Data protection in_india

1,062 views

Published on

Published in: Education, Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,062
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
53
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Data protection in_india

  1. 1. DATA PROTECTION IN INDIA Annamma Samuel
  2. 2. INTRODUCTION <ul><li>Definition of Data </li></ul><ul><li>Unprocessed information </li></ul><ul><li>Organized and communicated in a coherent and meaningful manner </li></ul><ul><li>Data is converted into information and information is converted into knowledge. </li></ul>
  3. 3. <ul><li>Data protection is aimed at protecting the informational privacy of individuals </li></ul><ul><li>database protection protect the creativity and investment put into the compilation, verification and presentation of databases. </li></ul><ul><li>A database can be technically explained as machine readable compilation of information. </li></ul>
  4. 4. <ul><li>The world’s first computer specific statute was enacted in the form of a Data Protection Act, in the German state of Hesse, in 1970. </li></ul>
  5. 5. <ul><li>No specific legislation on private data or information </li></ul><ul><li>Data can be protected through </li></ul><ul><li>Constitution of India </li></ul><ul><li>Information technology Act 2000 </li></ul><ul><li>Database can be protected through </li></ul><ul><li>Copyright Act, 1957 </li></ul><ul><li>Information Technology Act, 2000 </li></ul>
  6. 6. The Information Technology Act, 2000, Sec. 2(1)(o) <ul><li>‘ data’ means a representation of information , knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed , is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. </li></ul>
  7. 7. EXISTING LEGAL FRAMEWORK FOR DATA PROTECTION IN INDIA <ul><li>Indian Contract Act,1872 </li></ul><ul><li>‘ consideration’ </li></ul><ul><li>One firm can bind another so as to refrain from revealing data without authorization, to protect privacy of data, as well as the terms and conditions of the use and processing of data. </li></ul>
  8. 8. The Information Technology Act, 2000 <ul><li>(1) Section 43 deals with penalties for damage to computer, computer system etc.  (2) Section 65 deals with tampering with computer source documents.  (3) Section 66 deals with hacking with computer system. (4) Section 72 deals with penalty for breach of confidentiality and privacy. </li></ul>
  9. 9. IT Amendment Act, 2008 <ul><li>Requires all foreign corporations with offshore Indian service partners to maintain “ reasonable security practices and procedures” when handling “ sensitive personal data ” </li></ul>
  10. 10. Section 43A;Compensation for failure to protect data <ul><li>Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person , such body corporate shall be liable to pay damages by way of compensation, to the person so affected.  </li></ul>
  11. 11. <ul><li>Does not define the phrase reasonable security practices, and procedures.  </li></ul><ul><li>Determined in the following order: </li></ul><ul><li>As defined between the parties by mutual agreement or </li></ul><ul><li>As specified in any law for the time being in force or </li></ul><ul><li>To be specified by the Central Government in consultation with such professional bodies or associations as it may deem fit. </li></ul>
  12. 12. Section 72A <ul><li>Disclosure of information in breach of lawful contract </li></ul><ul><li>any person including an intermediary who; </li></ul><ul><li>while providing services under the terms of lawful contract; </li></ul><ul><li>has secured access to any material containing personal information about another person; </li></ul><ul><li>with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain; </li></ul><ul><li>discloses; </li></ul><ul><li>without the consent of the person concerned, or in breach of a lawful contract; </li></ul><ul><li>such material to any other person; and  </li></ul><ul><li>shall be punished with imprisonment for a term which may extend to three   years, or with a fine which may extend to five lakh rupees, or with both. </li></ul>
  13. 13. LIMITATION <ul><li>Does not address the territorial applicability of these provisions. Therefore it can be safely concluded that when data is transferred outside the territories of India it gets no legal protection. </li></ul>
  14. 14. The US Position: <ul><li>Safe Harbour Principles (SHP)” </li></ul><ul><li>To protect information and its privacy, free flow of information and to promote e-commerce. </li></ul><ul><li>Notice need to be given to the data subject (consumer) explaining the need to collect data </li></ul><ul><li>what it will be used and how will it be used, who will have access to it and how the data will be kept secured </li></ul>
  15. 15. <ul><li>The consumer should be provided access to data and to validate the personal information, or to rectify it, alter it or to delete any erroneous information. </li></ul><ul><li>Every Third Party to whom data is sent should comply with SHP. </li></ul>
  16. 16. THE UK POSITION <ul><li>Data Protection Act, 1998 </li></ul><ul><li>There should be fair and lawful processing of data. </li></ul><ul><li>Data Controllers should ensure that data is used only for lawful and specified purposes and should not carry out any processing which is incompatible with those purposes. </li></ul><ul><li>Data Controller should hold only personal data that is adequate and relevant and not excessive in relation to the purpose for which it is held </li></ul>
  17. 17. <ul><li>All personal data are accurate and up to date. </li></ul><ul><li>Personal data shall not be kept for longer than necessary for the specified purpose or purposes. </li></ul><ul><li>Processing of personal data should be carried out in accordance with the rights of the data subjects under the Act. </li></ul>
  18. 18. <ul><li>Adequate, appropriate, technical and organisational measures should be taken against unauthorised or unlawful processing and accidental loss, destruction or damage to the personal data. </li></ul><ul><li>Data Controllers are obligated not to transfer data to countries that do not have adequate level of data protection. </li></ul>
  19. 19. CASES <ul><li>In June 2005, ‘The Sun’ newspaper claimed that one of its journalists bought personal details including passwords, addresses and passport data from a Delhi IT worker for £4.25 each. </li></ul><ul><li>Call-center employee in Bangalore peddling credit card information to fraudsters who stole US$398,000 from British bank accounts </li></ul>
  20. 20. The Data Security Council of India <ul><li>self-regulatory initiative of NASSCOM </li></ul><ul><li>Enable IT companies to provide a high standard of security and data protection by adopting best practices. </li></ul><ul><li>Develop, monitor and enforce an appropriate security and data protection </li></ul><ul><li>Standard for the Indian IT industry that would be adequate </li></ul><ul><li>Cost effective, adaptable and comparable with global standards. </li></ul>
  21. 21. <ul><li>Build capacity to provide security certification for organizations. </li></ul><ul><li>Create a common platform to promote the sharing of knowledge about </li></ul><ul><li>information security and foster a community of security professionals and firms. </li></ul><ul><li>Create awareness among industry professionals and other stakeholders about security and privacy issues. </li></ul>
  22. 22. National Do Not Call Register <ul><li>Telecom Regulatory Authority of India (TRAI) had taken steps to curb unsolicited commercial calls. </li></ul><ul><li>Subscribers would be called upon to register their telephone numbers free of cost. </li></ul>
  23. 23. THANK YOU

×