SlideShare a Scribd company logo

Reasonable Security Practices and Sensitive Data Rules Explained

Download as PPT, PDF
Vijay Dalmia
Vijay Dalmia

The document summarizes key aspects of data protection law in India. It outlines the Information Technology Act of 2000 and its amendments in 2008 that introduced provisions for protecting personal data. The Ministry of Communications and Information Technology then promulgated the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules in 2011 under these acts. The rules define sensitive personal data and set forth requirements for companies regarding privacy policies, consent, data access, security practices, and more to protect Indian citizens' personal information.

Law
1 of 33
REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000 By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
 Enacted in the year 2000 and was implemented w.e.f. 17th October, 2000.  Important features of this Act :  Recognition to e-transactions, digital signatures, electronic records etc. and also recognise their evidentiary value.  Lists out various computer crimes which are technological in nature.  However, this Act, originally, did not contain any provision for data protection. INFORMATION TECHNOLOGY ACT, 2000
 The IT Act, 2002 was amended in the year 2008.  Section 43A and Section 72A were added by the amendment Act for protection of personal data and information.  Both these provisions are penal in nature, civil and criminal respectively. THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008
 Ministry Of Communications And Information Technology (Department Of Information Technology) promulgated these rules (IT Rules 2011), under Section 87 (2)(ob) read with Section 43A.  IT Rules, 2011 came in force on 11th April, 2011.  The Government has come up with further clarifications w.r.t. these Rules by a Press Note Dated 24th August, 2011 to avoid ambiguities (http://mit.gov.in/sites/upload_files/dit/files/PressNote_25811.pdf)  Non Compliance of these rules would lead to invocation of Section 43A of The IT Act, 2008 and liability to pay compensation, limits of which have not been fixed. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES , 2011
 SECTION 72A of IT Act 2008.  In addition to the civil liabilities under Section 43 A ◦ Any person, or ◦ Intermediary ◦ Is liable for punishment  Of imprisonment for term which may extend to  *3 years  Or fine up to INR 5,00,000  Or both ◦ For disclosure of information  In breach of lawful contract.  *(Cognizable offence and Bailable) ( as per Section. 77B)
Where a BODY CORPORATE,  possessing, dealing or handling any sensitive personal data or information  in a computer resource which it owns, controls or operates  is negligent in implementing and maintaining reasonable security practices and procedures  and thereby causes wrongful loss or wrongful gain to any person  such body corporate shall be liable to pay damages by way of compensation to the person so affected. SECTION 43A: COMPENSATION FOR FAILURE TO PROTECT DATA
A body corporate would mean: any company and includes:  a firm,  sole proprietorship or  other association of individuals engaged in • commercial or • professional activities. DEFINITION OF BODY CORPORATE SECTION 43 A –Explanation (i)
 These Rules are applicable only to sensitive personal data or information.  These Rules are applicable only to the following: ◦ body corporate located within India, or ◦ any person located within India, or ◦ body corporate dealing with the data of any person located within India.
Sensitive personal data or information of a ‘person’ means such ‘personal information’ which consists of information relating to: 1. Password; 2. Financial information such as:  Bank account or,  Credit card or debit card or,  Other payment instrument details 3. Physical, physiological and mental health condition; 4. Sexual orientation; Contd… SENSITIVE PERSONAL DATA OR INFORMATION: RULE 3, IT RULES, 2011
5. Biometric information; 6. Any detail relating to the above clauses  as provided to body corporate  for providing service; and 7. Any of the information received under above clauses by body corporate for  processing,  stored or  processed under a lawful contract or otherwise SENSITIVE PERSONAL DATA OR INFORMATION RULE 3 OF THE IT RULES, 2011
Following information is not regarded as sensitive personal data or information: 1. Information freely available or accessible in public domain or, 2. Information furnished under the Right to Information Act, 2005 (RTI) or 3. Information furnished under any other law for the time being in force. EXCEPTIONS:
 Any information that relates to a  ‘natural person’  which either directly or indirectly, in combination with other information available or likely to be available with a body corporate,  is capable of identifying such person. PERSONAL INFORMATION: RULE 2 , IT RULES, 2011
 Security practices and procedure designed to  protect such information from unauthorized • access, • damages, • use, • modification, • disclosure or • impairment, Contd… MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)
Contd… as may be specified in :  an agreement between the parties or;  any law for the time being in force; or  in absence of such agreement or law, such reasonable security practices and procedures,  as may be prescribed by the Central Government. MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)
 Privacy Policy  Consent for collection of data  Collection of data  Use and Retention  Opt Out/Withdrawal  Access and Review of Information  Grievance Mechanism  Limitation on Disclosure of Information  Limitation on Transfer of Information  Reasonable Security Practices and Procedures
 Body corporate or any person on its behalf ◦ collects, receives, possess, ◦ stores, deals or handles  information of provider of information ◦ Providers of information, are those natural persons who provide sensitive personal data or information to a body corporate.  Shall provide a privacy policy for handling of or dealing in ‘sensitive personal data or information’. Contd… PRIVACY POLICY: RULE 4
Privacy Policy shall be published on the website and provide:- • Clear and easily accessible statements of its practices and policies; • Type of personal or sensitive personal data or information collected; • Purpose of collection and usage of such information; • Disclosure of information including sensitive personal data or information; • Reasonable security practices and procedures followed by the corporate. PRIVACY POLICY: RULE 4
