Risk Return Trade off in BPOs

India is embarking on a major review of the Information Technology Act which was passed with effect from October 17, 2000. Recent frauds of the Delhi MMS case and Gurgaon BPO Cases have increased the demand from the media for "Stricter IT Laws". In this scenario, Naavi.org is presenting a series of suggestions for the consideration of the MCIT while addressing the amendments and request comments from the public so that the Ministry will have the benefit of an opportunity to consider the public views in this regard.

Spam	Squatting	Terrorism	Data Protection	CRAT	Hacking	Stalking	Abuse
Interception	CRAC	Secured DS	Marriage	Civil Liabilities for all offences	Enhancing Civil Liabilities	Miscellaneous	.

Suggestion IV: Data Protection:

It is recommended that a separate “Data Protection Act” may be considered with a definition of “Privacy Rights “of Indian Citizens defining responsibilities of data intermediaries, processors and users.

Information Technology Act recognizes “Data Theft” as an Offence under Section 66 and as a Contravention under Section 43. Digital Signature provides the means for data encryption and accountability in storage and transmission. Adjudication covers the need for quick dispensation of justice in respect of civil liabilities. Hence there is adequate coverage of data theft from the point of view of the industry.

Hence no amendment is required in the Information Technology Act on this account.

However, if it is considered expedient to pass an amendment to assure the International community that India has strengthened the laws after the recent incidents, an amendment may be suggested to provide some clarification on data protection as an expansion of Section 43.

Suggested that the following section may be added in Chapter IX:

(XY)

Whoever,

collects, stores, processes or otherwise manages data of personal nature belonging to a data subject, in any manner shall take such steps as may be necessary to ensure that the data is collected on a strict need basis, stored securely and accessed only on a need to know basis and in the event such data is compromised, shall be liable to pay damages to the data subject for a sum not exceeding RS 1 crore.

(Comments welcome)

Naavi

July 5, 2005

Related Article/Information:

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com