SlideShare a Scribd company logo

Privacy in India: Legal issues

Download as PPTX, PDF
Sagar Rahurkar
Sagar Rahurkar
LawTechnology
1 of 40
PRIVACY IN THE DIGITAL AGE – LEGAL SCENARIO (WITH SPECIFIC REFERENCE TO INDIA)
AGENDA  Privacy  Data Privacy  Different categories/types of Private data  Indian Legal scenario on Privacy  Some of the global laws  Mom’s gyan
PRIVACY  To separate/seclude from the rest  Types –  Personal privacy  Informational  Organizational
WE’LL EXPECT REASONABLE PRIVACY IN LIFE…..BUT THEN…! ….and so many other ways by which we’re being tracked…!
INFORMATION/DATA PRIVACY  Attitude of an organization or individual to determine what data in a computer system can be shared with third parties  Private data is known as –  Personally Identifiable Information (PII)  Personal data  Sensitive Personal Data/Information
PERSONALLY IDENTIFIABLE INFORMATION o US Privacy Laws Information that can be used on its own or with other information to identify, contact, or locate a person, or to identify an individual in context
PERSONAL DATA AND SENSITIVE PERSONAL DATA  Data Protection Act – UK  Personal data - Data relating to a living individual which helps in his identification and includes any expression of opinion him  Sensitive personal data - Personal data consisting of information as to –  the racial or ethnic origin of the data subject,  his political opinions,  his religious/spiritual beliefs  His professional associations,  his physical or mental health or condition,  his sexual life,  the commission or alleged commission by him of any offence, or  any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
SENSITIVE PERSONAL DATA/INFORMATION  The Information Technology Act, 2000 (Amd. 2008) – India SPDI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
INDIA ON PRIVACY  Constitution of India  Art. 19 - Freedom of Speech and Expression  Art. 21 – Right to Life and Personal Liberty  IT Act, 2000 (Amd. 2008)  Data privacy  Personal privacy  Powers of Government
KEY ISSUES  Liability of Company (Sec. 85)  Data protection – Concern for outsourcing industry  Privacy – Individual’s concern  Increasing Government control/interference
PREAMBLE OF THE IT ACT  Purpose behind enacting IT Act –  To provide legal recognition to e-commerce  To facilitate e-governance  To provide remedy to cyber crimes  To provide legal recognition to digital evidence o Preamble doesn’t specify that the Act aims @ establishing IT Security framework in India
SECTION 43 – UNAUTHORISED ACCESS  Unauthorised Access  Remedy – Damages by the way of compensation  Amount – Unlimited  What needs to be proved – Amount of damages suffered  Adjudication –  For claims upto Rs. 5 Crores – Adjudicating Officer (IT Secretary of State)  For claims above Rs. 5 Crores – Civil courts
If any person without permission of the owner or incharge of a computer Accesses or secures access to a computer Downloads, copies or extracts data Introduces computer contaminant or virus Damages computer Disrupts computer or networkCauses denial of access Provides assistance to facilitate illegal access Charges the services availed of by a person on the account of another person Destroys, deletes, alters , diminishes value or utility or affects injuriously Steals, conceals, destroys or alters computer source code
CASES DECIDED U/SEC. 43  Thomas Raju vs. ICICI Bank  Ramdas Pawar vs. ICICI Bank  Saurabh Jain vs. Idea Cellular  Fraudulent transfer of money from petitioners account  Duplicate SIM cards made without document verification  Court is of opinion that bank/cellular company has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access  Bank has not adhered to the RBI circular of July 2010 for 'guidelines on information security, electronic banking and cyber frauds  Idea has issued a SIM based on a fake license and police FIR
SEC. 43A – COMPENSATION FOR FAILURE TO PROTECT DATA If a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person Liability – Damages by the way of Compensation – Unlimited damages
WHO IS LIABLE? Sec. 85 Company itself, being a legal person Top managemen t including directors and Managers If it is proved that they had knowledge of the contraventio n or they have not used due diligence or that it was caused due to their negligence
ISSUES  What is Sensitive Personal data or Information?  What are Reasonable Security Practices and Procedures?
SOLUTION  The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011  Enforceable from 11th April, 11  To be read with Sec. 43A
SP DI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info SENSITIVE PERSONAL DATA OR INFORMATION Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
REASONABLE SECURITY PRACTICES Rule 8 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 An agreement between the parties regarding protection of “Sensitive Personal Information” The International Standard IS/ISO/IEC 27001 – is one of a standard Managerial, technical, operational and physical security control measures commensurate with the information assets and nature of business Implementing comprehensive documented information security programme and policies
AUDITING  Necessary to get the codes or procedure certified or audited on regular basis  Needs to be done by the Government Certified Auditor who will be known as “Govt. Certified IT Auditor”  Not appointed yet
COMPLIANCE POLICIES
