Menu
Important Compliances required under Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011
A. Background:
Information Technology Act, 2000 specifies the important statutory framework with respect to Information Technology practices and procedures to be followed and giving legal recognition to various electronic records and transactions.
With the increase in the role of technology in the day today operations, the importance of reasonable security measures has become imperative for the body corporates. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 prescribes the measures to be adopted by Body Corporates to ensure implementation of reasonable security practices and procedures.
B. Body corporate to provide policy for privacy and disclosure of information (Rule 4):
The body corporate is required to provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information.
Such policy shall be published on website of body corporate and shall provide for—
C. Collection of information (Rule 5):
The Rule prescribes that the body corporate is required to obtain consent in writing through letter or Fax or email from the provider of the sensitive personal data or information regarding purpose of usage before collection of such information.
D. Disclosure of Information (Rule 6):
Disclosure of sensitive personal data or information by body corporate to any third party shall require prior permission from the provider of such information, who has provided such information under lawful contract or otherwise, unless such disclosure has been agreed to in the contract between the body corporate and provider of information, or where the disclosure is necessary for compliance of a legal obligation.
E. Reasonable Security Practices and Procedures (Rule 8):
Disclaimer: The information contained in this Article is intended solely for personal non-commercial use of the user who accepts full responsibility of its use. The information in the article is general in nature and should not be considered to be legal, tax, accounting, consulting or any other professional advice. We make no representation or warranty of any kind, express or implied regarding the accuracy, adequacy, reliability or completeness of any information on our page/article.