 Any such body corporate providing services relating to collection, storage, dealing or handling of sensitive personal data or information under contractual obligation with ◦ any legal entity located within or outside India is not subject to the requirement of Rules 5 & 6.  This above exemption is mainly applicable to Data Collection Agencies. Exception  However, Body corporate, providing services to the provider of information under a contractual obligation directly with them, as the case may be, is subject to Rules 5 & 6.
RULE 5 (1) o Requires the corporate or any person on its behalf, o before collection of sensitive personal data or information, o to obtain consent in writing through any mode of electronic communication including letter or FAX or email from the ‘provider of the information’ o regarding purpose of usage of such information. CONSENT
RULE 5(3) Requirements in case of collection of information directly from the person concerned: Steps to ensure that the person concerned is having the knowledge of : o The fact that the information is being collected; o The purpose for which the information is being collected; o The intended recipients of the information; and o The name and address of – ◦ the agency that is collecting the information; and ◦ the agency that will retain the information CONSENT
RULE 5 (2) Sensitive personal data or information can be collected only under following two circumstances: 1. For a ‘lawful purpose’  connected with a function or activity of the body corporate or any person on it behalf; and 1. Considered ‘necessary’ for that purpose PURPOSE OF COLLECTION OF INFORMATION
USE - RULE 5(5):  The information collected shall be used  only for the purpose for which it has been collected. RETENTION - RULE 5(4)  A body corporate or its representative  must not retain such information for  longer than is required for the purposes for which the information may lawfully be used. OR  as required under any other law in force. USE AND RETENTION OF INFORMATION
RULE 5(7) : Requires the body corporate to give the provider of information, an option: 1. prior to the collection of the information, to not provide the data or information sought to be collected 2. of withdrawing his consent given earlier to the body corporate.  Withdrawal shall be sent in writing to the body corporate.  the body corporate shall have the option to not provide goods or services for which the said information was sought. OPT OUT/WITHDRAWAL
RULE 5(6) o Providers of information- permitted- to review the information provided by them- as and when requested by them; o Information- if found to be inaccurate or deficient shall be corrected or amended as feasible. o Body corporate NOT responsible for authenticity of the personal information or sensitive personal data or information as supplied by the provider to the body corporate. ACCESS & REVIEW OF INFORMATION
RULE 5(9) o Time bound redressal of any discrepancies and grievances. o Grievance Officer shall be appointed. o Publication of name and contact details of Grievance Officer on website o Redressal of grievances: within one month from the date of receipt of grievance. GRIEVANCE REDRESSAL MECHANISM
RULE 6 Permission of the provider of the information is required before disclosure of information Exceptions: 1. when disclosure is agreed upon in the contract; 2. when disclosure is necessary for compliance of a legal obligation; 3. when disclosure to Government agencies mandated under the law to obtain information. 4. when disclosure to any third party by an order under the law for the time being in force. LIMITATION ON DISCLOSURE OF INFORMATION
RULE 6  Rule 6 also forbids the following: 1. Publication of sensitive personal data or information by body corporate or its representative, 2. Disclosure by third party receiving the sensitive personal data or information from the body corporate. LIMITATION ON DISCLOSURE OF INFORMATION
RULE 7 Transfer allowed to:  another body corporate or a person  in India, or located in any other country. Transfer is allowed only if : 1. other body corporate or person ensures the same level of data protection that is adhered to by the body corporate as provided under these rules. 2. it is necessary for the performance of the lawful contract between the provider of the information and the corporate receiving the information. LIMITATION ON TRANSFER OF INFORMATION
RULE 8  Prescribes standard to be adhered to  by a body corporate, receiving the information, ◦ in the absence of an agreement between the parties; ◦ or any law for the time being in force.  One such prescribed standard: The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”. REASONABLE SECURITY PRACTICES AND PROCEDURES
 Any other Security code, if followed shall be : o Duly approved and Notified o by the Central Government o Audited annually by an independent auditor approved by the Central Government.  In the event of an information security breach – demonstration of implementation of security control measures - by the body corporate. REASONABLE SECURITY PRACTICES AND PROCEDURES
 A body corporate or a person on its behalf shall be deemed to have complied with reasonable security practices and procedures if:  They have implemented such security practices and standards, and  Have a  comprehensive documented information security programme; and  information security policies for: managerial, technical, operational and physical security which are proportionate with the information assets being protected with the nature of business. REASONABLE SECURITY PRACTICES AND PROCEDURES
 IT Act, 2000 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/itbill200 0.pdf  IT (Amendment) Act, 2008 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/it_ame ndment_act2008.pdf  Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011are available at: http://www.mit.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf  Clarification on Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 under section 43A of the Information Technology Act, 2000  http://mit.gov.in/sites/upload_files/dit/files/PressNote_25811.pdf
THANK YOUTHANK YOU Vaish Associates Advocates Celebrating 43 years of professional excellence 1st & 11th Floors Mohan Dev Building 13, Tolstoy Marg New Delhiǀ ǀ ǀ 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 (Board) Mobile: +91 9810081079 Fax: +91 11 23320484 Email: vpdalmia@vaishlaw.com www.vaishlaw.com Intellectual Property & Information Technology Laws Division New Delhi Mumbai Bangalore Gurgaon

