Previous 2 / 5 Next

THE GAZETTE OF INDIA : EXTRAORDINARY [ PART II-SEC. 3(i)] (h) "Password" means a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information; (i) "Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. (2) All other words and expressions used and not defined in these rules but defined in the Act shall have the meanings respectively assigned to them in the Act. 3. Sensitive personal data or information.— Sensitive personal data or information of a person means such personal information which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules. 4. Body corporate to provide policy for privacy and disclosure of information.— (1) The body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. Such policy shall be published on website of body corporate or any person on its behalf and shall provide for— (i) Clear and easily accessible statements of its practices and policies; (ii) type of personal or sensitive personal data or information collected under rule 3;

Select target paragraph3

● ● ●

Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules

Document

State

India

Type of Document (for States): Policy Implementation Frameworks and Action Plans

Topics

Data Protection
Economy and Finance

United Nations Regional Group

Asia-Pacific States

Issuing Body

Ministry of Electronics and Information Technology

Summary

Lays down rules regarding privacy and data security, including:

Restrictions on collection of personal data by corporations;
Standards of personal information disclosure;
Establishment of guidelines for determining whether or not organization is compliant with previous regulations.

Source Link 1: http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf

Year Published: 2011

Date Published: Apr 11, 2011

Document Language(s)

English

Preview

Map

Latitude: 20.593684

Longitude: 78.96288

Map (linked Document): India

Primary Documents

2011_India_en_Information Technology.pdf
English
Download View