SlideShare une entreprise Scribd logo

Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha

Vijay Dalmia
Vijay Dalmia

REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000

TechnologieFormation
1  sur  35
Télécharger pour lire hors ligne
REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000 By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
INFORMATION TECHNOLOGY ACT, 2000  Enacted in the year 2000 and was implemented w.e.f. 17th October, 2000.  Important features of this Act :  Recognition to e-transactions, digital signatures, electronic records etc. and also recognise their evidentiary value.  Lists out various computer crimes which are technological in nature.  However, this Act, originally, did not contain any provision for data protection.
THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008  The IT Act, 2002 was amended in the year 2008.  Section 43A and Section 72A were added by the amendment Act for protection of personal data and information.  Boththese provisions are penal in nature, civil and criminal respectively.
REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES , 2011  Ministry Of Communications And Information Technology (Department Of Information Technology) promulgated these rules (IT Rules 2011), under Section 87 (2)(ob) read with Section 43A.  IT Rules, 2011 came in force on 11th April, 2011.  Non Compliance of these rules would lead to invocation of Section 43A of The IT Act, 2008 and liability to pay compensation, limits of which have not been fixed.
 SECTION 72A of IT Act 2008.  In addition to the civil liabilities under Section 43 A ◦ Any person, or ◦ Intermediary ◦ Is liable for punishment  Of imprisonment for term which may extend to  *3 years  Or fine up to INR 5,00,000  Or both ◦ For disclosure of information  In breach of lawful contract.  *(Cognizable offence and Bailable) ( as per Section. 77B)
SECTION 43A: COMPENSATION FOR FAILURE TO PROTECT DATA Where a BODY CORPORATE,  possessing, dealing or handling any sensitive personal data or information  in a computer resource which it owns, controls or operates  is negligent in implementing and maintaining reasonable security practices and procedures  and thereby causes wrongful loss or wrongful gain to any person  such body corporate shall be liable to pay damages by way of compensation to the person so affected.
DEFINITION OF BODY CORPORATE SECTION 43 A –Explanation (i) A body corporate would mean: any company and includes:  a firm,  sole proprietorship or  other association of individuals engaged in •commercial or •professional activities.
SENSITIVE PERSONAL DATA OR INFORMATION: RULE 3, IT RULES, 2011 Sensitive personal data or information of a „person‟ means such „personal information‟ which consists of information relating to: 1. Password; 2. Financial information such as:  Bank account or,  Credit card or debit card or,  Other payment instrument details 3. Physical, physiological and mental health condition; 4. Sexual orientation; Contd…
SENSITIVE PERSONAL DATA OR INFORMATION RULE 3 OF THE IT RULES, 2011 5. Biometric information; 6. Any detail relating to the above clauses  as provided to body corporate  for providing service; and 7. Any of the information received under above clauses by body corporate for  processing,  stored or  processed under a lawful contract or otherwise
EXCEPTIONS: Following information is not regarded as sensitive personal data or information: 1. Information freely available or accessible in public domain or, 2. Information furnished under the Right to Information Act, 2005 (RTI) or 3. Information furnished under any other law for the time being in force.
PERSONAL INFORMATION: RULE 2 , IT RULES, 2011  Any information that relates to a  „natural person‟  which either directly or indirectly, in combination with other information available or likely to be available with a body corporate,  is capable of identifying such person.
MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)  Security practices and procedure designed to  protect such information from unauthorized • access, • damages, • use, • modification, • disclosure or • impairment, Contd…
MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii) Contd… as may be specified in :  an agreement between the parties or;  any law for the time being in force; or  in absence of such agreement or law,  such reasonable security practices and procedures,  as may be prescribed by the Central Government.
 Privacy Policy  Consent for collection of data  Collection of data  Use and Retention  Opt Out/Withdrawal  Access and Review of Information  Grievance Mechanism  Limitation on Disclosure of Information  Limitation on Transfer of Information  Reasonable Security Practices and Procedures
PRIVACY POLICY: RULE 4  Body corporate or any person on its behalf ◦ collects, receives, possess, ◦ stores, deals or handles  information of provider of information  Shall provide a privacy policy for  handling of or dealing in  „personal information including sensitive personal data or information‟. Contd…
PRIVACY POLICY: RULE 4 Privacy Policy shall be published on the website and provide:- • Clear and easily accessible statements of its practices and policies; • Type of personal or sensitive personal data or information collected; • Purpose of collection and usage of such information; • Disclosure of information including sensitive personal data or information; • Reasonable security practices and procedures followed by the corporate.
CONSENT RULE 5 (1) o Requires the corporate or any person on its behalf, o before collection of sensitive personal data or information, o to obtain consent in writing through letter or FAX or email from the „provider of the information‟ o regarding purpose of usage of such information.
CONSENT RULE 5(3) Requirements in case of collection of information directly from the person concerned: Steps to ensure that the person concerned is having the knowledge of : o The fact that the information is being collected; o The purpose for which the information is being collected; o The intended recipients of the information; and o The name and address of – ◦ the agency that is collecting the information; and ◦ the agency that will retain the information