Recommended

Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Dr. Prashant Vats
 
trademark issues in cyberspace
trademark issues in cyberspace trademark issues in cyberspace
trademark issues in cyberspacePanjab University
 
Cyber law/Business law
Cyber law/Business lawCyber law/Business law
Cyber law/Business lawshrinivas kulkarni
 
Electronic governance
Electronic governanceElectronic governance
Electronic governanceVibhor Agarwal
 
Unit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxUnit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxParasSehgal12
 
Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Nanda Mohan Shenoy
 

Recommended

Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Dr. Prashant Vats
 
trademark issues in cyberspace
trademark issues in cyberspace trademark issues in cyberspace
trademark issues in cyberspacePanjab University
 
Cyber law/Business law
Cyber law/Business lawCyber law/Business law
Cyber law/Business lawshrinivas kulkarni
 
Electronic governance
Electronic governanceElectronic governance
Electronic governanceVibhor Agarwal
 
Unit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxUnit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxParasSehgal12
 
Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Nanda Mohan Shenoy
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
E contracting in india
E contracting in indiaE contracting in india
E contracting in indiaatuljaybhaye
 
Jurisdictional Issues In Internet Disputes
Jurisdictional Issues In Internet DisputesJurisdictional Issues In Internet Disputes
Jurisdictional Issues In Internet DisputesTalwant Singh
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime conventionmoldovaictsummit2016
 
CONSUMER PROTECTION AND CYBER SAFTEY
CONSUMER PROTECTION AND CYBER SAFTEYCONSUMER PROTECTION AND CYBER SAFTEY
CONSUMER PROTECTION AND CYBER SAFTEYAtharvaKrishnaSingh
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Legal Ethics and Court Crafts
Legal Ethics and Court Crafts Legal Ethics and Court Crafts
Legal Ethics and Court Crafts cpjcollege
 
Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesSneha J Chouhan
 
Cyber law
Cyber lawCyber law
Cyber lawArnab Roy Chowdhury
 
Order XXI CPC, Attachment of property under Execution Proceedings PPT
Order XXI CPC, Attachment of property under Execution Proceedings PPTOrder XXI CPC, Attachment of property under Execution Proceedings PPT
Order XXI CPC, Attachment of property under Execution Proceedings PPTAMITY UNIVERSITY RAJASTHAN
 
Online Dispute Resolution system
Online Dispute Resolution systemOnline Dispute Resolution system
Online Dispute Resolution systemRitu Gautam
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crimeIshitaSrivastava21
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
Code of civil procedure 1908 reference, review, revision
Code of civil procedure 1908 reference, review, revisionCode of civil procedure 1908 reference, review, revision
Code of civil procedure 1908 reference, review, revisionDr. Vikas Khakare
 
Roots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRoots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRahul Gurnani
 
Cyber law & Intellectual property issues
Cyber law & Intellectual property issuesCyber law & Intellectual property issues
Cyber law & Intellectual property issuesatuljaybhaye
 
