SlideShare a Scribd company logo

Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha

Vijay Dalmia
Vijay Dalmia

REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000

TechnologyEducation
1 of 35
Download to read offline
REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000 By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
INFORMATION TECHNOLOGY ACT, 2000  Enacted in the year 2000 and was implemented w.e.f. 17th October, 2000.  Important features of this Act :  Recognition to e-transactions, digital signatures, electronic records etc. and also recognise their evidentiary value.  Lists out various computer crimes which are technological in nature.  However, this Act, originally, did not contain any provision for data protection.
THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008  The IT Act, 2002 was amended in the year 2008.  Section 43A and Section 72A were added by the amendment Act for protection of personal data and information.  Boththese provisions are penal in nature, civil and criminal respectively.
REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES , 2011  Ministry Of Communications And Information Technology (Department Of Information Technology) promulgated these rules (IT Rules 2011), under Section 87 (2)(ob) read with Section 43A.  IT Rules, 2011 came in force on 11th April, 2011.  Non Compliance of these rules would lead to invocation of Section 43A of The IT Act, 2008 and liability to pay compensation, limits of which have not been fixed.
 SECTION 72A of IT Act 2008.  In addition to the civil liabilities under Section 43 A ◦ Any person, or ◦ Intermediary ◦ Is liable for punishment  Of imprisonment for term which may extend to  *3 years  Or fine up to INR 5,00,000  Or both ◦ For disclosure of information  In breach of lawful contract.  *(Cognizable offence and Bailable) ( as per Section. 77B)
SECTION 43A: COMPENSATION FOR FAILURE TO PROTECT DATA Where a BODY CORPORATE,  possessing, dealing or handling any sensitive personal data or information  in a computer resource which it owns, controls or operates  is negligent in implementing and maintaining reasonable security practices and procedures  and thereby causes wrongful loss or wrongful gain to any person  such body corporate shall be liable to pay damages by way of compensation to the person so affected.
DEFINITION OF BODY CORPORATE SECTION 43 A –Explanation (i) A body corporate would mean: any company and includes:  a firm,  sole proprietorship or  other association of individuals engaged in •commercial or •professional activities.
SENSITIVE PERSONAL DATA OR INFORMATION: RULE 3, IT RULES, 2011 Sensitive personal data or information of a „person‟ means such „personal information‟ which consists of information relating to: 1. Password; 2. Financial information such as:  Bank account or,  Credit card or debit card or,  Other payment instrument details 3. Physical, physiological and mental health condition; 4. Sexual orientation; Contd…
SENSITIVE PERSONAL DATA OR INFORMATION RULE 3 OF THE IT RULES, 2011 5. Biometric information; 6. Any detail relating to the above clauses  as provided to body corporate  for providing service; and 7. Any of the information received under above clauses by body corporate for  processing,  stored or  processed under a lawful contract or otherwise
EXCEPTIONS: Following information is not regarded as sensitive personal data or information: 1. Information freely available or accessible in public domain or, 2. Information furnished under the Right to Information Act, 2005 (RTI) or 3. Information furnished under any other law for the time being in force.
PERSONAL INFORMATION: RULE 2 , IT RULES, 2011  Any information that relates to a  „natural person‟  which either directly or indirectly, in combination with other information available or likely to be available with a body corporate,  is capable of identifying such person.
MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)  Security practices and procedure designed to  protect such information from unauthorized • access, • damages, • use, • modification, • disclosure or • impairment, Contd…
MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii) Contd… as may be specified in :  an agreement between the parties or;  any law for the time being in force; or  in absence of such agreement or law,  such reasonable security practices and procedures,  as may be prescribed by the Central Government.
 Privacy Policy  Consent for collection of data  Collection of data  Use and Retention  Opt Out/Withdrawal  Access and Review of Information  Grievance Mechanism  Limitation on Disclosure of Information  Limitation on Transfer of Information  Reasonable Security Practices and Procedures
PRIVACY POLICY: RULE 4  Body corporate or any person on its behalf ◦ collects, receives, possess, ◦ stores, deals or handles  information of provider of information  Shall provide a privacy policy for  handling of or dealing in  „personal information including sensitive personal data or information‟. Contd…
PRIVACY POLICY: RULE 4 Privacy Policy shall be published on the website and provide:- • Clear and easily accessible statements of its practices and policies; • Type of personal or sensitive personal data or information collected; • Purpose of collection and usage of such information; • Disclosure of information including sensitive personal data or information; • Reasonable security practices and procedures followed by the corporate.
CONSENT RULE 5 (1) o Requires the corporate or any person on its behalf, o before collection of sensitive personal data or information, o to obtain consent in writing through letter or FAX or email from the „provider of the information‟ o regarding purpose of usage of such information.
CONSENT RULE 5(3) Requirements in case of collection of information directly from the person concerned: Steps to ensure that the person concerned is having the knowledge of : o The fact that the information is being collected; o The purpose for which the information is being collected; o The intended recipients of the information; and o The name and address of – ◦ the agency that is collecting the information; and ◦ the agency that will retain the information