PURPOSE OF COLLECTION OF INFORMATION RULE 5 (2) Sensitive personal data or information can be collected only under following two circumstances: 1. For a „lawful purpose‟  connected with a function or activity of the body corporate or any person on it behalf; and 2. Considered „necessary‟ for that purpose
USE AND RETENTION OF INFORMATION USE - RULE 5(5):  The information collected shall be used  only for the purpose for which it has been collected. RETENTION - RULE 5(4)  A body corporate or its representative  must not retain such information for  longer than is required for the purposes for which the information may lawfully be used. OR  as required under any other law in force.
OPT OUT/WITHDRAWAL RULE 5(7) : Requires the body corporate to give the provider of information, an option: 1. prior to the collection of the information, to not provide the data or information sought to be collected 2. of withdrawing his consent given earlier to the body corporate.  Withdrawal shall be sent in writing to the body corporate.  the body corporate shall have the option to not provide goods or services for which the said information was sought.
OPT OUT/WITHDRAWAL  It is noteworthy that, none of the rules talk about obtaining the consent of the person to whom the information relates in case the provider the information is not the person concerned.  For example, where the husband provides the medical information of the wife, consent of the wife is not required as per these rules as she is not the provider of the information. She also does not have the option of opting out as per Rule 5(7).
ACCESS & REVIEW OF INFORMATION RULE 5(6) o Providers of information- permitted- to review the information provided by them- as and when requested by them; o Information- if found to be inaccurate or deficient shall be corrected or amended as feasible. o Body corporate NOT responsible for authenticity of the personal information or sensitive personal data or information as supplied by the provider to the body corporate.
GRIEVANCE REDRESSAL MECHANISM RULE 5(9) o Time bound redressal of any discrepancies and grievances. o Grievance Officer shall be appointed. o Publication of name and contact details of Grievance Officer on website o Redressal of grievances: within one month from the date of receipt of grievance.
LIMITATION ON DISCLOSURE OF INFORMATION RULE 6 Permission of the provider of the information is required before disclosure of information Exceptions: 1. when disclosure is agreed upon in the contract; 2. when disclosure is necessary for compliance of a legal obligation; 3. when disclosure to Government agencies mandated under the law to obtain information. 4. when disclosure to any third party by an order under the law for the time being in force.
LIMITATION ON DISCLOSURE OF INFORMATION RULE 6  Rule 6 also forbids the following: 1. Publication of sensitive personal data or information by body corporate or its representative, 2. Disclosure by third party receiving the sensitive personal data or information from the body corporate.
LIMITATION ON TRANSFER OF INFORMATION RULE 7 Transfer allowed to:  another body corporate or a person  in India, or located in any other country. Transfer is allowed only if : 1. other body corporate or person ensures the same level of data protection that is adhered to by the body corporate as provided under these rules. 2. it is necessary for the performance of the lawful contract between the provider of the information and the corporate receiving the information.
REASONABLE SECURITY PRACTICES AND PROCEDURES RULE 8  Prescribes standard to be adhered to  by a body corporate, receiving the information, ◦ in the absence of an agreement between the parties; ◦ or any law for the time being in force.  One such prescribed standard: The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”.
REASONABLE SECURITY PRACTICES AND PROCEDURES  Any other Security code, if followed shall be : o Duly approved and Notified o by the Central Government o Audited annually by an independent auditor approved by the Central Government.  In the event of an information security breach – demonstration of implementation of security control measures - by the body corporate.
REASONABLE SECURITY PRACTICES AND PROCEDURES  A body corporate or a person on its behalf shall be deemed to have complied with reasonable security practices and procedures if:  They have implemented such security practices and standards, and  Have a  comprehensive documented information security programme; and  information security policies for: managerial, technical, operational and physical security which are proportionate with the information assets being protected with the nature of business.
 IT Act, 2000 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/itbill2000.pdf  IT (Amendment) Act, 2008 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/it_amendment_act2008.pdf  Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011are available at: http://www.mit.gov.in/sites/upload_files/dit/files/GSR313 E_10511(1).pdf
1. What is the likelihood of active enforcement of the new rules? 2. What are the penalties for violations of the new rules? 3. Do the rules apply only to information collected from data subject in India, or do they also apply to information about data subjects located outside India?
 Do the rules apply to uses/disclosure of information that occur outside of India, if the information was originally collected in India?  Do the rules apply to pseudonymized information?  Is the “provider of the information” in Rule 5 referring to the subject, or can this be interpreted as referring to a third party that provides information but who is not the data subject?
 Are there opportunities for further clarification/amendment of the new rules?
THANK YOU Intellectual Property & Information Technology Laws Division New Delhi Mumbai Bangalore Gurgaon Flat # 5-7, 10 Hailey Road, New Delhi, 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext 532 Mobile :- 9810081079 Fax: +91 11 23320484 email:- vpdalmia@vaishlaw.com