IT act 2000
IT act 2000 IT act 2000
IT act 2000 PAYAL SINHA
 
Code of civil procedure 1908 incidental proceedings
Code of civil procedure 1908 incidental proceedingsCode of civil procedure 1908 incidental proceedings
Code of civil procedure 1908 incidental proceedingsDr. Vikas Khakare
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
Give a brief account of development of legal
Give a brief account of development of legalGive a brief account of development of legal
Give a brief account of development of legalCheshta Sharma
 

More Related Content

What's hot

E contracting in india
E contracting in indiaE contracting in india
E contracting in indiaatuljaybhaye
 
Jurisdictional Issues In Internet Disputes
Jurisdictional Issues In Internet DisputesJurisdictional Issues In Internet Disputes
Jurisdictional Issues In Internet DisputesTalwant Singh
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
CONSUMER PROTECTION AND CYBER SAFTEY
CONSUMER PROTECTION AND CYBER SAFTEYCONSUMER PROTECTION AND CYBER SAFTEY
CONSUMER PROTECTION AND CYBER SAFTEYAtharvaKrishnaSingh
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Legal Ethics and Court Crafts
Legal Ethics and Court Crafts Legal Ethics and Court Crafts
Legal Ethics and Court Crafts cpjcollege
 
Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesSneha J Chouhan
 
Order XXI CPC, Attachment of property under Execution Proceedings PPT
Order XXI CPC, Attachment of property under Execution Proceedings PPTOrder XXI CPC, Attachment of property under Execution Proceedings PPT
Order XXI CPC, Attachment of property under Execution Proceedings PPTAMITY UNIVERSITY RAJASTHAN
 
Online Dispute Resolution system
Online Dispute Resolution systemOnline Dispute Resolution system
Online Dispute Resolution systemRitu Gautam
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crimeIshitaSrivastava21
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
Code of civil procedure 1908 reference, review, revision
Code of civil procedure 1908 reference, review, revisionCode of civil procedure 1908 reference, review, revision
Code of civil procedure 1908 reference, review, revisionDr. Vikas Khakare
 
Roots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRoots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRahul Gurnani
 
Cyber law & Intellectual property issues
Cyber law & Intellectual property issuesCyber law & Intellectual property issues
Cyber law & Intellectual property issuesatuljaybhaye
 
Code of civil procedure 1908 incidental proceedings
Code of civil procedure 1908 incidental proceedingsCode of civil procedure 1908 incidental proceedings
Code of civil procedure 1908 incidental proceedingsDr. Vikas Khakare
 

What's hot (20)

DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
E contracting in india
E contracting in indiaE contracting in india
E contracting in india
 
Jurisdictional Issues In Internet Disputes
Jurisdictional Issues In Internet DisputesJurisdictional Issues In Internet Disputes
Jurisdictional Issues In Internet Disputes
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
 
CONSUMER PROTECTION AND CYBER SAFTEY
CONSUMER PROTECTION AND CYBER SAFTEYCONSUMER PROTECTION AND CYBER SAFTEY
CONSUMER PROTECTION AND CYBER SAFTEY
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)
 
Legal Ethics and Court Crafts
Legal Ethics and Court Crafts Legal Ethics and Court Crafts
Legal Ethics and Court Crafts
 
Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studies
 
Cyber law
Cyber lawCyber law
Cyber law
 
Order XXI CPC, Attachment of property under Execution Proceedings PPT
Order XXI CPC, Attachment of property under Execution Proceedings PPTOrder XXI CPC, Attachment of property under Execution Proceedings PPT
Order XXI CPC, Attachment of property under Execution Proceedings PPT
 
Online Dispute Resolution system
Online Dispute Resolution systemOnline Dispute Resolution system
Online Dispute Resolution system
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
 
Code of civil procedure 1908 reference, review, revision
Code of civil procedure 1908 reference, review, revisionCode of civil procedure 1908 reference, review, revision
Code of civil procedure 1908 reference, review, revision
 
Roots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRoots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRAL
 
Cyber law & Intellectual property issues
Cyber law & Intellectual property issuesCyber law & Intellectual property issues
Cyber law & Intellectual property issues
 
IT act 2000
IT act 2000 IT act 2000
IT act 2000
 
Code of civil procedure 1908 incidental proceedings
Code of civil procedure 1908 incidental proceedingsCode of civil procedure 1908 incidental proceedings
Code of civil procedure 1908 incidental proceedings
 

Viewers also liked

Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
Give a brief account of development of legal
Give a brief account of development of legalGive a brief account of development of legal
Give a brief account of development of legalCheshta Sharma
 