COLLECTION OF INFORMATION  About obtaining consent of the information provider  Consent in writing through letter/fax/email from the provider of the SPDI regarding purpose of usage before collection of such information  Need to specify –  Fact that SPDI is being collected  What type of SPDI is collected?  How long SPDI will be held? Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
COLLECTION OF INFORMATION  Provider should know –  Purpose of collection  Intended recipients  Details of the agency collecting the information and agency retaining the information  Body Corporate not to retain information longer than required  Option should be given to withdraw the information provided  SPDI shall be used only for the purpose for which it has been collected  Shall appoint “Grievance Officer” to address any discrepancies and grievances about information in a timely manner – Max. time – One month
PRIVACY POLICY  Policy about handling of SPDI  Shall be published on website or should be available to view/inspect @ any time  Shall provide for –  Type of SPDI collected  Purpose of collection and usage  Clear and easily accessible statements of IT Sec. practices and policies  Statement that the reasonable security practices and procedures as provided under rule 8 have been complied Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
DISCLOSURE OF INFORMATION  Disclosure –  Prior permission of provider necessary before disclosure to third party OR  Disclosure clause needs to be specified in the original contract OR  Must be necessary by law  Third party receiving SPDI shall not disclose it further Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
TRANSFER OF INFORMATION  Transfer to be made only if it is necessary for performance of lawful contract  Disclosure clause should be a part of Privacy and Disclosure Policy  Transferee to ensure same level of data protection is adhered while and after transfer  Details of transferee should be given to provider Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
SEC 72(A) (CRIMINAL OFFENCE)  Punishment for Disclosure of information in breach of lawful contract -  Knowingly or intentionally disclosing “Personal Information" in breach of lawful contract  IMP – Follow contract  Punishment - Imprisonment upto 3 years or fine up to 5 lakh or with both (Cognizable but Bailable)
OTHER PROVISIONS U/IT ACT o Section 66E – Punishment for Violation of personal privacy  Popularly known as Voyeurism  Covers acts like hiding cameras in changing rooms, hotel rooms, etc.  Punishment –imprisonment upto 3 years or fine upto Rs. 2 lakh or both oSection 67C – Preservation and retention of information by intermediaries oSection 69 – Power to issue directions for interception or monitoring or decryption of any information through any computer resources. oSection 69A – Power to issue directions for blocking public access to any information through any computer resource oSection 69B – Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security oSection 79 – Intermediary not liable in certain circumstances
SOME OF THE GLOBAL LAWS
GRAMM–LEACH–BLILEY ACT (GLBA, USA)  Focuses on finance  Safeguards Rule - Disclosure of Nonpublic Personal Information  It requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information.  This plan must include –  Denoting at least one employee to manage the safeguards,  Constructing a thorough risk analysis on each department handling the nonpublic information,  Develop, monitor and test a program to secure the information, and  Change the safeguards as needed with the changes in how information is collected, stored and used
THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA, USA)  Focus on economic and national security interests of the United States  Emphasized on “risk-based policy for cost-effective security”  Responsibility attached to federal agencies, NIST and the Office of Management and Budget (OMB) to strengthen information system security  Not mandatory  No penalty for non-compliance
DATA PROTECTION DIRECTIVE (EU)  European Union directive regulating the processing of personal data within the EU  Protection of individual’s personal data and its free movement  Coming soon - European Data Protection Regulation  Not mandatory  No penalty for non-compliance
OTHER LAWS IN THE US o Children's Internet Protection Act of 2001 (CIPA) o Children's Online Privacy Protection Act of 1998 (COPPA) o Driver's Privacy Protection Act of 1994 o Telephone Consumer Protection Act of 1991 (TCPA) o Video Privacy Protection Act of 1988 o Electronic Communications Privacy Act of 1986 (ECPA) o Privacy Protection Act of 1980 (PPA) o Right to Financial Privacy Act of 1978 (RFPA) o Family Education Rights and Privacy Act of 1974 o Privacy Act of 1974
MOM’S GYAN
PROTECT YOUR OWN PRIVACY o Understand – the type of personal information you disclose o Always ask – WHY they want it ? HOW will they use it ? WHO will it will be shared with ? Will YOU get access to it ? o Know your rights o Question if you are in doubt
IF YOU ARE A COMPANY o Am I complying with Law? o Do you manage (have, use, access, store, obtain, etc.) personal information ? o Am I collecting only the what is REALLY needed and not more ? o Have I differentiated between Sensitive Personal Information and other information? o Do I protect information even during Transit/Process ? o How are you making sure all employees know their responsibilities and rights ? o How will you extend the data privacy protection to your third-parties, vendors ? o What will you do if there is a privacy breach ? o Do you in-house competences to conduct basic investigations ?
GET IN TOUCH PHONE +919623444448 EMAIL CONTACT@SAGARRAHURKAR.COM