Recommandé

Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDineshPrasad64
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Anti competitive agreements under the competition act
Anti competitive agreements under the competition actAnti competitive agreements under the competition act
Anti competitive agreements under the competition actAltacit Global
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
it act 2000
it act 2000it act 2000
it act 2000virtualatall
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 

Recommandé

Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDineshPrasad64
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Anti competitive agreements under the competition act
Anti competitive agreements under the competition actAnti competitive agreements under the competition act
Anti competitive agreements under the competition actAltacit Global
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
it act 2000
it act 2000it act 2000
it act 2000virtualatall
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Rti Act
Rti ActRti Act
Rti ActSamit Kumar Kapat
 
Competition Act 2002- April 2016,
Competition Act 2002- April 2016,Competition Act 2002- April 2016,
Competition Act 2002- April 2016,Pooja Chetri
 
Dying declaration & Opinions Expert
Dying declaration & Opinions ExpertDying declaration & Opinions Expert
Dying declaration & Opinions ExpertA K DAS's | Law
 
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)MANPREETSINGHPANESAR1
 
RIGHT TO INFORMATION ACT 2005
RIGHT TO INFORMATION ACT 2005RIGHT TO INFORMATION ACT 2005
RIGHT TO INFORMATION ACT 2005anonymous
 
Case study on R.C. Cooper v. Union of India
Case study on R.C. Cooper v. Union of IndiaCase study on R.C. Cooper v. Union of India
Case study on R.C. Cooper v. Union of IndiaSwasti Chaturvedi
 
Sucession laws
Sucession lawsSucession laws
Sucession lawsRadhaKrishna PG
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime conventionmoldovaictsummit2016
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Consumer Protection Act-1986
Consumer Protection Act-1986Consumer Protection Act-1986
Consumer Protection Act-1986Prathamesh Parab
 
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015CS Rahul Sahasrbauddhe
 
Non-Conventional Trademarks in India
Non-Conventional Trademarks in IndiaNon-Conventional Trademarks in India
Non-Conventional Trademarks in IndiaAadya Misra
 
Lecture 4: Relevancy of Admissions & Confessions
Lecture 4: Relevancy of Admissions & ConfessionsLecture 4: Relevancy of Admissions & Confessions
Lecture 4: Relevancy of Admissions & ConfessionsBadrinath Srinivasan
 
The right to information act (rti),
The right to information act (rti),The right to information act (rti),
The right to information act (rti),varunchandok18
 
