India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (i.e. data protection regulation and privacy rules) could have a profound effect on companies that
- – maintain operations in India, or
– outsource to Indian service providers.
- Article source – Will new regulations kill outsourcing?
- What are the regulations about?
These regulations apply to all organizations in India that collect and/or use personal data and information, including service providers or intermediaries that collect and process information on behalf of other organizations.
Some of the requirements are very rigorous:
- – a company must get written consent by letter, fax, or email for the collection of data,
– people can later opt out and withdraw their consent,
– disclosure of information to third parties is significantly restricted,
– in cases of data transfer (requires prior consent, whether necessitated by contract or not), companies may only transmit data to organizations with security meeting the new Indian regulations, and
– people have the right to review and/or correct their data.
Sign up with your email to get our latest trend setting blog posts first:
- India – Information Technology (Amendment) Act, 2008 – 2011-04-13 – final regulations (THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section 3, Sub-section (i) dated 11 April 2011)
- Bottom line and take-aways
The government of India has issued final privacy regulations that could make outsourcing difficult. The new privacy rules are tougher than the Gramm-Leach-Bliley Actin the US and the EU Directive. Accordingly, complying with US or EU privacy rules will no longer meet the more stringent Indian laws.
Tip: Get more insightful posts from us about privacy regulation, customer engagement, customer relationship management and benchmarking by adding CyTRAP Labs to your search query.
The regulations apply to all personal information, whether belonging to foreigners or Indian nationals. If they are strictly enforced, even handling a benefit-related call from a client in Germany means that written consent must be obtained by the outsourcer from the client before their data can be processed in India.
More resources
- Policy, standards and guidelines: Not sexy, but necessary
Resilience of public electronic communications – good practice
6 steps to proper risk assessment and management
2011 trends: Risk management and social media ROI
Cloud computing and cyber-wars
ComMetrics weekly review: 2010 in numbers
Have you adjusted your company’s outsourcing procedures accordingly? Could these regulations slow the outsourcing boom in India? As always, the comments are yours!
How we help
CyTRAP Labs helps NGOs, non-profits and brands engage their target audience through social media by assisting with development of an effective social media strategy and mentoring through the implementation process, conducting social media audits and supporting your efforts regarding corrective actions and improvements.
Start a conversation! Email us at info [at] CyTRAP [dot] eu or call us at +41 (0)44-272-1876.
Pingback: CASEScontact
Pingback: InfoSec
Pingback: CASEScontact
Pingback: CyTRAP
Pingback: MyComMetrics
Pingback: World Economic Forum