Privileged & Confidential 1 India: an up-date on Data Protection Legislation by Tejas Karia (BSL, LLM (LSE), Advocate, Solicitor Associate, Amarchand &

Slides:

Advertisements

Similar presentations

The Latest Developments in Ukraines Intellectual Property Laws and Data Protection.

Advertisements

Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.

Introduction To Limited Liability Partnership (LLP) - Tushar Mittal.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

INDIAN CYBERLAW- SOME PERSPECTIVES INDIAN CYBERLAW- SOME PERSPECTIVES.

I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.

RIGHT TO INFORMATION ACT RTI Act-2005 is a Central Legislation. It gives access to Information held by the Public Authority. It is linked to Article-19---

Legislation in ICT.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.

THE RIGHT TO INFORMATION ACT – 2005 (Central Act No.22 of 2005) K. Ambarish, IAS., (Retd.) Chief Consultant, AMR-APARD Rajendranagar, Hyderabad.

INFORMATION RETRIEVAL, INFORMATION ACCESS & BIG DATA- LEGAL PERSPECTIVES.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

General Purpose Packages

1 GROUP-8. 2  To provide for electronic delivery of public services by the Government to all persons.  To ensure transparency, efficiency, accountability,

Information Technology Act India is one of the few countries other than U.S.A, Singapore, Malaysia in the world that have Information Technology.

Health & Social Care Apprenticeships & Diploma

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

Customer Service Enforcement After AB 2987 John Risk Communications Support Group, Inc. (c) 2006 John Risk Communications Support Group, Inc. (c) 2006.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Johan Billiet Association for International Arbitration Billiet & Co November 21-22, 2013.

Highlights of Limited Liability Partnership Bill, 2008 By: Ankesh Gupta.

OUTLINE Introduction Background of Securities Regulation Objective of Securities Regulation Violations under the Securities Industry Law The Securities.

Data Protection Act AS Module Heathcote Ch. 12.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Data Protection in the DIFC Outreach Session Office of Data Protection 4 June 2013 Data Protection.

BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)

The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.

ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.

Competition Amendment Bill, 2008 AMENDMENTS TO THE COMPETITION AMENDMENT BILL DATE: 7 October 2008 Zodwa Ntuli – DDG: Consumer and Corporate Regulation.

Introduction The Consumer Protection Act was enacted in Amendments were made in The Act applies to the whole of India except the State of.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Data protection and compliance in context 19 November 2007 Stewart Room Partner.

Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

The Protection of Personal Information Bill 13 February

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

Legal Aspects in IT Security Is Your Organisation Up-to-Date?? (Ref : IT Act, 2008 & IT Rules 2011) Adv Prashant Mali [BSc(Phy),MSc(Comp. Sci.),CNA,

Overview of Standards on Cost Auditing By: CMA Pradip H.Desai.

Learning Intention Legislations impact on security of information

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

The Citizen in the centre in EU, Bratislava November,2005

SECURITY STANDARDS AND CYBER LAWS

(Portfolio Committee on Justice and Correctional Services)

New challenges for archives in Iceland

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

IT ACT 2000 and 2008 Important Sections Awareness Presentation

General Data Protection Regulation

Information Governance and Data Privacy: A World of Risk

Data Protection Legislation

Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies

HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders.

Data Protection in Law Enforcement Area Chapter 9a of the draft law

Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.

Presentation transcript:

Privileged & Confidential 1 India: an up-date on Data Protection Legislation by Tejas Karia (BSL, LLM (LSE), Advocate, Solicitor Associate, Amarchand & Mangaldas) India: an up-date on Data Protection Legislation by Tejas Karia (BSL, LLM (LSE), Advocate, Solicitor Associate, Amarchand & Mangaldas) Amarchand & Mangaldas & Suresh A. Shroff & Co. Solicitors & Advocates Amarchand Towers, 216 Okhla Industrial Estate, Phase - III New Delhi India Tel: + (91 11) , Fax: + (91 11) th February 2006

Privileged & Confidential 2 Status of Data Protection Legislation in India The existing legal framework for protecting sensitive personal data. Overview of the investment in India by other countries for handling personal data. Need of Data Protection legislation in India. Attempts for passing the legislation. Present status. Way forward …

Privileged & Confidential 3 Existing Legal Framework Information Technology Act, 2000 –Section 43: Penalty for download, copy or extract of data without permission of the owner of a computer etc. – not exceeding rupees ten million to the person affected. –Section 65: Punishment for tempering with Computer Source Code – imprisonment up to 3 years, or fine up to rupees 200,000, or both. –Structure of legal services in India is still at primary stage where sophisticated multilocational/multijurisdictional services rendered by very few Disadvantage of dollar rupee inequality Phased entry as was done in Singapore, China and the Asean region is required as otherwise cannibalisation of domestic practices is very likely

Privileged & Confidential 4 Existing Legal Framework Information Technology Act, 2000 –Section 66: Hacking - imprisonment up to three years, fine up to rupees 200,000, or both. –Section 72: Penalty for breach of confidentiality and privacy: unauthorised access to any electronic record, book, register, correspondence, information, document and disclosure of the same – imprisonment up to 2 years, or fine up to rupees 100,000, or both. –Structure of legal services in India is still at primary stage where sophisticated multilocational/multijurisdictional services rendered by very few Disadvantage of dollar rupee inequality Phased entry as was done in Singapore, China and the Asean region is required as otherwise cannibalisation of domestic practices is very likely

Privileged & Confidential 5 Existing Legal Framework Indian Contract Act, 1872: –Breach of Contract: Violation of terms of the contract or non-performance of the obligations. –Remedies: Damages Specific Performance –Structure of legal services in India is still at primary stage where sophisticated multilocational/multijurisdictional services rendered by very few Disadvantage of dollar rupee inequality Phased entry as was done in Singapore, China and the Asean region is required as otherwise cannibalisation of domestic practices is very likely

Privileged & Confidential 6 Existing Legal Framework Indian Penal Code, 1860: –Section 406: Criminal Breach of Trust: Imprisonment, which may extend to 3 years, or fine, or with both. –Section 420: Cheating: Imprisonment, which may extend to 7 years and a fine.