RIGHT TO INFORMATION IN INDIA
RIGHT TO INFORMATION IN INDIARIGHT TO INFORMATION IN INDIA
RIGHT TO INFORMATION IN INDIADr. Kalpeshkumar L Gupta
 
2
22
2Suman R Suman R
 
Fir & it’s evidentiary value
Fir & it’s evidentiary valueFir & it’s evidentiary value
Fir & it’s evidentiary valueShubham Madaan
 
IT Act 2000 & IT Act 2008
IT Act 2000 & IT Act 2008IT Act 2000 & IT Act 2008
IT Act 2000 & IT Act 2008Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Law arbiration
Law arbirationLaw arbiration
Law arbirationRAJULUCKEY
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Log management
Log managementLog management
Log managementepoxxy
 

Contenu connexe

Tendances

Competition Act 2002- April 2016,
Competition Act 2002- April 2016,Competition Act 2002- April 2016,
Competition Act 2002- April 2016,Pooja Chetri
 
Dying declaration & Opinions Expert
Dying declaration & Opinions ExpertDying declaration & Opinions Expert
Dying declaration & Opinions ExpertA K DAS's | Law
 
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)MANPREETSINGHPANESAR1
 
RIGHT TO INFORMATION ACT 2005
RIGHT TO INFORMATION ACT 2005RIGHT TO INFORMATION ACT 2005
RIGHT TO INFORMATION ACT 2005anonymous
 
Case study on R.C. Cooper v. Union of India
Case study on R.C. Cooper v. Union of IndiaCase study on R.C. Cooper v. Union of India
Case study on R.C. Cooper v. Union of IndiaSwasti Chaturvedi
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Consumer Protection Act-1986
Consumer Protection Act-1986Consumer Protection Act-1986
Consumer Protection Act-1986Prathamesh Parab
 
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015CS Rahul Sahasrbauddhe
 
Non-Conventional Trademarks in India
Non-Conventional Trademarks in IndiaNon-Conventional Trademarks in India
Non-Conventional Trademarks in IndiaAadya Misra
 
Lecture 4: Relevancy of Admissions & Confessions
Lecture 4: Relevancy of Admissions & ConfessionsLecture 4: Relevancy of Admissions & Confessions
Lecture 4: Relevancy of Admissions & ConfessionsBadrinath Srinivasan
 
The right to information act (rti),
The right to information act (rti),The right to information act (rti),
The right to information act (rti),varunchandok18
 
Fir & it’s evidentiary value
Fir & it’s evidentiary valueFir & it’s evidentiary value
Fir & it’s evidentiary valueShubham Madaan
 
Law arbiration
Law arbirationLaw arbiration
Law arbirationRAJULUCKEY
 

Tendances (20)

Rti Act
Rti ActRti Act
Rti Act
 
Competition Act 2002- April 2016,
Competition Act 2002- April 2016,Competition Act 2002- April 2016,
Competition Act 2002- April 2016,
 
Dying declaration & Opinions Expert
Dying declaration & Opinions ExpertDying declaration & Opinions Expert
Dying declaration & Opinions Expert
 
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
 
RIGHT TO INFORMATION ACT 2005
RIGHT TO INFORMATION ACT 2005RIGHT TO INFORMATION ACT 2005
RIGHT TO INFORMATION ACT 2005
 
Case study on R.C. Cooper v. Union of India
Case study on R.C. Cooper v. Union of IndiaCase study on R.C. Cooper v. Union of India
Case study on R.C. Cooper v. Union of India
 
Sucession laws
Sucession lawsSucession laws
Sucession laws
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Consumer Protection Act-1986
Consumer Protection Act-1986Consumer Protection Act-1986
Consumer Protection Act-1986
 
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
SEBI (PROHIBITION OF INSIDER TRADING) REGULATIONS, 2015
 
Non-Conventional Trademarks in India
Non-Conventional Trademarks in IndiaNon-Conventional Trademarks in India
Non-Conventional Trademarks in India
 
Lecture 4: Relevancy of Admissions & Confessions
Lecture 4: Relevancy of Admissions & ConfessionsLecture 4: Relevancy of Admissions & Confessions
Lecture 4: Relevancy of Admissions & Confessions
 