PURPOSE OF COLLECTION OF INFORMATION RULE 5 (2) Sensitive personal data or information can be collected only under following two circumstances: 1. For a „lawful purpose‟  connected with a function or activity of the body corporate or any person on it behalf; and 2. Considered „necessary‟ for that purpose
USE AND RETENTION OF INFORMATION USE - RULE 5(5):  The information collected shall be used  only for the purpose for which it has been collected. RETENTION - RULE 5(4)  A body corporate or its representative  must not retain such information for  longer than is required for the purposes for which the information may lawfully be used. OR  as required under any other law in force.
OPT OUT/WITHDRAWAL RULE 5(7) : Requires the body corporate to give the provider of information, an option: 1. prior to the collection of the information, to not provide the data or information sought to be collected 2. of withdrawing his consent given earlier to the body corporate.  Withdrawal shall be sent in writing to the body corporate.  the body corporate shall have the option to not provide goods or services for which the said information was sought.
OPT OUT/WITHDRAWAL  It is noteworthy that, none of the rules talk about obtaining the consent of the person to whom the information relates in case the provider the information is not the person concerned.  For example, where the husband provides the medical information of the wife, consent of the wife is not required as per these rules as she is not the provider of the information. She also does not have the option of opting out as per Rule 5(7).
ACCESS & REVIEW OF INFORMATION RULE 5(6) o Providers of information- permitted- to review the information provided by them- as and when requested by them; o Information- if found to be inaccurate or deficient shall be corrected or amended as feasible. o Body corporate NOT responsible for authenticity of the personal information or sensitive personal data or information as supplied by the provider to the body corporate.
GRIEVANCE REDRESSAL MECHANISM RULE 5(9) o Time bound redressal of any discrepancies and grievances. o Grievance Officer shall be appointed. o Publication of name and contact details of Grievance Officer on website o Redressal of grievances: within one month from the date of receipt of grievance.
LIMITATION ON DISCLOSURE OF INFORMATION RULE 6 Permission of the provider of the information is required before disclosure of information Exceptions: 1. when disclosure is agreed upon in the contract; 2. when disclosure is necessary for compliance of a legal obligation; 3. when disclosure to Government agencies mandated under the law to obtain information. 4. when disclosure to any third party by an order under the law for the time being in force.
LIMITATION ON DISCLOSURE OF INFORMATION RULE 6  Rule 6 also forbids the following: 1. Publication of sensitive personal data or information by body corporate or its representative, 2. Disclosure by third party receiving the sensitive personal data or information from the body corporate.
LIMITATION ON TRANSFER OF INFORMATION RULE 7 Transfer allowed to:  another body corporate or a person  in India, or located in any other country. Transfer is allowed only if : 1. other body corporate or person ensures the same level of data protection that is adhered to by the body corporate as provided under these rules. 2. it is necessary for the performance of the lawful contract between the provider of the information and the corporate receiving the information.
REASONABLE SECURITY PRACTICES AND PROCEDURES RULE 8  Prescribes standard to be adhered to  by a body corporate, receiving the information, ◦ in the absence of an agreement between the parties; ◦ or any law for the time being in force.  One such prescribed standard: The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”.
REASONABLE SECURITY PRACTICES AND PROCEDURES  Any other Security code, if followed shall be : o Duly approved and Notified o by the Central Government o Audited annually by an independent auditor approved by the Central Government.  In the event of an information security breach – demonstration of implementation of security control measures - by the body corporate.
REASONABLE SECURITY PRACTICES AND PROCEDURES  A body corporate or a person on its behalf shall be deemed to have complied with reasonable security practices and procedures if:  They have implemented such security practices and standards, and  Have a  comprehensive documented information security programme; and  information security policies for: managerial, technical, operational and physical security which are proportionate with the information assets being protected with the nature of business.
 IT Act, 2000 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/itbill2000.pdf  IT (Amendment) Act, 2008 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/it_amendment_act2008.pdf  Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011are available at: http://www.mit.gov.in/sites/upload_files/dit/files/GSR313 E_10511(1).pdf
1. What is the likelihood of active enforcement of the new rules? 2. What are the penalties for violations of the new rules? 3. Do the rules apply only to information collected from data subject in India, or do they also apply to information about data subjects located outside India?
 Do the rules apply to uses/disclosure of information that occur outside of India, if the information was originally collected in India?  Do the rules apply to pseudonymized information?  Is the “provider of the information” in Rule 5 referring to the subject, or can this be interpreted as referring to a third party that provides information but who is not the data subject?
 Are there opportunities for further clarification/amendment of the new rules?
THANK YOU Intellectual Property & Information Technology Laws Division New Delhi Mumbai Bangalore Gurgaon Flat # 5-7, 10 Hailey Road, New Delhi, 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext 532 Mobile :- 9810081079 Fax: +91 11 23320484 email:- vpdalmia@vaishlaw.com

