Scribd
Upload
157 views

Data Privacy

The document discusses privacy and data protection in India. It defines privacy and data protection and outlines what types of personal data are considered sensitive. It summarizes that the right to privacy is a fundamental right under the Indian Constitution as recognized by the Supreme Court. It also provides an overview of the key legislation governing privacy and data protection in India, including the Information Technology Act and Privacy Rules.

Uploaded by

Rajvi Dedhia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
157 views

Data Privacy

The document discusses privacy and data protection in India. It defines privacy and data protection and outlines what types of personal data are considered sensitive. It summarizes that the right to privacy is a fundamental right under the Indian Constitution as recognized by the Supreme Court. It also provides an overview of the key legislation governing privacy and data protection in India, including the Information Technology Act and Privacy Rules.

Uploaded by

Rajvi Dedhia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Privacy refers to the right of an individual where one can choose the extent to

which he or she would like to disclose information/data which pertains to him or


her. Data protection refers to the policies and laws mainly focussing on the
privacy of an individual which aim to curtail intrusion into one’s privacy
which is caused mainly by the collection, storage and dissemination of one ’s
personal data. All the information or data which relate to a person who can be
identified from that information or data, is known as personal data of that
individual.

The right to privacy is protected as an intrinsic part of the right to life and
personal liberty under Article 21 and as a part of the freedoms guaranteed by Part
III of the Constitution.

The Supreme Court of India in a landmark decision (Justice Puttuswamy v. UOI)


in August 2017 recognized that right of privacy was a fundamental right.

When companies and merchants use data or information that is provided or


entrusted to them, this data should be used according to the agreed purposes.  
Companies must ensure data privacy because the information is an asset to the
company.

Privacy concerns exist wherever personally identifiable information or


other sensitive information is collected and stored – in digital form or otherwise.
Improper or non-existent disclosure control can be the root cause for privacy
issues. Data privacy issues can arise in response to information from a wide range
of sources, such as:

Healthcare records

Criminal justiceinvestigations and proceedings

Financialinstitutions and transactions

Biologicaltraits, such as genetic material

Residenceand geographic records


Ethnicity

Privacy breach

Location-based service and geolocation

Some examples of sensitive personal data or information include password,


financial information such as bank account or credit card or debit card or other
payment instrument details; physical, physiological and mental health condition;
sexual orientation, medical records and history, biometric information, etc.  

The present law on data protection in India is embodied in the form of Section
43A of the IT Act read with the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules,
2011. The IT Act deals with both civil and criminal cases of violation and
exploitation in respect of personal data.

The Information Technology (Reasonable Security Practices and Procedures and


Sensitive Personal Data or Information) Rules, 2011 deal with safeguarding the
‘sensitive personal data or information’ of a person.

Privacy Policy

The Information Technology (Reasonable Security Practices and Procedures and


Sensitive Personal Data or Information) Rules, 2011 framed under Section 43-A
of the IT Act 2011, describe reasonable security practices and procedures that
companies are required to adopt.
Rule 4 of the 2011 Rules requires everybody corporate (or any person who on
behalf of the body corporate) that collects, receives, possess, stores, deals or
handles information of the information provider, to provide a privacy policy. Such
a privacy policy has to be available for viewing by those who have provided any
information to the body corporate under lawful contract(s). The privacy policy
also has to be published on the website of the body corporate. The privacy policy
has to clearly set out the practices and policies of the body corporate for the
collection, receipt, possession, storage, dealing or handling of information. It
should also list out the types of personal data or sensitive personal data collected
by the body corporate.

The present law on data protection in India is embodied in the form of Section
43A of the IT Act read with the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules,
2011. The IT Act deals with both civil and criminal cases of violation and
exploitation in respect of personal data.

2. Legislative Framework .............................................................................

Information Technology Act

Extent and Jurisdiction of the IT Act

Applicability of the IT Act

Indian Penal Code

Indian Evidence Act

Code of Criminal Procedure


Bankers’ Books Evidence Act

Payment and Settlement Systems Act

4. Quasi-judicial Framework

Adjudicating Officers

Cyber Appellate Tribunal

Controller of Certifying Authorities

You might also like