The right to information act (rti),
The right to information act (rti),The right to information act (rti),
The right to information act (rti),
 
RIGHT TO INFORMATION IN INDIA
RIGHT TO INFORMATION IN INDIARIGHT TO INFORMATION IN INDIA
RIGHT TO INFORMATION IN INDIA
 
2
22
2
 
Fir & it’s evidentiary value
Fir & it’s evidentiary valueFir & it’s evidentiary value
Fir & it’s evidentiary value
 
IT Act 2000 & IT Act 2008
IT Act 2000 & IT Act 2008IT Act 2000 & IT Act 2008
IT Act 2000 & IT Act 2008
 
Law arbiration
Law arbirationLaw arbiration
Law arbiration
 

En vedette

Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Log management
Log managementLog management
Log managementepoxxy
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Conceptsprimeteacher32
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systemsprimeteacher32
 
types of personal computer
types of personal computertypes of personal computer
types of personal computer9096308941
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
Selected Aspects of Software Development
Selected Aspects of Software DevelopmentSelected Aspects of Software Development
Selected Aspects of Software DevelopmentHaitham El-Ghareeb
 
Ddd part 2 modelling qiscus
Ddd part 2 modelling qiscusDdd part 2 modelling qiscus
Ddd part 2 modelling qiscusHiraq Citra M
 
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentCulture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentEmily Robson
 
Veselin word camp-romania-2014
Veselin word camp-romania-2014Veselin word camp-romania-2014
Veselin word camp-romania-2014Veselin Nikolov
 
Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Picture Ohio, LLC
 
More amazing photoshop tut
More amazing photoshop tutMore amazing photoshop tut
More amazing photoshop tutShdwClaw
 
Cultural Asset Mapping in Niagara
Cultural Asset Mapping in NiagaraCultural Asset Mapping in Niagara
Cultural Asset Mapping in NiagaraEmily Robson
 
Intellectual property rights in sports in india
Intellectual property rights in sports in indiaIntellectual property rights in sports in india
Intellectual property rights in sports in indiaVijay Dalmia
 
Law of Tele-medicine in India
Law of Tele-medicine in IndiaLaw of Tele-medicine in India
Law of Tele-medicine in IndiaVijay Dalmia
 
Guide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in IndiaGuide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in IndiaVijay Dalmia
 

En vedette (20)

Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Log management
Log managementLog management
Log management
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
 
types of personal computer
types of personal computertypes of personal computer
types of personal computer
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
 
Types of personal computers
Types of personal computersTypes of personal computers
Types of personal computers
 
Selected Aspects of Software Development
Selected Aspects of Software DevelopmentSelected Aspects of Software Development
Selected Aspects of Software Development
 
Cisco ios-cont
Cisco ios-contCisco ios-cont
Cisco ios-cont
 
Ddd part 2 modelling qiscus
Ddd part 2 modelling qiscusDdd part 2 modelling qiscus
Ddd part 2 modelling qiscus
 
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentCulture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
 
Veselin word camp-romania-2014
Veselin word camp-romania-2014Veselin word camp-romania-2014
Veselin word camp-romania-2014
 
Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006
 
More amazing photoshop tut
More amazing photoshop tutMore amazing photoshop tut
More amazing photoshop tut
 
Cultural Asset Mapping in Niagara
Cultural Asset Mapping in NiagaraCultural Asset Mapping in Niagara
Cultural Asset Mapping in Niagara
 
Intellectual property rights in sports in india
Intellectual property rights in sports in indiaIntellectual property rights in sports in india
Intellectual property rights in sports in india
 
Law of Tele-medicine in India
Law of Tele-medicine in IndiaLaw of Tele-medicine in India
Law of Tele-medicine in India
 
Guide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in IndiaGuide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in India
 

Similaire à Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha

Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
New Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit KhandelwalNew Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit Khandelwalamitkhand
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfInternet Law Center
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxgentlejosh3161
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataRenato Monteiro
 

Similaire à Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha (20)

Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
New Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit KhandelwalNew Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit Khandelwal
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Data privacy act
Data privacy actData privacy act
Data privacy act
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal Data
 

