The announcement that justice B N Srikrishna may be assigned the work of an enquiry to Chanda Kochchar-Videocon loan issue, it was clear that his work in formulating the base draft of the Indian Data Protection Act was completed.
Now some preliminary information on what this law may hold has been revealed in the article in the print.in.
Some of the salient features mentioned there in is
a) The law will be prospective and not retrospective
b) Time would be provided to the industry for implementation of compliance unlike previous laws in India
c) There will be cognizable offences recognized for intentional or reckless behaviour
d) Penalties on companies may be provided for with the protection of “Due Diligence” concept
e) There would be a “Data Ombudsman” who will adjudicate on the “Data Erasure” requests.
f) There would be an appellate authority after ombudsman with further appeal to Supreme Court
g) Consent would be explicit in respect of critical data
h) Critical data may be required to be stored in India
i) A Data Protection Authority would be set up and may handle registrations of data processors and grievance handling.
This is some preliminary information available. We shall wait for the full draft to be made public for further comments.
Naavi
The brief outline of the proposed legislation that has come out makes interesting reading. We await a formal and authentic version from the government. What that comes, I am sure, there is a good scope for cyber law professionals like you, to study the whole issue and perhaps conduct many road-shows and create awareness too among the public in general and different categories of industries like banking, software, users, traders. intermediaries etc. V Rajendran