Pertemuan Struktural Desember 2008 Baru
Pertemuan Struktural Desember 2008 BaruPertemuan Struktural Desember 2008 Baru
Pertemuan Struktural Desember 2008 Barupuskesmas mojoagung
 
Adaptive Internal Clock Synchronization
Adaptive Internal Clock SynchronizationAdaptive Internal Clock Synchronization
Adaptive Internal Clock SynchronizationZbigniew Jerzak
 
Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Picture Ohio, LLC
 
20090325 Presentatie Abn Amro E Channels Waw Slideshare
20090325 Presentatie Abn Amro E Channels Waw Slideshare20090325 Presentatie Abn Amro E Channels Waw Slideshare
20090325 Presentatie Abn Amro E Channels Waw SlideshareJorden Lentze
 
Shn Overview Updated 2009 06 P31 36
Shn Overview Updated 2009 06 P31 36Shn Overview Updated 2009 06 P31 36
Shn Overview Updated 2009 06 P31 36joaovox
 
Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30joaovox
 
Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30joaovox
 
Marketing research of the future
Marketing research of the futureMarketing research of the future
Marketing research of the futureKristof De Wulf
 
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentCulture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentEmily Robson
 
Saint valentine’s story
Saint valentine’s storySaint valentine’s story
Saint valentine’s storyanacarietta
 
ThesisXSiena: The Content-Based Publish/Subscribe System
ThesisXSiena: The Content-Based Publish/Subscribe SystemThesisXSiena: The Content-Based Publish/Subscribe System
ThesisXSiena: The Content-Based Publish/Subscribe SystemZbigniew Jerzak
 
Shn, permaculture pilot, 2008 april, 1 10
Shn, permaculture pilot, 2008 april, 1 10Shn, permaculture pilot, 2008 april, 1 10
Shn, permaculture pilot, 2008 april, 1 10joaovox
 
Determining Your Community's Competitive Advantage For The Creative Sector
Determining Your Community's Competitive Advantage For The Creative SectorDetermining Your Community's Competitive Advantage For The Creative Sector
Determining Your Community's Competitive Advantage For The Creative SectorEmily Robson
 
Improve Your Health
Improve Your HealthImprove Your Health
Improve Your Healthhenryvoc
 

Viewers also liked (20)

Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
 
Give a brief account of development of legal
Give a brief account of development of legalGive a brief account of development of legal
Give a brief account of development of legal
 
Contempt of court
Contempt of courtContempt of court
Contempt of court
 
Pertemuan Struktural Desember 2008 Baru
Pertemuan Struktural Desember 2008 BaruPertemuan Struktural Desember 2008 Baru
Pertemuan Struktural Desember 2008 Baru
 
Adaptive Internal Clock Synchronization
Adaptive Internal Clock SynchronizationAdaptive Internal Clock Synchronization
Adaptive Internal Clock Synchronization
 
Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006
 
Integration
IntegrationIntegration
Integration
 
20090325 Presentatie Abn Amro E Channels Waw Slideshare
20090325 Presentatie Abn Amro E Channels Waw Slideshare20090325 Presentatie Abn Amro E Channels Waw Slideshare
20090325 Presentatie Abn Amro E Channels Waw Slideshare
 
Shn Overview Updated 2009 06 P31 36
Shn Overview Updated 2009 06 P31 36Shn Overview Updated 2009 06 P31 36
Shn Overview Updated 2009 06 P31 36
 
Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30
 
Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30Shn, permaculture pilot, 2008 april, 21 30
Shn, permaculture pilot, 2008 april, 21 30
 
Marketing research of the future
Marketing research of the futureMarketing research of the future
Marketing research of the future
 
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentCulture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
 
Saint valentine’s story
Saint valentine’s storySaint valentine’s story
Saint valentine’s story
 
ThesisXSiena: The Content-Based Publish/Subscribe System
ThesisXSiena: The Content-Based Publish/Subscribe SystemThesisXSiena: The Content-Based Publish/Subscribe System
ThesisXSiena: The Content-Based Publish/Subscribe System
 
Shn, permaculture pilot, 2008 april, 1 10
Shn, permaculture pilot, 2008 april, 1 10Shn, permaculture pilot, 2008 april, 1 10
Shn, permaculture pilot, 2008 april, 1 10
 
Determining Your Community's Competitive Advantage For The Creative Sector
Determining Your Community's Competitive Advantage For The Creative SectorDetermining Your Community's Competitive Advantage For The Creative Sector
Determining Your Community's Competitive Advantage For The Creative Sector
 
