Data Protection Framework for India for Data Protection
Data Protection Framework for India – Terms of Reference
a) To study various issues relating to data protection in India
b) To make specific suggestions for consideration of the Central Government on principles to be considered for data protection in India and suggest a draft data protection bill.
Data Protection Framework for India – Need
There was no proper regulatory framework to deal with privacy concerns of citizens arising out of “over-the-top” popular messaging services such as Whatsapp, Facebook and Skype. Consequently, the Department of Telecommunications is exploring creating a “regulatory framework” through legislation to address data protection and citizens’ privacy concerns.
When it’s enacted, it will define provisions for protecting sensitive personally identifiable information and spell out liabilities.
Data Protection Framework for India – Existing Provisions
India already has some data protection and privacy provisions in the Information Technology Act 2000, amended in 2008 and the subsequent IT rules defined in 2011.
But the IT Act 2000/8 doesn’t define sensitive personal information directly and only provides guidance for reasonable security practice and due diligence – the actual implementation standards have not been explicitly
The current data protection regime is under section 43A of the IT Act 2000/8.
Those regulations are weak, do not specify any governmental agency, and do not lay out penalties for violations.
Section 43A and the ‘reasonable security rules’ didn’t change much, given the lack of teeth in the regulations, and the onerous job of proving “wrongful gain or wrongful loss” of property due to data breaches