Recommended

Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
Altacit Global
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
Vijay Dalmia
 
ARBITRATION AGREEMENT
ARBITRATION AGREEMENTARBITRATION AGREEMENT
ARBITRATION AGREEMENT
Kanoon Ke Rakhwale India
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000
Tirthankar Sutradhar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Integral university, India
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protection
atuljaybhaye
 
FIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptx
FIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptxFIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptx
FIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptx
srikarna235
 
Plea bargaining and its applicability in the Indian System
Plea bargaining and its applicability in the Indian SystemPlea bargaining and its applicability in the Indian System
Plea bargaining and its applicability in the Indian System
Absar Aftab Absar
 

Recommended

Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
Altacit Global
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
Vijay Dalmia
 
ARBITRATION AGREEMENT
ARBITRATION AGREEMENTARBITRATION AGREEMENT
ARBITRATION AGREEMENT
Kanoon Ke Rakhwale India
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000
Tirthankar Sutradhar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Integral university, India
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protection
atuljaybhaye
 
FIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptx
FIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptxFIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptx
FIRST APPEAL - Practice, Procedure & Powers of Appellate Court PPT.pptx
srikarna235
 
Plea bargaining and its applicability in the Indian System
Plea bargaining and its applicability in the Indian SystemPlea bargaining and its applicability in the Indian System
Plea bargaining and its applicability in the Indian System
Absar Aftab Absar
 
Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K Pathak
Dipayan Sarkar
 
Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Anton piller order l6 l7-_20 dec20 2013_jeong cp_Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Nik Nasrun Nazmi
 
Cpc moot 2017
Cpc moot 2017Cpc moot 2017
Cpc moot 2017
Sandeep K Bohra
 
transfer of cases
transfer of casestransfer of cases
transfer of cases
Diganth Raj Sehgal
 
Enforceability of foreign_judgments_and_foreign_awards
Enforceability of foreign_judgments_and_foreign_awardsEnforceability of foreign_judgments_and_foreign_awards
Enforceability of foreign_judgments_and_foreign_awards
LegalServicesDelhi
 
Summary proceedingS- An Overview
Summary proceedingS- An OverviewSummary proceedingS- An Overview
Summary proceedingS- An Overview
Priyanka Agarwal
 
E comm faria-modellaw
E comm faria-modellawE comm faria-modellaw
E comm faria-modellaw
Irene Tan
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
IshitaSrivastava21
 
Extortion
Extortion Extortion
Extortion
Snj SNj
 
Maxims of equity
Maxims of equityMaxims of equity
Maxims of equity
A K DAS's | Law
 
rights of victim Presentation1 saif 3rdsem.pptx
rights of victim Presentation1 saif 3rdsem.pptxrights of victim Presentation1 saif 3rdsem.pptx
rights of victim Presentation1 saif 3rdsem.pptx
OmGod1
 
Immovable Property in Private international Law
Immovable Property in Private international LawImmovable Property in Private international Law
Immovable Property in Private international Law
carolineelias239
 
(1) evidence (overview)
(1) evidence (overview)(1) evidence (overview)
(1) evidence (overview)
Hafizul Mukhlis
 
Categories of General Defence.pptx
Categories of General Defence.pptxCategories of General Defence.pptx
Categories of General Defence.pptx
shailendra gupta
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
Sagar Rahurkar
 
Jurisdiction in cyberspace
Jurisdiction in cyberspaceJurisdiction in cyberspace
Jurisdiction in cyberspace
Dr. Arun Verma
 
Socio-Economic Offences- Nature and Extent.pptx
Socio-Economic Offences- Nature and Extent.pptxSocio-Economic Offences- Nature and Extent.pptx
Socio-Economic Offences- Nature and Extent.pptx
GURSEVSINGH5
 
Cyber law final
Cyber law finalCyber law final
Cyber law final
Kanhaiya Kumar
 
Qso
QsoQso
Qso
Judicial Intellects Academy
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
Vijay Dalmia
 
