On December 9, 1999, Naavi released his first book, “Cyber Laws for Every Netizen in India”. The book was released in Chennai at the PIB on the same day Information Technology Bill 1999 was presented in the Parliament to replace the Draft E Commerce Act 1998 which was under discussion till then. The book represented my entry into the world of Cyber Laws and even established the trademark character of “Naavi” for the first time.
Then in May 2000, following the outbreak of the “I Love You Virus”, the Bill was quickly passed into a Law and later notified on 17th October 2000 as Information Technology Act 2000. (ITA 2000).
It is this law that was modified in 2008, with ITA amendment act of 2008 and notified on 27th October 2009 in which Section 43A and 72A were present as specific clauses for Data Protection.
Now in 2023, on August 11, the Digital Personal Data Protection Act was passed and anytime in 2024 it is likely to be notified. When this is notified, Section 43A of ITA 2000/8 will be deleted and DPDPA 2023 with its 44 sections will become effective.
All the provisions of the rules of “Reasonable Security Practices” often referred to as SDPI rules which was notified on 11th April 2011, are now contained in the DPDPA 2023. This makes DPDPA 2023 a law that has evolved from ITA 2000. The Section 43A was applicable only for “Sensitive Personal Data” as defined in the ITAA 2008 while Section 72A and several other sections applied to “Personal Data” both sensitive or otherwise.
DPDPA 2023 is therefore a bigger and better version of Section 43A and comes within the current definition of “Due Diligence” or “Reasonable Security Practice” under ITA 2000 making the date of notification of DPDPA 2023 less relevant than many think.
Hence Compliance of DPDPA 2023 is already a mandate of Compliance of ITA 2000/8.
This transition was also reminded to me in another way when I met a journalist (Mr Srikant Govindarajan of CIOL) , yesterday at Bengaluru in a conference related to DPDPA 2023 and he reminded me that he had attended the book launch of the book “Cyber Laws for Every Netizen in India” in Chennai on December 9, 1999.
It was this interaction that reminded me that my career as an ” Author” has actually completed 25 years and has transitioned from the first book on ITA 2000/Cyber Laws to the first book on Data Protection/DPDPA 2023.
It was a reminder of how the 25 years had passed evangelizing the concept of Cyber Law Compliance which is now turned into Privacy and Data Protection Compliance. I suppose in the next one or two years the Data protection phase will merge into DGPSI phase and another book on DGPSI is due as soon as the DPDPA Rules are released.
I hope the almighty provides the opportunity to complete the DGPSI mission successfully in 2025.
When I wrote thee book on Cyber Laws in India, there was no body to even check the proof and point out any corrections. Even when the book “Guardians of Privacy… was published”, there were not many to assist me in proof reading and suggesting improvements. But now we have an army of Data Protection Professionals and hopefully my next book venture will have more experts to assist me.
Naavi
