Do you have a minute?
Get your cybersecurity score for your organization.
Book Free Consultation
x
Book A Meeting
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
What time works?
30 minutes meeting
Asia/Kolkata Time
Almost there!
IST
Change
Data Protection in India - BriskInfosec
Bint Labs
May 20, 2024
6 min. read
2,120
Data Protection in India
Share:
In this article
The right of privacy is a fundamental right. It is a right which protects the inner sphere of the individual from interference from both State, and non-State actors and allows the individuals to make autonomous life choices.” - Justice Sanjay Kishan Kaul
Privacy is the fundamental right. Broadly privacy can be categorized as ‘Information / Communication / Territorial / Bodily privacy, as defined by European Union under Data Protection and Regulation Act.
Privacy has three components, namely Secrecy, Anonymity & Solicitude.
In India, there was a dramatic change in the last one decade with the latest trends and technologies implemented in the Government Bodies / Corporate Sectors and data has been transmitted through different channels in the form of digital mode.
Apart from Human Resources, in the current trend “Data” has been recognized as a value added asset which is more critical in this digital era, hence personal data needs to be protected. Protection of personal data has been recognized to be instrumental for empowerment, progress and innovation
In India, as on date, there is no law governing data protection as on date, lacks a dedicated data protection law that addresses its concerns as expanding data-based economy. In India for IT Industry, to protect the “Personal Data’ under the present Indian laws only ‘Information Technology Act 2000’ (‘IT Act’).
In August 2017, Supreme Court declared ‘Right to Privacy’ as a fundamental right under the Constitution of India between KS Puttaswamy Versus Union of India.
To strengthen the Data Privacy and to protect the Individual Information, Government of India constituted a ‘Nine Member Committee’; a Committee of Experts under the dynamic leadership of Justice B N Srikrishna to identify the gaps in India with the existing laws on Data Protection and draft bill need to be framed, a Data Protection law in India.
Draft Personal Data Protection Bill 2018: Concepts and Issues
Expert Committee constituted by Government of India submitted the draft Personal Data Protection (PDP) bill report on July 27, 2018 to Ministry of Electronics and Information Technology published its report along with the draft Personal Data Protection Bill 2018 (“Bill”).
Abstracts of the bill
Draft PDP Bill monitors and controls the processing of Individual’s personal Data (Data principals) by Government and Private entities (Data fiduciaries) established in India and abroad.
Bill also clearly indicated that Processing is allowed either Individual gives consent, (or) in an emergency situation, on health care grounds (or) by the State for providing services and benefits.
The Bill has recognized the need to provide special protection to the personal data of children below the age of 18 years in a manner “that protects and advances the rights and best interests of the child”. Further, while “consent” which is free, informed, specific, clear and capable of being withdrawn has been recognized as a ground for processing personal data, the manner of obtaining such specific consent has not been elucidated upon in the Bill.
The Bill recognizes the need for having a reporting mechanism for breach of personal data but has not prescribed a comprehensive mechanism for reporting such breach.
One of the most debated issues with the Bill is the introduction of data localization requirements. Such a requirement may prove to be counter-productive for entities such as those relying on cloud-based technologies to sustain their businesses.
Further, while the Bill has identified the need of deterrent penalties and has prescribed fines of upto Rs 15 crores or 4% of the total worldwide turnover of the entity for breach of certain provisions of the Bill, the calculation of such worldwide-turnover-based penalties for functionaries of State may pose practical challenges.
Key Factors and Issues
As on date, there are no specific rules or guidelines for processing of personal data in a realistic manner.
Bill says ‘Data Fiduciary’ should inform to DPA of the Data Breach, may likely to cause harm, but there is no proper definition / clarity, when it comes to ‘harm’.
PDP Bill provides certain kind of exemptions relating to ‘Data Localization’ and other responsibility for Data Fiduciary where exposing of Data towards investigation or examination, detection etc.,
Data Fiduciary are not suppose to process the Individual Personal Data without obtaining the Consent where as State may not require consent to process the data, to issue certificates, licenses etc.,
Storage - A copy of Personal & Sensitive Personal Data, either on A Server or Data Center in India. But the term ‘Serving Copy’, not clear.
Similar to EU – GDPR , PDP bill specifies penalties are INR Fifteen Crores or 4% of the global annual turnover, whichever is higher, if breach was happened, but it is unclear
Duties, Powers and functions of the Data Protection Authority.