Log management
Log managementLog management
Log management
epoxxy
 

More Related Content

What's hot

Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K Pathak
Dipayan Sarkar
 
Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Anton piller order l6 l7-_20 dec20 2013_jeong cp_Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Nik Nasrun Nazmi
 
Cpc moot 2017
Cpc moot 2017Cpc moot 2017
Cpc moot 2017
Sandeep K Bohra
 
transfer of cases
transfer of casestransfer of cases
transfer of cases
Diganth Raj Sehgal
 
Enforceability of foreign_judgments_and_foreign_awards
Enforceability of foreign_judgments_and_foreign_awardsEnforceability of foreign_judgments_and_foreign_awards
Enforceability of foreign_judgments_and_foreign_awards
LegalServicesDelhi
 
Summary proceedingS- An Overview
Summary proceedingS- An OverviewSummary proceedingS- An Overview
Summary proceedingS- An Overview
Priyanka Agarwal
 
E comm faria-modellaw
E comm faria-modellawE comm faria-modellaw
E comm faria-modellaw
Irene Tan
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
IshitaSrivastava21
 
Extortion
Extortion Extortion
Extortion
Snj SNj
 
Maxims of equity
Maxims of equityMaxims of equity
Maxims of equity
A K DAS's | Law
 
rights of victim Presentation1 saif 3rdsem.pptx
rights of victim Presentation1 saif 3rdsem.pptxrights of victim Presentation1 saif 3rdsem.pptx
rights of victim Presentation1 saif 3rdsem.pptx
OmGod1
 
Immovable Property in Private international Law
Immovable Property in Private international LawImmovable Property in Private international Law
Immovable Property in Private international Law
carolineelias239
 
(1) evidence (overview)
(1) evidence (overview)(1) evidence (overview)
(1) evidence (overview)
Hafizul Mukhlis
 
Categories of General Defence.pptx
Categories of General Defence.pptxCategories of General Defence.pptx
Categories of General Defence.pptx
shailendra gupta
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
Sagar Rahurkar
 
Jurisdiction in cyberspace
Jurisdiction in cyberspaceJurisdiction in cyberspace
Jurisdiction in cyberspace
Dr. Arun Verma
 
Socio-Economic Offences- Nature and Extent.pptx
Socio-Economic Offences- Nature and Extent.pptxSocio-Economic Offences- Nature and Extent.pptx
Socio-Economic Offences- Nature and Extent.pptx
GURSEVSINGH5
 
Cyber law final
Cyber law finalCyber law final
Cyber law final
Kanhaiya Kumar
 
Qso
QsoQso
Qso
Judicial Intellects Academy
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 

What's hot (20)

Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K Pathak
 
Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Anton piller order l6 l7-_20 dec20 2013_jeong cp_Anton piller order l6 l7-_20 dec20 2013_jeong cp_
Anton piller order l6 l7-_20 dec20 2013_jeong cp_
 
Cpc moot 2017
Cpc moot 2017Cpc moot 2017
Cpc moot 2017
 
transfer of cases
transfer of casestransfer of cases
transfer of cases
 
Enforceability of foreign_judgments_and_foreign_awards
Enforceability of foreign_judgments_and_foreign_awardsEnforceability of foreign_judgments_and_foreign_awards
Enforceability of foreign_judgments_and_foreign_awards
 
Summary proceedingS- An Overview
Summary proceedingS- An OverviewSummary proceedingS- An Overview
Summary proceedingS- An Overview
 
E comm faria-modellaw
E comm faria-modellawE comm faria-modellaw
E comm faria-modellaw
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
 
Extortion
Extortion Extortion
Extortion
 
Maxims of equity
Maxims of equityMaxims of equity
Maxims of equity
 
rights of victim Presentation1 saif 3rdsem.pptx
rights of victim Presentation1 saif 3rdsem.pptxrights of victim Presentation1 saif 3rdsem.pptx
rights of victim Presentation1 saif 3rdsem.pptx
 
Immovable Property in Private international Law
Immovable Property in Private international LawImmovable Property in Private international Law
Immovable Property in Private international Law
 
(1) evidence (overview)
(1) evidence (overview)(1) evidence (overview)
(1) evidence (overview)
 
Categories of General Defence.pptx
Categories of General Defence.pptxCategories of General Defence.pptx
Categories of General Defence.pptx
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Jurisdiction in cyberspace
Jurisdiction in cyberspaceJurisdiction in cyberspace
Jurisdiction in cyberspace
 
Socio-Economic Offences- Nature and Extent.pptx
Socio-Economic Offences- Nature and Extent.pptxSocio-Economic Offences- Nature and Extent.pptx
Socio-Economic Offences- Nature and Extent.pptx
 
