Government of India: clarification about Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

The Ministry of Communications & Information Technology has provided some clarification about the new Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, with the result to exempt outsourcing processes.

The press note of Department of Information Technology clarifies that any body corporate located in India which provides services of processing sensitive personal data or information under contractual obligation with any legal entity (located within or outside India) is not subject to the requirement of Rules 5 & 6.

These two rules are the cornerstone of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as they concern how data are collected and what information must be provided to data subjects, the consent of data subject and other key issues (data retention, data security, disclosure of information to third parties and Government agencies).

On the contrary, any body corporate, which provides services to the provider of information under a contractual obligation directly with them, is subject to Rules 5 & 6.

The notification defines the notion (still vague) of “providers of information” as “those natural persons who provide sensitive personal data or information to a body corporate”.

About the consent it is also clarified that Rule (1) – which considers only written consent given by letter, fax or email – also includes “any mode of electronic communication”.

It also clarifies that privacy policy, as prescribed in Rule 4, relates to the body corporate and is not with respect to any particular obligation under any contract.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s