Warren and Brandeis were the ones who envisioned the concept of privacy initially in 1890. In this age of information and post-globalization era, people are worried about surveillance and privacy. As advancement in technology has been used by state apparatus to keep close eyes on individuals’ activities, in reality, and virtually. It suggests that it is a contravention of an individual’s right to privacy. Collected data from the individual could be used to manipulate them. That’s why it becomes evident to put a check on the government’s surveillance. The state has a sole responsibility to protect its patrons with limited interference in an individual’s life. This can be done via effective policies and strategies.
Do you know your ecommerce website requires disclaimer policy?
Get your customized website disclaimer policy done with the help of LegalWiz.in experts
What kind of data is being collected?
The policy clearly has to mention the data fields that are being collected. Such sensitive personal data (SPD) and personally identifiable information (PII) have to be stated clearly.
According to the SPDI rules, any information that relates to a natural person can be identified as personal information, which can be directly or indirectly in collaboration with other information obtainable or likely to be obtainable with body corporate and can recognize such person.
SPDI rules only restrict sensitive personal data or information and extent of protection to the following things;
– Bank account or credit card and debit card along with any other financial information and payment instrumental deets.
– Mental, physiological, and physical health condition.
– Medical history and records.
– Sexual orientation.
– Biometrics info.
– Any deets connected with the above clauses as given to body corporate for providing service.
– Any information received under the above clauses by body corporate for operating, storing, or processed under the legal agreement or otherwise.
Other categorized data won’t need to be awarded data protection under the extent of the rules.
How is the data being collected?
Notifying the purpose of data collection
Many websites use the web beacon (transparent image pixel) and cookies (a special set of codes) to pursue users or give personalized services to them with these settings’ help. For example, enabling the cookies allow the website to remember you so that you do not have to login every time you visit the website. Here, it is possible to disallow cookies, but it is impossible to do so in web beacons.
Is there any use of third-party plugins and collection of data by third parties?
Many websites use multiple plugins within their websites. Some websites mention using third-party plugins, they can be more transparent by letting users know about which plugin has been used, the reason for such use, and whether such plugins are collecting the data. For generating revenue, many websites allow the promotion of advertisements. The website clearly should mention the website is not accountable for data collection by a third-party website.
Know how law firms are leveraging technology in modern times
Check out latest technology that unlocks better reach with exceptional services.
Is there any way to get rid of the data collection process?
Organizations should offer individuals the chance to opt-out from providing such personal information before gathering information, including sensitive personal data. Moreover, there should be a modus operandi to do so. Withdrawn of consent has to be sent in written form to the organization. By doing so, the organization will not be responsible for providing any services from thereon.
Whom to reach out to for grievance?
Body corporate must appoint a grievance officer and his/her name and contact details on the website to resolve any grievances from the user and its discrepancy. It is the grievance officer’s responsibility to resolve it promptly, within one month of the date of receipt of grievance submission to him/her.
What are some of the judicious security measures and procedures followed by the organization?
SPDI rules require every data controller to possess a holistic documented information security program and information security policy that includes technical, managerial, physical, and operation security limitation measures that are in accordance with the information assets that are being safeguarded with the nature of business.