Plus de Vijay Dalmia

DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxDIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxVijay Dalmia
 
Enforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsEnforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsVijay Dalmia
 
White Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxWhite Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxVijay Dalmia
 
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxTaxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxVijay Dalmia
 
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Vijay Dalmia
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Vijay Dalmia
 
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxPolice Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxVijay Dalmia
 
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocatePolice Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocateVijay Dalmia
 
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Vijay Dalmia
 
Sanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actSanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actVijay Dalmia
 
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaGuide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaVijay Dalmia
 
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaIPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaVijay Dalmia
 
Process of criminal trial in india
Process of criminal trial in indiaProcess of criminal trial in india
Process of criminal trial in indiaVijay Dalmia
 
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaLAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaVijay Dalmia
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contractsVijay Dalmia
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Ipr enforcement in india
Ipr enforcement in indiaIpr enforcement in india
Ipr enforcement in indiaVijay Dalmia
 
Patent law and Indian perspective
Patent law and Indian perspectivePatent law and Indian perspective
Patent law and Indian perspectiveVijay Dalmia
 
Wills in the indian perspective
Wills in the indian perspectiveWills in the indian perspective
Wills in the indian perspectiveVijay Dalmia
 
Law of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The ConflictLaw of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The ConflictVijay Dalmia
 

Plus de Vijay Dalmia (20)

DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxDIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
 
Enforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsEnforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through Customs
 
White Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxWhite Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptx
 
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxTaxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
 
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
 
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxPolice Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
 
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocatePolice Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
 
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
 
Sanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actSanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax act
 
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaGuide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in india
 
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaIPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
 
Process of criminal trial in india
Process of criminal trial in indiaProcess of criminal trial in india
Process of criminal trial in india
 
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaLAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contracts
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 
Ipr enforcement in india
Ipr enforcement in indiaIpr enforcement in india
Ipr enforcement in india
 
Patent law and Indian perspective
Patent law and Indian perspectivePatent law and Indian perspective
Patent law and Indian perspective
 
Wills in the indian perspective
Wills in the indian perspectiveWills in the indian perspective
Wills in the indian perspective
 
Law of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The ConflictLaw of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The Conflict
 

Dernier

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Dernier (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha

