CONFIDENTIALITY AND PRIVACY
Data protection law in India is currently facing many problems and resentments due to the absence of a proper legislative framework. There is an ongoing explosion of cyber crimes on a global scale. The theft and sale of stolen data are happening across vast continents where physical boundaries pose no restriction or seem nonexistent in this technological era. India being the largest host of outsourced data processing in the world could become the epicenter of cyber crimes. This is mainly due to the absence of the appropriate legislation. The Data Security Council of India (DSCI) and Department of Information Technology (DIT) must also rejuvenate its efforts in this regard on similar lines. However, the most subtle solution can come from good legislative provisions along with suitable public and employee awareness. It is high time that attention is paid to Data Security in India. Cyber Security in India is missing and the same requires rejuvenation. Data breaches and cyber crimes in India cannot be reduced until strong cyber laws are made.
In the current scenario, the data protection provisions do not extend beyond the territories of India. Within the territory of India, Sections 43A and 72A of the Information Technology Act provides protection for data. Even data which is outsourced to India gets protection under these Sections. However, when data is sent outside the territories of India, one cannot seek protection under these Sections. India has no jurisdiction in such cases and there is no obligation cast on the countries to which India sends sensitive personal information for processing to have an acceptable data protection mechanism.
The Information Technology Amendment Act, 2008 has set the ball rolling in addressing the lacuna of data protection laws in the country. The provisions are however not adequate to meet the needs of corporate India. Indian companies in the information technology and business process outsourcing (BPO) sectors handle and have access to all kinds of sensitive and personal data of individuals across the world, including their credit card details, financial information, and even their medical history. These companies store confidential data and information in electronic form and this could be vulnerable in the hands of their employees. It is often misused by unscrupulous elements amongst them. There have been instances of security breaches and data leakages in high profile Indian companies. The recent incidents of data thefts in the BPO industry have raised concerns about data privacy.
The Information Technology Act, 2000 is not data or privacy protection legislation per se. It does not lay down any specific data protection or privacy principles. The Information Technology Act, 2000 is a generic legislation, which articulates on a range of themes, like digital signatures, public key infrastructure, e-governance, cyber contraventions, cyber offenses and confidentiality and privacy. In fact, the Information Technology Act, 2000 deals with the issue of data protection and privacy in a piecemeal fashion. There is no an actual legal framework in the form of Data Protection Authority, data quality, and proportionality, data transparency in India.
- 0 Comment