Improve Your Health
Improve Your HealthImprove Your Health
Improve Your Health
 
Milieu
MilieuMilieu
Milieu
 
Milieu
MilieuMilieu
Milieu
 

Similar to Reasonable Security Practices and Sensitive Data Rules Explained

New Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit KhandelwalNew Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit Khandelwalamitkhand
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfInternet Law Center
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Data protection
Data protectionData protection
Data protectionjayne45
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 

Similar to Reasonable Security Practices and Sensitive Data Rules Explained (20)

New Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit KhandelwalNew Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit Khandelwal
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
Data privacy act
Data privacy actData privacy act
Data privacy act
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
Data protection
Data protectionData protection
Data protection
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 

More from Vijay Dalmia

DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxDIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxVijay Dalmia
 
Enforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsEnforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsVijay Dalmia
 
White Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxWhite Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxVijay Dalmia
 
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxTaxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxVijay Dalmia
 
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Vijay Dalmia
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Vijay Dalmia
 
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxPolice Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxVijay Dalmia
 
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocatePolice Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocateVijay Dalmia
 
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Vijay Dalmia
 
Sanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actSanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actVijay Dalmia
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaGuide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaVijay Dalmia
 
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaIPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaVijay Dalmia
 
Process of criminal trial in india
Process of criminal trial in indiaProcess of criminal trial in india
Process of criminal trial in indiaVijay Dalmia
 
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaLAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaVijay Dalmia
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contractsVijay Dalmia
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Ipr enforcement in india
Ipr enforcement in indiaIpr enforcement in india
Ipr enforcement in indiaVijay Dalmia
 
Patent law and Indian perspective
Patent law and Indian perspectivePatent law and Indian perspective
Patent law and Indian perspectiveVijay Dalmia
 
Wills in the indian perspective
Wills in the indian perspectiveWills in the indian perspective
Wills in the indian perspectiveVijay Dalmia
 

More from Vijay Dalmia (20)

DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxDIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
 
Enforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsEnforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through Customs
 
White Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxWhite Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptx
 
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxTaxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
 
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
 
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxPolice Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
 
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocatePolice Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
 
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
 
Sanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actSanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax act
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaGuide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in india
 
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaIPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
 
Process of criminal trial in india
Process of criminal trial in indiaProcess of criminal trial in india
Process of criminal trial in india
 
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaLAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contracts
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 
Ipr enforcement in india
Ipr enforcement in indiaIpr enforcement in india
Ipr enforcement in india
 
Patent law and Indian perspective
Patent law and Indian perspectivePatent law and Indian perspective
Patent law and Indian perspective
 
Wills in the indian perspective
Wills in the indian perspectiveWills in the indian perspective
Wills in the indian perspective
 

Recently uploaded

如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxQUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxnibresliezel23
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
PPT on information technology laws description
PPT on information technology laws descriptionPPT on information technology laws description
PPT on information technology laws descriptionranaanish11062001
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueSkyLaw Professional Corporation
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 

Recently uploaded (20)

如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to Service
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxQUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
PPT on information technology laws description
PPT on information technology laws descriptionPPT on information technology laws description
PPT on information technology laws description
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 