  • 1. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000 By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
  • 2. INFORMATION TECHNOLOGY ACT, 2000  Enacted in the year 2000 and was implemented w.e.f. 17th October, 2000.  Important features of this Act :  Recognition to e-transactions, digital signatures, electronic records etc. and also recognise their evidentiary value.  Lists out various computer crimes which are technological in nature.  However, this Act, originally, did not contain any provision for data protection.
  • 3. THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008  The IT Act, 2002 was amended in the year 2008.  Section 43A and Section 72A were added by the amendment Act for protection of personal data and information.  Boththese provisions are penal in nature, civil and criminal respectively.
  • 4. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES , 2011  Ministry Of Communications And Information Technology (Department Of Information Technology) promulgated these rules (IT Rules 2011), under Section 87 (2)(ob) read with Section 43A.  IT Rules, 2011 came in force on 11th April, 2011.  Non Compliance of these rules would lead to invocation of Section 43A of The IT Act, 2008 and liability to pay compensation, limits of which have not been fixed.
  • 5. SECTION 72A of IT Act 2008.  In addition to the civil liabilities under Section 43 A ◦ Any person, or ◦ Intermediary ◦ Is liable for punishment  Of imprisonment for term which may extend to  *3 years  Or fine up to INR 5,00,000  Or both ◦ For disclosure of information  In breach of lawful contract.  *(Cognizable offence and Bailable) ( as per Section. 77B)
  • 6. SECTION 43A: COMPENSATION FOR FAILURE TO PROTECT DATA Where a BODY CORPORATE,  possessing, dealing or handling any sensitive personal data or information  in a computer resource which it owns, controls or operates  is negligent in implementing and maintaining reasonable security practices and procedures  and thereby causes wrongful loss or wrongful gain to any person  such body corporate shall be liable to pay damages by way of compensation to the person so affected.
  • 7. DEFINITION OF BODY CORPORATE SECTION 43 A –Explanation (i) A body corporate would mean: any company and includes:  a firm,  sole proprietorship or  other association of individuals engaged in •commercial or •professional activities.
  • 8. SENSITIVE PERSONAL DATA OR INFORMATION: RULE 3, IT RULES, 2011 Sensitive personal data or information of a „person‟ means such „personal information‟ which consists of information relating to: 1. Password; 2. Financial information such as:  Bank account or,  Credit card or debit card or,  Other payment instrument details 3. Physical, physiological and mental health condition; 4. Sexual orientation; Contd…
  • 9. SENSITIVE PERSONAL DATA OR INFORMATION RULE 3 OF THE IT RULES, 2011 5. Biometric information; 6. Any detail relating to the above clauses  as provided to body corporate  for providing service; and 7. Any of the information received under above clauses by body corporate for  processing,  stored or  processed under a lawful contract or otherwise
  • 10. EXCEPTIONS: Following information is not regarded as sensitive personal data or information: 1. Information freely available or accessible in public domain or, 2. Information furnished under the Right to Information Act, 2005 (RTI) or 3. Information furnished under any other law for the time being in force.
  • 11. PERSONAL INFORMATION: RULE 2 , IT RULES, 2011  Any information that relates to a  „natural person‟  which either directly or indirectly, in combination with other information available or likely to be available with a body corporate,  is capable of identifying such person.
  • 12. MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)  Security practices and procedure designed to  protect such information from unauthorized • access, • damages, • use, • modification, • disclosure or • impairment, Contd…
  • 13. MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii) Contd… as may be specified in :  an agreement between the parties or;  any law for the time being in force; or  in absence of such agreement or law,  such reasonable security practices and procedures,  as may be prescribed by the Central Government.
  • 14. Privacy Policy  Consent for collection of data  Collection of data  Use and Retention  Opt Out/Withdrawal  Access and Review of Information  Grievance Mechanism  Limitation on Disclosure of Information  Limitation on Transfer of Information  Reasonable Security Practices and Procedures
  • 15. PRIVACY POLICY: RULE 4  Body corporate or any person on its behalf ◦ collects, receives, possess, ◦ stores, deals or handles  information of provider of information  Shall provide a privacy policy for  handling of or dealing in  „personal information including sensitive personal data or information‟. Contd…
  • 16. PRIVACY POLICY: RULE 4 Privacy Policy shall be published on the website and provide:- • Clear and easily accessible statements of its practices and policies; • Type of personal or sensitive personal data or information collected; • Purpose of collection and usage of such information; • Disclosure of information including sensitive personal data or information; • Reasonable security practices and procedures followed by the corporate.
  • 17. CONSENT RULE 5 (1) o Requires the corporate or any person on its behalf, o before collection of sensitive personal data or information, o to obtain consent in writing through letter or FAX or email from the „provider of the information‟ o regarding purpose of usage of such information.
  • 18. CONSENT RULE 5(3) Requirements in case of collection of information directly from the person concerned: Steps to ensure that the person concerned is having the knowledge of : o The fact that the information is being collected; o The purpose for which the information is being collected; o The intended recipients of the information; and o The name and address of – ◦ the agency that is collecting the information; and ◦ the agency that will retain the information