Conclusion
Data privacy has always been important. Every single company possess the personal information of millions of customers data that it needs to keep private so that customer's identities stay as safe and protected as possible, and the company's reputation remains untarnished.
We at Briskinfosec are constantly working on various aspects of Securing Privacy and we also work to keep individuals informed about the Importance of data privacy and we do that through various means for different target audience Through Blogs, Cyber Monday quotes, Threatsploit Reports. And work toward taking this to every individual.
Sources
This concise Information on Personal Data Protection (Draft) Bill, as presented to the Ministry of Electronics and Information Technology, by the Committee of Experts under the Chairmanship of Justice B. N. Srikrishna, on July 27, 2018.
Data protection and privacy statutes in European Union – The General Data Protection Regulation, 2016; India - The Personal Data Protection (Draft) Bill, 2018
Justice K. S. Puttaswamy (Retd.) and Anr. vs Union of India and Ors, W.P. (C) No. 494 of 2012, August 24, 2017
Justice K. S. Puttaswamy (Retd.) and Anr. vs Union of India and Ors, W.P. (C) No. 494 of 2012, September 26, 2018
Share this article
Briskinfosec
Briskinfosec is a leading CyberSecurity Assessment company offering comprehensive security services, Solutions and compliance. Our CyberSecurity refers to the preventative techniques used to protect the integrity of networks, programs, data and websites from attack, damage, or unauthorized access.
This Privacy Policy was last revised on June 1st, 2024.
"Briskinfosec", "we", or "us" knows that you care how information about you is used
and shared. This Privacy Policy explains what information of yours will be collected
by Briskinfosec when you use the website and the web application services.
We are committed to process your data in accordance with the General Data Protection
Regulation (GDPR) and other relevant legislation.
We won't spam you or sell your personal information to others.
You control how we send most messages to you.
You control who you share your Applications with.
We will not use or share your information with anyone except as
described in this Privacy Policy.
We will only collect, use, and share your information as we describe in
this Privacy Policy or as you give us express permission to do.
This Privacy Policy does not apply to information we collect by other means
(including offline) or from other sources. Capitalized terms that are not defined in
this Privacy Policy have the meaning given them in our Terms of Service.
Information We Collect
User-Provided Information
You provide us information about yourself, such as your Email address, First Name, Last
Name, Company, and Phone when you register for an account with the Service. You also
provide us information in the Content and Application(s) you post to the Service. When
you engage in communication with us, we may keep records of your Name, Contact Number,
email address, Company, the content of your email messages, as well as our responses.
How We Use Your Information
We are actively managing data retention. Data is carefully managed and stored in
accordance with our policies and procedures.
We use the personal information you submit to operate, maintain, and provide to you the
features and functionality of the Service.
By submitting our web form with your email address, you agree to receive service-related
notices, including any notices required by law, in lieu of communication by postal mail.
We may use your email address to send you other messages, such as newsletters, changes
to features of the Service, or special offers. If you do not want to receive such email
messages, you may opt out or change your preferences in by contacting
support@briskinfosec.com
By submitting our web form with your contact number, you agree to receive promotional
calls on the number shared, and such calls and SMS would be coming from a third-party
platform.
Following termination or deactivation of your account, may retain your profile
information, Content for a commercially reasonable time for backup, archival, or audit
purposes. Furthermore, may retain and continue to use indefinitely all Content contained
in your communications to other users or posted to public or semi-public areas of the
Service after termination or deactivation of your account.
Briskinfosec reserves the right, but has no obligation, to monitor or remove the Content
you post on the Service if in our sole opinion such Content violates, or may violate,
any applicable law or our Terms of Service, or to protect or defend our rights or
property or those of any third party. Briskinfosec also reserves the right to remove
Content upon the request of any third party.
We use cookies and log file information to: (a) remember information so that you will not
have to re-enter it during your visit or the next time you visit the Service; (b)
provide custom, personalized content and information; (c) monitor the effectiveness of
our Service; (d) monitor aggregate metrics such as activity, traffic, and demographic
patterns; (e) diagnose or fix technology problems reported by our users or engineers
that are associated with certain IP addresses; and (f) help you efficiently access your
information after you sign in.
How We Share Your Information
Personally Identifiable Information
Briskinfosec will not rent or sell your personally identifiable information to
others. Briskinfosec may share your personally identifiable information with third
parties solely for the purpose of providing the Service to you (for instance, to
process your credit card transactions). If we do this, such third parties’ use of
your information will be bound by this Privacy Policy. We may store personal
information in locations outside the direct control of Briskinfosec (for instance,
on servers in the cloud).
