The Puttaswamy judgment is a landmark legal
development in the discourse on privacy, especially informational privacy;
prior legislative attempts have been made to secure informational privacy in
various sectors in India. These includes the general data protection rules
under the Information Technology Act, 2000 (IT Act) as well as various sector
specific laws on data protection.
Image Credit: ccgdelhi.org
Image Credit: ccgdelhi.org
The SPDI Rules have been issued under
Section 43A of the IT Act. Section 43A, relates to Compensation for Failure to
Protect Data and enables the enactment of reasonable security practices and
procedures for the protection of sensitive personal data. The SPDI Rules incorporate,
the OECD Guidelines such as collection limitation, purpose specification, use
limitation and individual participation.
The Information Technology (Reasonable Security
Practices and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules):
Key features of SPDI rules are:
1) It mandates certain requirements for
the collection of information,
2) It is insisted that data collection
be done only for a lawful purpose connected with the function of the organisation.
3) every organisation is required to have
a detailed privacy policy.
4) instructions for the period of time
information can be retained,
5) it gives individuals the right to
correct their information.
6) Disclosure is not permitted without consent
of the provider of the individual, or unless such disclosure is contractually
permitted or necessary for legal compliance.
7) the consent of the provider is not
required for sharing the personal information collected by any organisation
with Government
8) personal information can be shared for
purposes such as verification of identity, prevention, detection and investigation
including of cyber incidents, prosecution, and punishment of offences.
9) The SPDI Rules apply only to
corporate entities and leaves the government and government bodies outside its
ambit
10) the rules are restricted to sensitive personal data which includes attributes like sexual orientation,
medical records and history, biometric information etc. and not to the larger
category of personal data.
Thanks for reading till the end. Please follow and share this blog for more such law notes.
No comments:
Post a Comment