  • 19. PURPOSE OF COLLECTION OF INFORMATION RULE 5 (2) Sensitive personal data or information can be collected only under following two circumstances: 1. For a „lawful purpose‟  connected with a function or activity of the body corporate or any person on it behalf; and 2. Considered „necessary‟ for that purpose
  • 20. USE AND RETENTION OF INFORMATION USE - RULE 5(5):  The information collected shall be used  only for the purpose for which it has been collected. RETENTION - RULE 5(4)  A body corporate or its representative  must not retain such information for  longer than is required for the purposes for which the information may lawfully be used. OR  as required under any other law in force.
  • 21. OPT OUT/WITHDRAWAL RULE 5(7) : Requires the body corporate to give the provider of information, an option: 1. prior to the collection of the information, to not provide the data or information sought to be collected 2. of withdrawing his consent given earlier to the body corporate.  Withdrawal shall be sent in writing to the body corporate.  the body corporate shall have the option to not provide goods or services for which the said information was sought.
  • 22. OPT OUT/WITHDRAWAL  It is noteworthy that, none of the rules talk about obtaining the consent of the person to whom the information relates in case the provider the information is not the person concerned.  For example, where the husband provides the medical information of the wife, consent of the wife is not required as per these rules as she is not the provider of the information. She also does not have the option of opting out as per Rule 5(7).
  • 23. ACCESS & REVIEW OF INFORMATION RULE 5(6) o Providers of information- permitted- to review the information provided by them- as and when requested by them; o Information- if found to be inaccurate or deficient shall be corrected or amended as feasible. o Body corporate NOT responsible for authenticity of the personal information or sensitive personal data or information as supplied by the provider to the body corporate.
  • 24. GRIEVANCE REDRESSAL MECHANISM RULE 5(9) o Time bound redressal of any discrepancies and grievances. o Grievance Officer shall be appointed. o Publication of name and contact details of Grievance Officer on website o Redressal of grievances: within one month from the date of receipt of grievance.
  • 25. LIMITATION ON DISCLOSURE OF INFORMATION RULE 6 Permission of the provider of the information is required before disclosure of information Exceptions: 1. when disclosure is agreed upon in the contract; 2. when disclosure is necessary for compliance of a legal obligation; 3. when disclosure to Government agencies mandated under the law to obtain information. 4. when disclosure to any third party by an order under the law for the time being in force.
  • 26. LIMITATION ON DISCLOSURE OF INFORMATION RULE 6  Rule 6 also forbids the following: 1. Publication of sensitive personal data or information by body corporate or its representative, 2. Disclosure by third party receiving the sensitive personal data or information from the body corporate.
  • 27. LIMITATION ON TRANSFER OF INFORMATION RULE 7 Transfer allowed to:  another body corporate or a person  in India, or located in any other country. Transfer is allowed only if : 1. other body corporate or person ensures the same level of data protection that is adhered to by the body corporate as provided under these rules. 2. it is necessary for the performance of the lawful contract between the provider of the information and the corporate receiving the information.
  • 28. REASONABLE SECURITY PRACTICES AND PROCEDURES RULE 8  Prescribes standard to be adhered to  by a body corporate, receiving the information, ◦ in the absence of an agreement between the parties; ◦ or any law for the time being in force.  One such prescribed standard: The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”.
  • 29. REASONABLE SECURITY PRACTICES AND PROCEDURES  Any other Security code, if followed shall be : o Duly approved and Notified o by the Central Government o Audited annually by an independent auditor approved by the Central Government.  In the event of an information security breach – demonstration of implementation of security control measures - by the body corporate.
  • 30. REASONABLE SECURITY PRACTICES AND PROCEDURES  A body corporate or a person on its behalf shall be deemed to have complied with reasonable security practices and procedures if:  They have implemented such security practices and standards, and  Have a  comprehensive documented information security programme; and  information security policies for: managerial, technical, operational and physical security which are proportionate with the information assets being protected with the nature of business.
  • 31. IT Act, 2000 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/itbill2000.pdf  IT (Amendment) Act, 2008 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/it_amendment_act2008.pdf  Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011are available at: http://www.mit.gov.in/sites/upload_files/dit/files/GSR313 E_10511(1).pdf
  • 32. 1. What is the likelihood of active enforcement of the new rules? 2. What are the penalties for violations of the new rules? 3. Do the rules apply only to information collected from data subject in India, or do they also apply to information about data subjects located outside India?
  • 33. Do the rules apply to uses/disclosure of information that occur outside of India, if the information was originally collected in India?  Do the rules apply to pseudonymized information?  Is the “provider of the information” in Rule 5 referring to the subject, or can this be interpreted as referring to a third party that provides information but who is not the data subject?
  • 34. Are there opportunities for further clarification/amendment of the new rules?
  • 35. THANK YOU Intellectual Property & Information Technology Laws Division New Delhi Mumbai Bangalore Gurgaon Flat # 5-7, 10 Hailey Road, New Delhi, 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext 532 Mobile :- 9810081079 Fax: +91 11 23320484 email:- vpdalmia@vaishlaw.com