic Personal Information  It requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information.  This plan must include –  Denoting at least one employee to manage the safeguards,  Constructing a thorough risk analysis on each department handling the nonpublic information,  Develop, monitor and test a program to secure the information, and  Change the safeguards as needed with the changes in how information is collected, stored and used
  • 32. THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA, USA)  Focus on economic and national security interests of the United States  Emphasized on “risk-based policy for cost-effective security”  Responsibility attached to federal agencies, NIST and the Office of Management and Budget (OMB) to strengthen information system security  Not mandatory  No penalty for non-compliance
  • 33. DATA PROTECTION DIRECTIVE (EU)  European Union directive regulating the processing of personal data within the EU  Protection of individual’s personal data and its free movement  Coming soon - European Data Protection Regulation  Not mandatory  No penalty for non-compliance
  • 34. OTHER LAWS IN THE US o Children's Internet Protection Act of 2001 (CIPA) o Children's Online Privacy Protection Act of 1998 (COPPA) o Driver's Privacy Protection Act of 1994 o Telephone Consumer Protection Act of 1991 (TCPA) o Video Privacy Protection Act of 1988 o Electronic Communications Privacy Act of 1986 (ECPA) o Privacy Protection Act of 1980 (PPA) o Right to Financial Privacy Act of 1978 (RFPA) o Family Education Rights and Privacy Act of 1974 o Privacy Act of 1974
  • 36. PROTECT YOUR OWN PRIVACY o Understand – the type of personal information you disclose o Always ask – WHY they want it ? HOW will they use it ? WHO will it will be shared with ? Will YOU get access to it ? o Know your rights o Question if you are in doubt
  • 37. IF YOU ARE A COMPANY o Am I complying with Law? o Do you manage (have, use, access, store, obtain, etc.) personal information ? o Am I collecting only the what is REALLY needed and not more ? o Have I differentiated between Sensitive Personal Information and other information? o Do I protect information even during Transit/Process ? o How are you making sure all employees know their responsibilities and rights ? o How will you extend the data privacy protection to your third-parties, vendors ? o What will you do if there is a privacy breach ? o Do you in-house competences to conduct basic investigations ?
  • 38.
  • 39.