Reasonable Security Practices and Sensitive Data Rules Explained

  • 1. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000 By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
  • 2.  Enacted in the year 2000 and was implemented w.e.f. 17th October, 2000.  Important features of this Act :  Recognition to e-transactions, digital signatures, electronic records etc. and also recognise their evidentiary value.  Lists out various computer crimes which are technological in nature.  However, this Act, originally, did not contain any provision for data protection. INFORMATION TECHNOLOGY ACT, 2000
  • 3.  The IT Act, 2002 was amended in the year 2008.  Section 43A and Section 72A were added by the amendment Act for protection of personal data and information.  Both these provisions are penal in nature, civil and criminal respectively. THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008
  • 4.  Ministry Of Communications And Information Technology (Department Of Information Technology) promulgated these rules (IT Rules 2011), under Section 87 (2)(ob) read with Section 43A.  IT Rules, 2011 came in force on 11th April, 2011.  The Government has come up with further clarifications w.r.t. these Rules by a Press Note Dated 24th August, 2011 to avoid ambiguities (http://mit.gov.in/sites/upload_files/dit/files/PressNote_25811.pdf)  Non Compliance of these rules would lead to invocation of Section 43A of The IT Act, 2008 and liability to pay compensation, limits of which have not been fixed. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES , 2011
  • 5.  SECTION 72A of IT Act 2008.  In addition to the civil liabilities under Section 43 A ◦ Any person, or ◦ Intermediary ◦ Is liable for punishment  Of imprisonment for term which may extend to  *3 years  Or fine up to INR 5,00,000  Or both ◦ For disclosure of information  In breach of lawful contract.  *(Cognizable offence and Bailable) ( as per Section. 77B)
  • 6. Where a BODY CORPORATE,  possessing, dealing or handling any sensitive personal data or information  in a computer resource which it owns, controls or operates  is negligent in implementing and maintaining reasonable security practices and procedures  and thereby causes wrongful loss or wrongful gain to any person  such body corporate shall be liable to pay damages by way of compensation to the person so affected. SECTION 43A: COMPENSATION FOR FAILURE TO PROTECT DATA
  • 7. A body corporate would mean: any company and includes:  a firm,  sole proprietorship or  other association of individuals engaged in • commercial or • professional activities. DEFINITION OF BODY CORPORATE SECTION 43 A –Explanation (i)
  • 8.  These Rules are applicable only to sensitive personal data or information.  These Rules are applicable only to the following: ◦ body corporate located within India, or ◦ any person located within India, or ◦ body corporate dealing with the data of any person located within India.
  • 9. Sensitive personal data or information of a ‘person’ means such ‘personal information’ which consists of information relating to: 1. Password; 2. Financial information such as:  Bank account or,  Credit card or debit card or,  Other payment instrument details 3. Physical, physiological and mental health condition; 4. Sexual orientation; Contd… SENSITIVE PERSONAL DATA OR INFORMATION: RULE 3, IT RULES, 2011
  • 10. 5. Biometric information; 6. Any detail relating to the above clauses  as provided to body corporate  for providing service; and 7. Any of the information received under above clauses by body corporate for  processing,  stored or  processed under a lawful contract or otherwise SENSITIVE PERSONAL DATA OR INFORMATION RULE 3 OF THE IT RULES, 2011
  • 11. Following information is not regarded as sensitive personal data or information: 1. Information freely available or accessible in public domain or, 2. Information furnished under the Right to Information Act, 2005 (RTI) or 3. Information furnished under any other law for the time being in force. EXCEPTIONS:
  • 12.  Any information that relates to a  ‘natural person’  which either directly or indirectly, in combination with other information available or likely to be available with a body corporate,  is capable of identifying such person. PERSONAL INFORMATION: RULE 2 , IT RULES, 2011
  • 13.  Security practices and procedure designed to  protect such information from unauthorized • access, • damages, • use, • modification, • disclosure or • impairment, Contd… MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)
  • 14. Contd… as may be specified in :  an agreement between the parties or;  any law for the time being in force; or  in absence of such agreement or law, such reasonable security practices and procedures,  as may be prescribed by the Central Government. MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)
  • 15.  Privacy Policy  Consent for collection of data  Collection of data  Use and Retention  Opt Out/Withdrawal  Access and Review of Information  Grievance Mechanism  Limitation on Disclosure of Information  Limitation on Transfer of Information  Reasonable Security Practices and Procedures
  • 16.  Body corporate or any person on its behalf ◦ collects, receives, possess, ◦ stores, deals or handles  information of provider of information ◦ Providers of information, are those natural persons who provide sensitive personal data or information to a body corporate.  Shall provide a privacy policy for handling of or dealing in ‘sensitive personal data or information’. Contd… PRIVACY POLICY: RULE 4
  • 17. Privacy Policy shall be published on the website and provide:- • Clear and easily accessible statements of its practices and policies; • Type of personal or sensitive personal data or information collected; • Purpose of collection and usage of such information; • Disclosure of information including sensitive personal data or information; • Reasonable security practices and procedures followed by the corporate. PRIVACY POLICY: RULE 4
  • 18.  Any such body corporate providing services relating to collection, storage, dealing or handling of sensitive personal data or information under contractual obligation with ◦ any legal entity located within or outside India is not subject to the requirement of Rules 5 & 6.  This above exemption is mainly applicable to Data Collection Agencies. Exception  However, Body corporate, providing services to the provider of information under a contractual obligation directly with them, as the case may be, is subject to Rules 5 & 6.