Recommended

Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimesatuljaybhaye
 
Privacy and Privacy Law in India By Prashant Mali
Privacy and Privacy Law in India By Prashant MaliPrivacy and Privacy Law in India By Prashant Mali
Privacy and Privacy Law in India By Prashant MaliAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 

Recommended

Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimesatuljaybhaye
 
Privacy and Privacy Law in India By Prashant Mali
Privacy and Privacy Law in India By Prashant MaliPrivacy and Privacy Law in India By Prashant Mali
Privacy and Privacy Law in India By Prashant MaliAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Privacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawPrivacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawNitya Nand Pandey
 
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual GuideAmber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual GuideThe Centre for Internet and Society
 
Right to privacy
Right to privacyRight to privacy
Right to privacyRoopanshi Virang
 
Article 19
Article 19Article 19
Article 19Shivani Sharma
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Right to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewRight to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewjoydev majumdar
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Right to Privacy in the Digital Age-final
Right to Privacy in the Digital Age-finalRight to Privacy in the Digital Age-final
Right to Privacy in the Digital Age-finalGraham Smith
 
Cyber defamtion
Cyber defamtionCyber defamtion
Cyber defamtionYogesh Pandit
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDineshPrasad64
 
Copyright issues in cyberspace
Copyright issues in cyberspaceCopyright issues in cyberspace
Copyright issues in cyberspaceatuljaybhaye
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Article 19 the constitution of india
Article 19 the constitution of indiaArticle 19 the constitution of india
Article 19 the constitution of indiaGaurav Patel
 
IPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTIONIPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTIONR KUMARAVENKATESAN
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 

More Related Content

What's hot

Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Privacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawPrivacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawNitya Nand Pandey
 
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual GuideAmber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual GuideThe Centre for Internet and Society
 
Right to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewRight to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewjoydev majumdar
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Right to Privacy in the Digital Age-final
Right to Privacy in the Digital Age-finalRight to Privacy in the Digital Age-final
Right to Privacy in the Digital Age-finalGraham Smith
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDineshPrasad64
 
Copyright issues in cyberspace
Copyright issues in cyberspaceCopyright issues in cyberspace
Copyright issues in cyberspaceatuljaybhaye
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Article 19 the constitution of india
Article 19 the constitution of indiaArticle 19 the constitution of india
Article 19 the constitution of indiaGaurav Patel
 

What's hot (20)

Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
Privacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawPrivacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other law
 
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual GuideAmber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
Amber Sinha and Pooja Saxena - The Fundamental Right to Privacy - A Visual Guide
 
Right to privacy
Right to privacyRight to privacy
Right to privacy
 
Article 19
Article 19Article 19
Article 19
 
Data protection
Data protectionData protection
Data protection
 
Right to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewRight to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeview
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
Right to Privacy in the Digital Age-final
Right to Privacy in the Digital Age-finalRight to Privacy in the Digital Age-final
Right to Privacy in the Digital Age-final
 
Cyber defamtion
Cyber defamtionCyber defamtion
Cyber defamtion
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptx
 
Copyright issues in cyberspace
Copyright issues in cyberspaceCopyright issues in cyberspace
Copyright issues in cyberspace
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Article 19 the constitution of india
Article 19 the constitution of indiaArticle 19 the constitution of india
Article 19 the constitution of india
 

Viewers also liked

Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Industrial design [compatibility mode]
Industrial design [compatibility mode]Industrial design [compatibility mode]
Industrial design [compatibility mode]Delwin Arikatt
 
Intellectual Property Rights
Intellectual Property RightsIntellectual Property Rights
Intellectual Property Rightsharshhanu
 

Viewers also liked (6)

IPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTIONIPR AND SOFTWARE PROTECTION
IPR AND SOFTWARE PROTECTION
 
Data protection act
Data protection act Data protection act
Data protection act
 
Industrial design [compatibility mode]
Industrial design [compatibility mode]Industrial design [compatibility mode]
Industrial design [compatibility mode]
 
Design act 2000
Design act 2000Design act 2000
Design act 2000
 
Intellectual Property Rights (IPR)
Intellectual Property Rights (IPR)Intellectual Property Rights (IPR)
Intellectual Property Rights (IPR)
 
Intellectual Property Rights
Intellectual Property RightsIntellectual Property Rights
Intellectual Property Rights
 

Similar to Privacy in India: Legal issues

Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11mrmwood
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxStephenQuijano3
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 

Similar to Privacy in India: Legal issues (20)

Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOP
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 

Recently uploaded

PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 

Recently uploaded (20)

PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 

Privacy in India: Legal issues

  • 1. PRIVACY IN THE DIGITAL AGE – LEGAL SCENARIO (WITH SPECIFIC REFERENCE TO INDIA)
  • 2. AGENDA  Privacy  Data Privacy  Different categories/types of Private data  Indian Legal scenario on Privacy  Some of the global laws  Mom’s gyan
  • 3. PRIVACY  To separate/seclude from the rest  Types –  Personal privacy  Informational  Organizational
  • 4. WE’LL EXPECT REASONABLE PRIVACY IN LIFE…..BUT THEN…! ….and so many other ways by which we’re being tracked…!
  • 5. INFORMATION/DATA PRIVACY  Attitude of an organization or individual to determine what data in a computer system can be shared with third parties  Private data is known as –  Personally Identifiable Information (PII)  Personal data  Sensitive Personal Data/Information
  • 6. PERSONALLY IDENTIFIABLE INFORMATION o US Privacy Laws Information that can be used on its own or with other information to identify, contact, or locate a person, or to identify an individual in context
  • 7. PERSONAL DATA AND SENSITIVE PERSONAL DATA  Data Protection Act – UK  Personal data - Data relating to a living individual which helps in his identification and includes any expression of opinion him  Sensitive personal data - Personal data consisting of information as to –  the racial or ethnic origin of the data subject,  his political opinions,  his religious/spiritual beliefs  His professional associations,  his physical or mental health or condition,  his sexual life,  the commission or alleged commission by him of any offence, or  any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
  • 8. SENSITIVE PERSONAL DATA/INFORMATION  The Information Technology Act, 2000 (Amd. 2008) – India SPDI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 9. INDIA ON PRIVACY  Constitution of India  Art. 19 - Freedom of Speech and Expression  Art. 21 – Right to Life and Personal Liberty  IT Act, 2000 (Amd. 2008)  Data privacy  Personal privacy  Powers of Government
  • 10. KEY ISSUES  Liability of Company (Sec. 85)  Data protection – Concern for outsourcing industry  Privacy – Individual’s concern  Increasing Government control/interference
  • 11. PREAMBLE OF THE IT ACT  Purpose behind enacting IT Act –  To provide legal recognition to e-commerce  To facilitate e-governance  To provide remedy to cyber crimes  To provide legal recognition to digital evidence o Preamble doesn’t specify that the Act aims @ establishing IT Security framework in India
  • 12. SECTION 43 – UNAUTHORISED ACCESS  Unauthorised Access  Remedy – Damages by the way of compensation  Amount – Unlimited  What needs to be proved – Amount of damages suffered  Adjudication –  For claims upto Rs. 5 Crores – Adjudicating Officer (IT Secretary of State)  For claims above Rs. 5 Crores – Civil courts
  • 13. If any person without permission of the owner or incharge of a computer Accesses or secures access to a computer Downloads, copies or extracts data Introduces computer contaminant or virus Damages computer Disrupts computer or networkCauses denial of access Provides assistance to facilitate illegal access Charges the services availed of by a person on the account of another person Destroys, deletes, alters , diminishes value or utility or affects injuriously Steals, conceals, destroys or alters computer source code
  • 14. CASES DECIDED U/SEC. 43  Thomas Raju vs. ICICI Bank  Ramdas Pawar vs. ICICI Bank  Saurabh Jain vs. Idea Cellular  Fraudulent transfer of money from petitioners account  Duplicate SIM cards made without document verification  Court is of opinion that bank/cellular company has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access  Bank has not adhered to the RBI circular of July 2010 for 'guidelines on information security, electronic banking and cyber frauds  Idea has issued a SIM based on a fake license and police FIR
  • 15. SEC. 43A – COMPENSATION FOR FAILURE TO PROTECT DATA If a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person Liability – Damages by the way of Compensation – Unlimited damages
  • 16. WHO IS LIABLE? Sec. 85 Company itself, being a legal person Top managemen t including directors and Managers If it is proved that they had knowledge of the contraventio n or they have not used due diligence or that it was caused due to their negligence
  • 17. ISSUES  What is Sensitive Personal data or Information?  What are Reasonable Security Practices and Procedures?
  • 18. SOLUTION  The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011  Enforceable from 11th April, 11  To be read with Sec. 43A
  • 19. SP DI Passw ord Health condition Sexual orientati on Health records Bio- metric s Financ ial info SENSITIVE PERSONAL DATA OR INFORMATION Rule 3 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 20. REASONABLE SECURITY PRACTICES Rule 8 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 An agreement between the parties regarding protection of “Sensitive Personal Information” The International Standard IS/ISO/IEC 27001 – is one of a standard Managerial, technical, operational and physical security control measures commensurate with the information assets and nature of business Implementing comprehensive documented information security programme and policies
  • 21. AUDITING  Necessary to get the codes or procedure certified or audited on regular basis  Needs to be done by the Government Certified Auditor who will be known as “Govt. Certified IT Auditor”  Not appointed yet