Cyber law final
Cyber law finalCyber law final
Cyber law final
 
Qso
QsoQso
Qso
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 

Viewers also liked

Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
Vijay Dalmia
 
Log management
Log managementLog management
Log management
epoxxy
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
primeteacher32
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
primeteacher32
 
types of personal computer
types of personal computertypes of personal computer
types of personal computer
9096308941
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
Aurobindo Nayak
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
Tripwire
 
Types of personal computers
Types of personal computersTypes of personal computers
Types of personal computers
DHANALAKSHMI TALLURI
 
Selected Aspects of Software Development
Selected Aspects of Software DevelopmentSelected Aspects of Software Development
Selected Aspects of Software Development
Haitham El-Ghareeb
 
Cisco ios-cont
Cisco ios-contCisco ios-cont
Cisco ios-cont
Haitham El-Ghareeb
 
Ddd part 2 modelling qiscus
Ddd part 2 modelling qiscusDdd part 2 modelling qiscus
Ddd part 2 modelling qiscus
Hiraq Citra M
 
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentCulture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Emily Robson
 
Veselin word camp-romania-2014
Veselin word camp-romania-2014Veselin word camp-romania-2014
Veselin word camp-romania-2014
Veselin Nikolov
 
Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006
Picture Ohio, LLC
 
More amazing photoshop tut
More amazing photoshop tutMore amazing photoshop tut
More amazing photoshop tut
ShdwClaw
 
Cultural Asset Mapping in Niagara
Cultural Asset Mapping in NiagaraCultural Asset Mapping in Niagara
Cultural Asset Mapping in Niagara
Emily Robson
 
Intellectual property rights in sports in india
Intellectual property rights in sports in indiaIntellectual property rights in sports in india
Intellectual property rights in sports in india
Vijay Dalmia
 
Law of Tele-medicine in India
Law of Tele-medicine in IndiaLaw of Tele-medicine in India
Law of Tele-medicine in India
Vijay Dalmia
 
Guide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in IndiaGuide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in India
Vijay Dalmia
 

Viewers also liked (20)

Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Log management
Log managementLog management
Log management
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
Intrusion Prevention Systems
Intrusion Prevention SystemsIntrusion Prevention Systems
Intrusion Prevention Systems
 
types of personal computer
types of personal computertypes of personal computer
types of personal computer
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
 
Types of personal computers
Types of personal computersTypes of personal computers
Types of personal computers
 
Selected Aspects of Software Development
Selected Aspects of Software DevelopmentSelected Aspects of Software Development
Selected Aspects of Software Development
 
Cisco ios-cont
Cisco ios-contCisco ios-cont
Cisco ios-cont
 
Ddd part 2 modelling qiscus
Ddd part 2 modelling qiscusDdd part 2 modelling qiscus
Ddd part 2 modelling qiscus
 
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-KentCulture, Economy, Community: A Cultural Plan for Chatham-Kent
Culture, Economy, Community: A Cultural Plan for Chatham-Kent
 
Veselin word camp-romania-2014
Veselin word camp-romania-2014Veselin word camp-romania-2014
Veselin word camp-romania-2014
 
Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006Jim Crotty Photography Of Summer 2006
Jim Crotty Photography Of Summer 2006
 
More amazing photoshop tut
More amazing photoshop tutMore amazing photoshop tut
More amazing photoshop tut
 
Cultural Asset Mapping in Niagara
Cultural Asset Mapping in NiagaraCultural Asset Mapping in Niagara
Cultural Asset Mapping in Niagara
 
Intellectual property rights in sports in india
Intellectual property rights in sports in indiaIntellectual property rights in sports in india
Intellectual property rights in sports in india
 
Law of Tele-medicine in India
Law of Tele-medicine in IndiaLaw of Tele-medicine in India
Law of Tele-medicine in India
 
Guide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in IndiaGuide for de mystifying law of trade mark litigation in India
Guide for de mystifying law of trade mark litigation in India
 

Similar to Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha

New Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit KhandelwalNew Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit Khandelwal
amitkhand
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
DaviesParker
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
n|u - The Open Security Community
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
Sagar Rahurkar
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
Ulf Mattsson
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
JakeAldrinDegala1
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
CeresMargaretMangibi
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
ssuser36d167
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Internet Law Center
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
Myron Duncan Burton Betshanger
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
gentlejosh3161
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
Emerson Bryan
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
DaviesParker
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
Mathew Chacko
 