  • 19. RULE 5 (1) o Requires the corporate or any person on its behalf, o before collection of sensitive personal data or information, o to obtain consent in writing through any mode of electronic communication including letter or FAX or email from the ‘provider of the information’ o regarding purpose of usage of such information. CONSENT
  • 20. RULE 5(3) Requirements in case of collection of information directly from the person concerned: Steps to ensure that the person concerned is having the knowledge of : o The fact that the information is being collected; o The purpose for which the information is being collected; o The intended recipients of the information; and o The name and address of – ◦ the agency that is collecting the information; and ◦ the agency that will retain the information CONSENT
  • 21. RULE 5 (2) Sensitive personal data or information can be collected only under following two circumstances: 1. For a ‘lawful purpose’  connected with a function or activity of the body corporate or any person on it behalf; and 1. Considered ‘necessary’ for that purpose PURPOSE OF COLLECTION OF INFORMATION
  • 22. USE - RULE 5(5):  The information collected shall be used  only for the purpose for which it has been collected. RETENTION - RULE 5(4)  A body corporate or its representative  must not retain such information for  longer than is required for the purposes for which the information may lawfully be used. OR  as required under any other law in force. USE AND RETENTION OF INFORMATION
  • 23. RULE 5(7) : Requires the body corporate to give the provider of information, an option: 1. prior to the collection of the information, to not provide the data or information sought to be collected 2. of withdrawing his consent given earlier to the body corporate.  Withdrawal shall be sent in writing to the body corporate.  the body corporate shall have the option to not provide goods or services for which the said information was sought. OPT OUT/WITHDRAWAL
  • 24. RULE 5(6) o Providers of information- permitted- to review the information provided by them- as and when requested by them; o Information- if found to be inaccurate or deficient shall be corrected or amended as feasible. o Body corporate NOT responsible for authenticity of the personal information or sensitive personal data or information as supplied by the provider to the body corporate. ACCESS & REVIEW OF INFORMATION
  • 25. RULE 5(9) o Time bound redressal of any discrepancies and grievances. o Grievance Officer shall be appointed. o Publication of name and contact details of Grievance Officer on website o Redressal of grievances: within one month from the date of receipt of grievance. GRIEVANCE REDRESSAL MECHANISM
  • 26. RULE 6 Permission of the provider of the information is required before disclosure of information Exceptions: 1. when disclosure is agreed upon in the contract; 2. when disclosure is necessary for compliance of a legal obligation; 3. when disclosure to Government agencies mandated under the law to obtain information. 4. when disclosure to any third party by an order under the law for the time being in force. LIMITATION ON DISCLOSURE OF INFORMATION
  • 27. RULE 6  Rule 6 also forbids the following: 1. Publication of sensitive personal data or information by body corporate or its representative, 2. Disclosure by third party receiving the sensitive personal data or information from the body corporate. LIMITATION ON DISCLOSURE OF INFORMATION
  • 28. RULE 7 Transfer allowed to:  another body corporate or a person  in India, or located in any other country. Transfer is allowed only if : 1. other body corporate or person ensures the same level of data protection that is adhered to by the body corporate as provided under these rules. 2. it is necessary for the performance of the lawful contract between the provider of the information and the corporate receiving the information. LIMITATION ON TRANSFER OF INFORMATION
  • 29. RULE 8  Prescribes standard to be adhered to  by a body corporate, receiving the information, ◦ in the absence of an agreement between the parties; ◦ or any law for the time being in force.  One such prescribed standard: The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”. REASONABLE SECURITY PRACTICES AND PROCEDURES
  • 30.  Any other Security code, if followed shall be : o Duly approved and Notified o by the Central Government o Audited annually by an independent auditor approved by the Central Government.  In the event of an information security breach – demonstration of implementation of security control measures - by the body corporate. REASONABLE SECURITY PRACTICES AND PROCEDURES
  • 31.  A body corporate or a person on its behalf shall be deemed to have complied with reasonable security practices and procedures if:  They have implemented such security practices and standards, and  Have a  comprehensive documented information security programme; and  information security policies for: managerial, technical, operational and physical security which are proportionate with the information assets being protected with the nature of business. REASONABLE SECURITY PRACTICES AND PROCEDURES
  • 32.  IT Act, 2000 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/itbill200 0.pdf  IT (Amendment) Act, 2008 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/it_ame ndment_act2008.pdf  Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011are available at: http://www.mit.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf  Clarification on Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 under section 43A of the Information Technology Act, 2000  http://mit.gov.in/sites/upload_files/dit/files/PressNote_25811.pdf
  • 33. THANK YOUTHANK YOU Vaish Associates Advocates Celebrating 43 years of professional excellence 1st & 11th Floors Mohan Dev Building 13, Tolstoy Marg New Delhiǀ ǀ ǀ 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 (Board) Mobile: +91 9810081079 Fax: +91 11 23320484 Email: vpdalmia@vaishlaw.com www.vaishlaw.com Intellectual Property & Information Technology Laws Division New Delhi Mumbai Bangalore Gurgaon