  • 23. COLLECTION OF INFORMATION  About obtaining consent of the information provider  Consent in writing through letter/fax/email from the provider of the SPDI regarding purpose of usage before collection of such information  Need to specify –  Fact that SPDI is being collected  What type of SPDI is collected?  How long SPDI will be held? Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 24. COLLECTION OF INFORMATION  Provider should know –  Purpose of collection  Intended recipients  Details of the agency collecting the information and agency retaining the information  Body Corporate not to retain information longer than required  Option should be given to withdraw the information provided  SPDI shall be used only for the purpose for which it has been collected  Shall appoint “Grievance Officer” to address any discrepancies and grievances about information in a timely manner – Max. time – One month
  • 25. PRIVACY POLICY  Policy about handling of SPDI  Shall be published on website or should be available to view/inspect @ any time  Shall provide for –  Type of SPDI collected  Purpose of collection and usage  Clear and easily accessible statements of IT Sec. practices and policies  Statement that the reasonable security practices and procedures as provided under rule 8 have been complied Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 26. DISCLOSURE OF INFORMATION  Disclosure –  Prior permission of provider necessary before disclosure to third party OR  Disclosure clause needs to be specified in the original contract OR  Must be necessary by law  Third party receiving SPDI shall not disclose it further Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 27. TRANSFER OF INFORMATION  Transfer to be made only if it is necessary for performance of lawful contract  Disclosure clause should be a part of Privacy and Disclosure Policy  Transferee to ensure same level of data protection is adhered while and after transfer  Details of transferee should be given to provider Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
  • 28. SEC 72(A) (CRIMINAL OFFENCE)  Punishment for Disclosure of information in breach of lawful contract -  Knowingly or intentionally disclosing “Personal Information" in breach of lawful contract  IMP – Follow contract  Punishment - Imprisonment upto 3 years or fine up to 5 lakh or with both (Cognizable but Bailable)
  • 29. OTHER PROVISIONS U/IT ACT o Section 66E – Punishment for Violation of personal privacy  Popularly known as Voyeurism  Covers acts like hiding cameras in changing rooms, hotel rooms, etc.  Punishment –imprisonment upto 3 years or fine upto Rs. 2 lakh or both oSection 67C – Preservation and retention of information by intermediaries oSection 69 – Power to issue directions for interception or monitoring or decryption of any information through any computer resources. oSection 69A – Power to issue directions for blocking public access to any information through any computer resource oSection 69B – Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security oSection 79 – Intermediary not liable in certain circumstances
  • 30. SOME OF THE GLOBAL LAWS
  • 31. GRAMM–LEACH–BLILEY ACT (GLBA, USA)  Focuses on finance  Safeguards Rule - Disclosure of Nonpublic Personal Information  It requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information.  This plan must include –  Denoting at least one employee to manage the safeguards,  Constructing a thorough risk analysis on each department handling the nonpublic information,  Develop, monitor and test a program to secure the information, and  Change the safeguards as needed with the changes in how information is collected, stored and used
  • 32. THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA, USA)  Focus on economic and national security interests of the United States  Emphasized on “risk-based policy for cost-effective security”  Responsibility attached to federal agencies, NIST and the Office of Management and Budget (OMB) to strengthen information system security  Not mandatory  No penalty for non-compliance
  • 33. DATA PROTECTION DIRECTIVE (EU)  European Union directive regulating the processing of personal data within the EU  Protection of individual’s personal data and its free movement  Coming soon - European Data Protection Regulation  Not mandatory  No penalty for non-compliance
  • 34. OTHER LAWS IN THE US o Children's Internet Protection Act of 2001 (CIPA) o Children's Online Privacy Protection Act of 1998 (COPPA) o Driver's Privacy Protection Act of 1994 o Telephone Consumer Protection Act of 1991 (TCPA) o Video Privacy Protection Act of 1988 o Electronic Communications Privacy Act of 1986 (ECPA) o Privacy Protection Act of 1980 (PPA) o Right to Financial Privacy Act of 1978 (RFPA) o Family Education Rights and Privacy Act of 1974 o Privacy Act of 1974
  • 36. PROTECT YOUR OWN PRIVACY o Understand – the type of personal information you disclose o Always ask – WHY they want it ? HOW will they use it ? WHO will it will be shared with ? Will YOU get access to it ? o Know your rights o Question if you are in doubt
  • 37. IF YOU ARE A COMPANY o Am I complying with Law? o Do you manage (have, use, access, store, obtain, etc.) personal information ? o Am I collecting only the what is REALLY needed and not more ? o Have I differentiated between Sensitive Personal Information and other information? o Do I protect information even during Transit/Process ? o How are you making sure all employees know their responsibilities and rights ? o How will you extend the data privacy protection to your third-parties, vendors ? o What will you do if there is a privacy breach ? o Do you in-house competences to conduct basic investigations ?
  • 38.
  • 39.