Society has changed with digitization. With the increasing digital population in India, every microsecond online services and companies are redefined. Technology, combined with sizable online information mines, has overcome the boundaries of the standard business industries. The industry is evolving every day as an ecosystem- health care, finance, fitness and fashion, e-commerce, travel, software solutions, music, the arts, films, etc. The essence of these industries’ businesses is no longer confined to the selling and purchase of vanilla or a single model of service. However, there is nothing less dangerous than a measured conflict with a person’s physical health and happiness.
It is a legal agreement that explains what personal data you collect from website visitors, how you can use this information, how you maintain it, and whether you have adequate means and strategy to safeguard data.
Data Protection Laws in India
Data Protection refers to the set of privacy laws, policies, and procedures that aim to minimize intrusion into one’s privacy caused by the collection, storage and dissemination of personal data. Personal data generally refers to the information or data which relates to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency.
Data security applies to the collection, storage and dissemination of personal information in a set of privacy policies, procedures, and laws that mitigate intrusion into one’s privacy. Personal data usually refers to data and information relevant to a person who may be easily identified with the given information by any entity – government or private.
India currently has no clear data protection or privacy laws. The Information Technology Act, 2000 and the Indian Contracts Act, 1872 are relevant laws for India. In India, it is likely to have a codified law implemented on data protection shortly.
Information Technology Act, 2000, addresses problems relating to monetary compensation (Civil) and penalty (Criminal) in the event of misuse of personal data and the violation of contractual terms on personal data.
Following section 43A of the (Indian) Information Technology Act, 2000, a company that has, transfers, or manages any sensitive personal data and information and that fails to implement or maintain reasonable practices of security leading to a wrongful loss or gain for anyone can be liable for any damages caused by such a company. It is necessary to remember that there is no upper limit for the liability which, in these circumstances, the concerned party may demand.
The government notified the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. The Rules discuss upon the protection of “sensitive personal or personal information of a person,” including personal information consisting of –
– Email IDs and Associated Passwords
– Banking and Financial information
– Bank account number, credit/debit card or other payment instrument details;
– Health condition – Physical, physiological and otherwise.
– Person’s sexual orientation;
– History of medical records and history;
– Biometric information.
The rules establish the appropriate security practices and procedures to be followed when dealing with “personally sensitive information” by the body incorporate or anyone who gathers, receives, owns, stores, distributes or handles information. In the case of any violation, the corporate entity or any other individual acting on behalf of the company may be held responsible for harm to the affected person.
Due to the substantial growth of the digital population in India, data privacy and data security are currently crucial questions. When browsing the Internet every internet user leaves his digital footprints in the form of personal data. This could range from providing their IP address, name, mobile number, or private and sensitive details such as their sexual orientation and medical records, etc. deliberately or unintentionally. It makes internet users vulnerable to crimes such as identity robbery, privacy violations and financial crimes.