CEU DPA
CEU DPACEU DPA
CEU DPA
BERBERGRACEMARJORIE
 
Data privacy act
Data privacy actData privacy act
Data privacy act
ansherina erika dejan
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
FatmaAkram2
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal Data
Renato Monteiro
 

Similar to Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha (20)

New Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit KhandelwalNew Data Privacy Rules By Amit Khandelwal
New Data Privacy Rules By Amit Khandelwal
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Data privacy act
Data privacy actData privacy act
Data privacy act
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal Data
 

More from Vijay Dalmia

DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxDIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
Vijay Dalmia
 
Enforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsEnforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through Customs
Vijay Dalmia
 
White Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxWhite Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptx
Vijay Dalmia
 
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxTaxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Vijay Dalmia
 
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Vijay Dalmia
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Vijay Dalmia
 
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxPolice Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Vijay Dalmia
 
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocatePolice Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Vijay Dalmia
 
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Vijay Dalmia
 
Sanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actSanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax act
Vijay Dalmia
 
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaGuide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Vijay Dalmia
 
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaIPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
Vijay Dalmia
 
Process of criminal trial in india
Process of criminal trial in indiaProcess of criminal trial in india
Process of criminal trial in india
Vijay Dalmia
 
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaLAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
Vijay Dalmia
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contracts
Vijay Dalmia
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
Vijay Dalmia
 
Ipr enforcement in india
Ipr enforcement in indiaIpr enforcement in india
Ipr enforcement in india
Vijay Dalmia
 
Patent law and Indian perspective
Patent law and Indian perspectivePatent law and Indian perspective
Patent law and Indian perspective
Vijay Dalmia
 
Wills in the indian perspective
Wills in the indian perspectiveWills in the indian perspective
Wills in the indian perspective
Vijay Dalmia
 
Law of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The ConflictLaw of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The Conflict
Vijay Dalmia
 

More from Vijay Dalmia (20)

DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxDIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptx
 
Enforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through CustomsEnforcement Of Intellectual Property Rights Through Customs
Enforcement Of Intellectual Property Rights Through Customs
 
White Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptxWhite Collar Crime by Vijay Pal Dalmia.pptx
White Collar Crime by Vijay Pal Dalmia.pptx
 
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxTaxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptx
 
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...
 
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...
 
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptxPolice Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
Police Remand- Judicial Remand & Default Bail-Vijay Pal Dalmia Advocate.pptx
 
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocatePolice Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
 
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...
 
Sanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax actSanction for prosecution of offences under chapter xii of the income tax act
Sanction for prosecution of offences under chapter xii of the income tax act
 
Guide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaGuide for de-mystifying law of trade mark enfocrement and litigation in india
Guide for de-mystifying law of trade mark enfocrement and litigation in india
 
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaIPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
IPR Enforcement in India through Criminal Measures - By Vijay Pal Dalmia
 
Process of criminal trial in india
Process of criminal trial in indiaProcess of criminal trial in india
Process of criminal trial in india
 
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaLAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal Dalmia
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contracts
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 
Ipr enforcement in india
Ipr enforcement in indiaIpr enforcement in india
Ipr enforcement in india
 
Patent law and Indian perspective
Patent law and Indian perspectivePatent law and Indian perspective
Patent law and Indian perspective
 
Wills in the indian perspective
Wills in the indian perspectiveWills in the indian perspective
Wills in the indian perspective
 
Law of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The ConflictLaw of nutritional and supplement food products in India-The Conflict
Law of nutritional and supplement food products in India-The Conflict
 

Recently uploaded

GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 

Recently uploaded (20)

GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 

Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha

  • 1. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011 Under The (Indian) Information Technology Act, 2000 By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
  • 2. INFORMATION TECHNOLOGY ACT, 2000  Enacted in the year 2000 and was implemented w.e.f. 17th October, 2000.  Important features of this Act :  Recognition to e-transactions, digital signatures, electronic records etc. and also recognise their evidentiary value.  Lists out various computer crimes which are technological in nature.  However, this Act, originally, did not contain any provision for data protection.
  • 3. THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008  The IT Act, 2002 was amended in the year 2008.  Section 43A and Section 72A were added by the amendment Act for protection of personal data and information.  Boththese provisions are penal in nature, civil and criminal respectively.
  • 4. REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES , 2011  Ministry Of Communications And Information Technology (Department Of Information Technology) promulgated these rules (IT Rules 2011), under Section 87 (2)(ob) read with Section 43A.  IT Rules, 2011 came in force on 11th April, 2011.  Non Compliance of these rules would lead to invocation of Section 43A of The IT Act, 2008 and liability to pay compensation, limits of which have not been fixed.
  • 5. SECTION 72A of IT Act 2008.  In addition to the civil liabilities under Section 43 A ◦ Any person, or ◦ Intermediary ◦ Is liable for punishment  Of imprisonment for term which may extend to  *3 years  Or fine up to INR 5,00,000  Or both ◦ For disclosure of information  In breach of lawful contract.  *(Cognizable offence and Bailable) ( as per Section. 77B)
  • 6. SECTION 43A: COMPENSATION FOR FAILURE TO PROTECT DATA Where a BODY CORPORATE,  possessing, dealing or handling any sensitive personal data or information  in a computer resource which it owns, controls or operates  is negligent in implementing and maintaining reasonable security practices and procedures  and thereby causes wrongful loss or wrongful gain to any person  such body corporate shall be liable to pay damages by way of compensation to the person so affected.
  • 7. DEFINITION OF BODY CORPORATE SECTION 43 A –Explanation (i) A body corporate would mean: any company and includes:  a firm,  sole proprietorship or  other association of individuals engaged in •commercial or •professional activities.
  • 8. SENSITIVE PERSONAL DATA OR INFORMATION: RULE 3, IT RULES, 2011 Sensitive personal data or information of a „person‟ means such „personal information‟ which consists of information relating to: 1. Password; 2. Financial information such as:  Bank account or,  Credit card or debit card or,  Other payment instrument details 3. Physical, physiological and mental health condition; 4. Sexual orientation; Contd…
  • 9. SENSITIVE PERSONAL DATA OR INFORMATION RULE 3 OF THE IT RULES, 2011 5. Biometric information; 6. Any detail relating to the above clauses  as provided to body corporate  for providing service; and 7. Any of the information received under above clauses by body corporate for  processing,  stored or  processed under a lawful contract or otherwise
  • 10. EXCEPTIONS: Following information is not regarded as sensitive personal data or information: 1. Information freely available or accessible in public domain or, 2. Information furnished under the Right to Information Act, 2005 (RTI) or 3. Information furnished under any other law for the time being in force.
  • 11. PERSONAL INFORMATION: RULE 2 , IT RULES, 2011  Any information that relates to a  „natural person‟  which either directly or indirectly, in combination with other information available or likely to be available with a body corporate,  is capable of identifying such person.
  • 12. MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii)  Security practices and procedure designed to  protect such information from unauthorized • access, • damages, • use, • modification, • disclosure or • impairment, Contd…
  • 13. MEANING OF REASONABLE SECURITY PRACTICES AND PROCEDURES Section 43, Explanation (ii) Contd… as may be specified in :  an agreement between the parties or;  any law for the time being in force; or  in absence of such agreement or law,  such reasonable security practices and procedures,  as may be prescribed by the Central Government.
  • 14. Privacy Policy  Consent for collection of data  Collection of data  Use and Retention  Opt Out/Withdrawal  Access and Review of Information  Grievance Mechanism  Limitation on Disclosure of Information  Limitation on Transfer of Information  Reasonable Security Practices and Procedures
  • 15. PRIVACY POLICY: RULE 4  Body corporate or any person on its behalf ◦ collects, receives, possess, ◦ stores, deals or handles  information of provider of information  Shall provide a privacy policy for  handling of or dealing in  „personal information including sensitive personal data or information‟. Contd…
  • 16. PRIVACY POLICY: RULE 4 Privacy Policy shall be published on the website and provide:- • Clear and easily accessible statements of its practices and policies; • Type of personal or sensitive personal data or information collected; • Purpose of collection and usage of such information; • Disclosure of information including sensitive personal data or information; • Reasonable security practices and procedures followed by the corporate.
  • 17. CONSENT RULE 5 (1) o Requires the corporate or any person on its behalf, o before collection of sensitive personal data or information, o to obtain consent in writing through letter or FAX or email from the „provider of the information‟ o regarding purpose of usage of such information.
  • 18. CONSENT RULE 5(3) Requirements in case of collection of information directly from the person concerned: Steps to ensure that the person concerned is having the knowledge of : o The fact that the information is being collected; o The purpose for which the information is being collected; o The intended recipients of the information; and o The name and address of – ◦ the agency that is collecting the information; and ◦ the agency that will retain the information
