Professional Documents
Culture Documents
Cloud Mobile
Suppliers Corporate
IT
CRM
network
✓ Businesses must report any data breaches within 72 hours if they have
an adverse effect on user privacy.
✓ Personal data must be stored using pseudonymization or full
anonymization and use the highest-possible privacy settings by
default, so that the data is not available publicly without explicit,
informed consent.
IT act 2000/ 2008
✓ Enables electronic transaction
Digital Signature
✓ E-filing
✓ Certifying Authorities
Issues
✓ Liability of Company
If it is proved that –
• they had knowledge of a contravention; or
• they have not used due diligence
• that it was caused due to their negligence
Issues
What is Sensitive Personal data or Information?
Rule 3 - IT (Reasonable
Financial Health security practices and
Info Condition procedures and sensitive
personal data or
information) Rules, 2011
SPD
Health
Biometrics
Records
Sexual
Orientation
Reasonable Security Practices
Implementing comprehensive documented information security
programme and information security policies
Containing –
▪Managerial, technical, operational and physical security control
measures commensurate with the information assets held by the
person.
Rule 8 - IT (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011
Reasonable Security Practices
The International Standard IS/ISO/IEC 27001 on “Information Technology
– Security Techniques – Information Security Management System –
Requirements” is one such standard OR
An agreement between the parties regarding protection of “Sensitive
Personal Information”