National data Protection law India // IT Management Solutions

National data Protection law India

Rights and Data Protection

There is no specific legislation on privacy and data protection in India. However, the Information Technology Act, 2000 (the "Act") contains specific provisions intended to protect electronic data (including non-electronic records or information that have been, are currently or are intended to be processed electronically).

India's IT Ministry adopted the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules ("Privacy Rules"). The Privacy Rules, which took effect in 2011, require corporate entities collecting, processing and storing personal data, including sensitive personal information to comply with certain procedures. It distinguishes both 'personal information' and 'sensitive personal information', as defined below.

In August 2011, India's Ministry of Communications and Information issued a "Press Note" Technology (Clarification on the Privacy Rules), which provided that any Indian outsourcing service provider/organisation providing services relating to collection, storage, dealing or handling of sensitive personal information or personal information under contractual obligation with any legal entity located within or outside India is not subject to collection & disclosure of information requirements, including the consent requirements discussed below, provided that they do not have direct contact with the data subjects ("providers of information") when providing their services.


The Privacy Rules define the term "personal information" as any information that relates to a natural person, which either directly or indirectly, in combination with other information that is available or likely to be available to a corporate entity, is capable of identifying such person.


The Privacy Rules define "sensitive personal data or information" to include the following information relating to:

  • password;
  • financial information e.g. bank account/credit or debit card or other payment instrument details;
  • physical, physiological and mental health condition;
  • sexual orientation;
  • medical records and history;
  • (biometric information;
  • any detail relating to the above clauses as provided to a corporate entity for providing services; and
  • any of the information received under the above clauses for storing or processing under lawful contract or otherwise.

Biometrics means the technologies that measure and analyse human body characteristics, such as 'fingerprints', 'eye retinas and irises', 'voice patterns', 'facial patterns', 'hand measurements' and 'DNA' for authentication purposes.

You might also like

Hey Max

by H_T_D

How to Remotely Wipe a Mac
In an extreme situation, say a Mac is lost or stolen, you can remotely wipe the Mac of all its data and contents with the help of iCloud. Remotely wiping a Mac goes a step further though and not only removes all data from the computer, but locks it down so that it’s unusable without a set passcode, plus displays a message you provide. This is excellent anti-theft protection, and even if you never end up using it, it’s good to know how to do.
With iCloud and iOS 5 or later you can locate, display a message on, remotely lock, or wipe (erase) your iPhone, iPad, iPod touch, or Mac

Samsung Samsung Electronics 840 Pro Series 2.5-Inch 256 GB SATA 6GB/s Solid State Drive MZ-7PD256BW
Personal Computer (Samsung)
  • Experience PC performance you never thought possible
  • Enables you to boot up your computer in as little as 15 seconds
  • Energy efficient - improves battery life by up to 50 minutes
  • Solid-state design provides greater shock protection for data and brushed metal case blocks dust and corrosion
  • Worry-free data security with AES 256-bit full-disk encryption
  • 100-percent genuine Samsung components from the #1 memory manufacturer in the world
  • 4th-generation 3-Core Samsung MDX Controller ensures sustained performance under the most punishing conditions
  • Backed by an industry-leading five-year limited warranty

Scores of blunders sees Norfolk councils breach data laws over confidential ..  — Norfolk Eastern Daily Press
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously. He said in 2012: “There is clearly an underlying problem with data protection in local government.”.

Related Posts

Copyright © . All Rights Reserved