Practice Area

Law Wire™ Guides

Information Technology Law Compliance

Organisations collect a huge amount of personal data, which in the legal parlance may be known as SPDI [Sensitive Personal Data or Information]. Such organizations are required to comply under the Information Technology Act [2000] and its Rules, which lay down certain procedures to be followed at the time of collection of data, transfer of data, and disposal of data, and to maintain relevant security practices and procedures.

Data Transfer - Indian Regulation

In India, we do not have adequate and comprehensive Data Privacy / Protection legislation. In the absence of blanket legislation, Information Technology Act provides for data protection and acts as a guiding rulebook.

Indian Law on Encryption

Under Indian Law Section 84A of the Information Technology (Amendment) Act, 2008 empowers the government to prescribe the modes or methods of encryption "for secure use of the electronic medium and for promotion of e-governance and e- commerce". But the rules have not been notified so far although draft recommendations have been made available.

Information Security Management System - Policy Checklist

With specific regard to the new responsibilities which arise as a result of the Indian Rules recently issued under Section 43A of the IT [Amendment] Act, Chief Privacy / Security Officers, Data Protection Managers, In-House Counsels or any other officer designated by the organization for securing Information and Communications Technology [ICT] infrastructure security and operations should take strict note that their organization must comply with the International Standard IS/ISO/IEC 27001 on “Information Technology / Security Techniques / Information Security Management System” which has been prescribed by the Government of India as one of the approved Information Security Management System. Industry associations or industry cluster who are following other codes [and not IS/ISO/IEC 27001] of best practices for data protection and fulfils the preliminary requirement, must get their codes of best practices approved by the government.

Website Compliance

The checklist ensures that the e-commerce website complies with the law and customary standards & practices in general. A Body Corporate may have its own unique risks and the below listed points may not essentially deal with them in detail.