The much awaited Data Protection Act of India has finally come to the open with a copy of the draft now being available. This appears as a text of the Bill and needs to be passed by the Parliament, approved by the President and notified in the Gazette before it becomes a law. This is part of a series of articles on the new Bill which when it becomes an Act will bring several changes to the Privacy and Data Protection scenario in India.
[This is the first of a series of articles that will be published on this topic…Naavi]
The first important thing we notice is that Section 43A of ITA 2008 has been omitted completely. The “Reasonable Security Practice” mentioned under Section 87 of the principal Act in sub-section 2(ob) has also been omitted.
It may be noted that the Intermediary Guidelines under Section 79, it had been mentioned that
“the intermediaries shall take all reasonable measures to secure its computer resource and information contained therein following the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable security practices and procedures and sensitive personal Information) Rules, 2011.”
As a result we need a modification in these rules and removal of the words “ as prescribed in the Information Technology (Reasonable security practices and procedures and sensitive personal Information) Rules, 2011″
Since PDPA 2018 is anyway covering the requirements of Sensitive Personal Data Protection in greater detail, this may be an attempt to avoid overlapping provisions.
We shall go through the draft bill in greater detail and continue our discussions.
Naavi
A Copy of the Proposed Bill is available here (67 pages)
A more detailed Report of the Srikrishna Committee is available here (213 pages)
Very much excited to go through such an exhaustive list of Security controls. Well done India