  • 19. PURPOSE OF COLLECTION OF INFORMATION RULE 5 (2) Sensitive personal data or information can be collected only under following two circumstances: 1. For a „lawful purpose‟  connected with a function or activity of the body corporate or any person on it behalf; and 2. Considered „necessary‟ for that purpose
  • 20. USE AND RETENTION OF INFORMATION USE - RULE 5(5):  The information collected shall be used  only for the purpose for which it has been collected. RETENTION - RULE 5(4)  A body corporate or its representative  must not retain such information for  longer than is required for the purposes for which the information may lawfully be used. OR  as required under any other law in force.
  • 21. OPT OUT/WITHDRAWAL RULE 5(7) : Requires the body corporate to give the provider of information, an option: 1. prior to the collection of the information, to not provide the data or information sought to be collected 2. of withdrawing his consent given earlier to the body corporate.  Withdrawal shall be sent in writing to the body corporate.  the body corporate shall have the option to not provide goods or services for which the said information was sought.
  • 22. OPT OUT/WITHDRAWAL  It is noteworthy that, none of the rules talk about obtaining the consent of the person to whom the information relates in case the provider the information is not the person concerned.  For example, where the husband provides the medical information of the wife, consent of the wife is not required as per these rules as she is not the provider of the information. She also does not have the option of opting out as per Rule 5(7).
  • 23. ACCESS & REVIEW OF INFORMATION RULE 5(6) o Providers of information- permitted- to review the information provided by them- as and when requested by them; o Information- if found to be inaccurate or deficient shall be corrected or amended as feasible. o Body corporate NOT responsible for authenticity of the personal information or sensitive personal data or information as supplied by the provider to the body corporate.
  • 24. GRIEVANCE REDRESSAL MECHANISM RULE 5(9) o Time bound redressal of any discrepancies and grievances. o Grievance Officer shall be appointed. o Publication of name and contact details of Grievance Officer on website o Redressal of grievances: within one month from the date of receipt of grievance.
  • 25. LIMITATION ON DISCLOSURE OF INFORMATION RULE 6 Permission of the provider of the information is required before disclosure of information Exceptions: 1. when disclosure is agreed upon in the contract; 2. when disclosure is necessary for compliance of a legal obligation; 3. when disclosure to Government agencies mandated under the law to obtain information. 4. when disclosure to any third party by an order under the law for the time being in force.
  • 26. LIMITATION ON DISCLOSURE OF INFORMATION RULE 6  Rule 6 also forbids the following: 1. Publication of sensitive personal data or information by body corporate or its representative, 2. Disclosure by third party receiving the sensitive personal data or information from the body corporate.
  • 27. LIMITATION ON TRANSFER OF INFORMATION RULE 7 Transfer allowed to:  another body corporate or a person  in India, or located in any other country. Transfer is allowed only if : 1. other body corporate or person ensures the same level of data protection that is adhered to by the body corporate as provided under these rules. 2. it is necessary for the performance of the lawful contract between the provider of the information and the corporate receiving the information.
  • 28. REASONABLE SECURITY PRACTICES AND PROCEDURES RULE 8  Prescribes standard to be adhered to  by a body corporate, receiving the information, ◦ in the absence of an agreement between the parties; ◦ or any law for the time being in force.  One such prescribed standard: The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”.
  • 29. REASONABLE SECURITY PRACTICES AND PROCEDURES  Any other Security code, if followed shall be : o Duly approved and Notified o by the Central Government o Audited annually by an independent auditor approved by the Central Government.  In the event of an information security breach – demonstration of implementation of security control measures - by the body corporate.
  • 30. REASONABLE SECURITY PRACTICES AND PROCEDURES  A body corporate or a person on its behalf shall be deemed to have complied with reasonable security practices and procedures if:  They have implemented such security practices and standards, and  Have a  comprehensive documented information security programme; and  information security policies for: managerial, technical, operational and physical security which are proportionate with the information assets being protected with the nature of business.
  • 31. IT Act, 2000 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/itbill2000.pdf  IT (Amendment) Act, 2008 is available at: http://www.mit.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/it_amendment_act2008.pdf  Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011are available at: http://www.mit.gov.in/sites/upload_files/dit/files/GSR313 E_10511(1).pdf
  • 32. 1. What is the likelihood of active enforcement of the new rules? 2. What are the penalties for violations of the new rules? 3. Do the rules apply only to information collected from data subject in India, or do they also apply to information about data subjects located outside India?
  • 33. Do the rules apply to uses/disclosure of information that occur outside of India, if the information was originally collected in India?  Do the rules apply to pseudonymized information?  Is the “provider of the information” in Rule 5 referring to the subject, or can this be interpreted as referring to a third party that provides information but who is not the data subject?
  • 34. Are there opportunities for further clarification/amendment of the new rules?
  • 35. THANK YOU Intellectual Property & Information Technology Laws Division New Delhi Mumbai Bangalore Gurgaon Flat # 5-7, 10 Hailey Road, New Delhi, 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext 532 Mobile :- 9810081079 Fax: +91 11 23320484 email:- vpdalmia@vaishlaw.com