National data Protection law India

There is no specific legislation on privacy and data protection in India. However, the Information Technology Act, 2000 (the "Act") contains specific provisions intended to protect electronic data (including non-electronic records or information that have been, are currently or are intended to be processed electronically).
India's IT Ministry adopted the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules ("Privacy Rules"). The Privacy Rules, which took effect in 2011, require corporate entities collecting, processing and storing personal data, including sensitive personal information to comply with certain procedures. It distinguishes both 'personal information' and 'sensitive personal information', as defined below.
In August 2011, India's Ministry of Communications and Information issued a "Press Note" Technology (Clarification on the Privacy Rules), which provided that any Indian outsourcing service provider/organisation providing services relating to collection, storage, dealing or handling of sensitive personal information or personal information under contractual obligation with any legal entity located within or outside India is not subject to collection & disclosure of information requirements, including the consent requirements discussed below, provided that they do not have direct contact with the data subjects ("providers of information") when providing their services.
DEFINITION OF PERSONAL DATA
The Privacy Rules define the term "personal information" as any information that relates to a natural person, which either directly or indirectly, in combination with other information that is available or likely to be available to a corporate entity, is capable of identifying such person.
DEFINITION OF SENSITIVE PERSONAL DATA
The Privacy Rules define "sensitive personal data or information" to include the following information relating to:
- password;
- financial information e.g. bank account/credit or debit card or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- (biometric information;
- any detail relating to the above clauses as provided to a corporate entity for providing services; and
- any of the information received under the above clauses for storing or processing under lawful contract or otherwise.
Biometrics means the technologies that measure and analyse human body characteristics, such as 'fingerprints', 'eye retinas and irises', 'voice patterns', 'facial patterns', 'hand measurements' and 'DNA' for authentication purposes.
You might also like
Hey Max
by H_T_D
How to Remotely Wipe a Mac
In an extreme situation, say a Mac is lost or stolen, you can remotely wipe the Mac of all its data and contents with the help of iCloud. Remotely wiping a Mac goes a step further though and not only removes all data from the computer, but locks it down so that its unusable without a set passcode, plus displays a message you provide. This is excellent anti-theft protection, and even if you never end up using it, its good to know how to do.
With iCloud and iOS 5 or later you can locate, display a message on, remotely lock, or wipe (erase) your iPhone, iPad, iPod touch, or Mac
![]() |
Samsung Electronics 840 Pro Series 2.5-Inch 256 GB SATA 6GB/s Solid State Drive MZ-7PD256BW Personal Computer (Samsung)
|
Scores of blunders sees Norfolk councils breach data laws over confidential .. — Norfolk Eastern Daily Press
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously. He said in 2012: “There is clearly an underlying problem with data protection in local government.”.