As described in this Privacy Policy, Briskinfosec will not disclose personal
information to any third party unless required to do so by law or subpoena or if we
believe that such action is necessary to (a) conform to the law, comply with legal
process served on us or our affiliates, or investigate, prevent, or take action
regarding suspected or actual illegal activities; (b) to enforce our Terms of
Service, take precautions against liability, to investigate and defend ourselves
against any third-party claims or allegations, to assist government enforcement
agencies, or to protect the security or integrity of our site; and (c) to exercise
or protect the rights, property, or personal safety of Briskinfosec, our users or
others.
How We Protect Your Information
Briskinfosec uses commercially reasonable physical, managerial, and technical
safeguards to preserve the integrity and security of your personal information.
However, we guarantee for the security of any information you transmit to
Briskinfosec.
To protect your privacy and security, we take reasonable steps (such as requesting a
unique password) to verify your identity before granting you access to your account.
You are responsible for maintaining the secrecy of your unique password and account
information at all times.
Compromise of Personal Information
In the event that personal information is compromised as a result of a breach of
security, Briskinfosec will promptly notify those persons whose personal information
has been compromised, in accordance with the notification procedures set forth in
this Privacy Policy, or as otherwise required by applicable law.
Data Subject Rights
Your GDPR Rights
Right to Access: You can request details of your personal data we hold.
Right to Rectification: You can correct inaccurate or incomplete data.
Right to Erasure: You can ask us to delete your personal data.
Right to Restrict Processing: You can request to limit how we use your data.
Right to Data Portability: You can receive your data in a machine-readable
format.
Right to Object: You can oppose certain types of processing.
Rights in Relation to Automated Decision Making and Profiling: You can request
human intervention or challenge a decision based solely on automated processing.
You have the right to access, correct, delete, or transfer your data. Contact us at
contact@briskinfosec.com to exercise these rights.
Data Transfers
Data may be transferred outside the EEA under strict safeguards to protect your privacy.
Data Protection Officer
The responsibilities of the Data Protection Officer are managed by the MSSC
committee. If you have any additional questions, please feel free to contact us
at contact@briskinfosec.com
Regular Review and Updates
This policy is reviewed regularly and updated as necessary.
Purpose and Lawfulness of Processing
We collect data to operate, maintain, and improve the Service. This includes
user support, personalized content, service management, and legal obligations.
Links to Other Web Sites
We are not responsible for the practices employed by websites linked to or from
the Service, nor the information or content contained therein. Please remember
that when you use a link to go from the Service to another website, our Privacy
Policy is no longer in effect. Your browsing and interaction on any other
website, including those that have a link on our website, is subject to that
website's own rules and policies. Please read over those rules and policies
before proceeding.
Notification Procedures
It is our policy to provide notifications, whether such notifications are
required by law or are for marketing or other business-related purposes, to you
via email notice, written or hard copy notice, or through conspicuous posting of
such notice on the Service, as determined by Briskinfosec in its sole
discretion. We reserve the right to determine the form and means of providing
notifications to you, provided that you may opt out of certain means of
notification as described in this Privacy Policy.
Changes to Our Privacy Policy
If we change our privacy policies and procedures, we will post those changes on
the Service to keep you aware of what information we collect, how we use it and
under what circumstances we may disclose it. Changes to this Privacy Policy are
effective when they are posted on this page.
If you have any questions about this Privacy Policy, the practices of this site,
or your dealings with this website, please contact us at
contact@briskinfosec.com
Cookies Information
Cookies essential for website functionality respond to your actions, such as
modifying privacy settings, logging in, or completing forms.
Data retention and Disposal mechanism
Our data retention and disposal mechanism operate in strict accordance with the
terms and conditions outlined in our policies. We have implemented a systematic
approach to both storing and disposing of data to ensure that it aligns with our
established policies. This commitment underscores our dedication to maintaining
the privacy and security of your information throughout its lifecycle, in full
compliance with the agreed-upon terms and conditions.
Data is retained as long as necessary for the purposes stated, and in accordance
with legal requirements.
This website uses cookies to ensure you get the best experience. Check our Privacy Policy
Discover the Latest Cyber Threats - Stay Ahead of the Curve
Get exclusive access to our latest Threatsploit Report detailing the most
recent and sophisticated cyber attacks. Stay informed and protect your
business from emerging threats.
Book Free Consultation