Privileged & Confidential 7 Existing Legal Framework Consumer Protection Act, 1986: –“Deficiency in Service”: complaint before consumer forum / commission. Specific Relief Act, 1963: –Temporary and permanent injunctions against unauthorised disclosure of confidential information.

Privileged & Confidential 8 Overview of Investment in India India controls 65% of of the global market in software- code outsourcing and 46% in back-office outsourcing. Indian software and services export was approximately $ 17.2 billion in , as compared to $ 12.8 billion (an increase of 34%) Outsourcing revenues are expected to reach $ 60 billion by As per the Nasscom-Mckinsey survey, the export revenue from IT sector would add 7% to India’s GDP by 2010 along with creation of 8.8 million new jobs.

Privileged & Confidential 9 Overview of Investment in India IT solutions business in India is expected to grow at 25% to touch $ 35 billion in export revenues. The BPO business would witness a CAGR of 37% to account $ 25 billion of the projected $ 60 billion. According to Indian IT body – National Association of Software and Service Companies (“NASSCOM”), India could potentially accelerate the overall IT export by almost $ billion by 2010 if it focuses on multi-dimensional innovation.

Privileged & Confidential 10 Need for Data Protection Legislation in India Absence of data protection and privacy law in India often cited as a strong reason for stopping the movement of call center and BPO work in India Necessity for creating appropriate confidence among investors and foreign companies about safety and protection of personal data. Adequate level of protection for allowing Safe Harbor for transfer of data from EU countries. Unenforceability of contractual provisions regarding protection of data.

Privileged & Confidential 11 Various attempts for passing Data Protection Legislation Drafting of separate legislation. Amendments to existing Information Technology Act. Expert Committee on Cyber Law

Privileged & Confidential 12 Various attempts for passing Data Protection Legislation Drafting of separate legislation: –A separate and exclusive legislation embodying the Data Protection principles like other Countries. –EU model vs. US model Stringent legislative protection vs. Self-Regulatory Organizations Enforcement: statutory rights v. contractual rights Safe Harbor Principles –Failure to enact separate legislation

Privileged & Confidential 13 Various attempts for passing Data Protection Legislation Amendments to existing Information Technology Act, 2000: –Insertion of definitions of: Personal data, Data Controller, Data Processor, Data Subject, Processing etc. –Introduction of Chapter VIIIA for Data Protection Provisions for reciprocity and exemptions –Guidelines on rights of Data Subjects and Minimum Security and Organisational Standards to be adopted by Data Controllers and Data Processors

Privileged & Confidential 14 Various attempts for passing Data Protection Legislation Expert Committee on Cyber Laws: –Appointed to suggest the amendments to Information Technology Act, 2000 –Minimal changes suggested to existing law for introducing the protection for handling sensitive personal data. –Introduction of concept of ‘sensitive personal data’ in existing Section 43: Any body corporate, that owns or handles sensitive personal data or information in a computer resource, if found to be negligent in implementing and maintaining reasonable security practices and procedure – shall be liable to pay damages by way of compensation not exceeding rupees ten million to the person so affected.

Privileged & Confidential 15 Various attempts for passing Data Protection Legislation Expert Committee on Cyber Laws: –What is “reasonable security practices and procedures” ? In the absence of a contract between the parties or any special law, such security practices and procedures as appropriate to the nature of the information to protect that information from unauthorised access, damage, use, modification, disclosure or impairment, as may be prescribed by the Central Government in consultation with self- regulatory bodies of the industries, if any. –“Sensitive personal data or information” – which is prescribed as “sensitive” by the Central Government in consultation with self-regulatory bodies of the industry, if any.

Privileged & Confidential 16 Various attempts for passing Data Protection Legislation Expert Committee on Cyber Laws: –Section 66: Definition of Hacking replaced by Computer related offences –Computer related offences are defined as: If any person, dishonestly or fraudulently, without permission  accesses or secures access to such computer resource  Downloads, copies or extracts any data, computer data base or information from such computer resource including information or data held or stored in any removable storage medium  Denies or causes the denial of access to any person authorised to access any computer resource shall be punishable with imprisonment up to 1 year or a fine which may extend up to rupees 200,000 or with both.

Privileged & Confidential 17 Various attempts for passing Data Protection Legislation Expert Committee on Cyber Laws: –Computer related offences are defined as: If any person, dishonestly or fraudulently, without permission  Introduces or causes to be introduced computer virus into computer resource;  Disrupts or causes disruption or impairment of electronic resources;  Charges the services by tampering with or manipulating any computer resources;  Provides assistance to any person to facilitate access to a computer resource in contravention of the provisions of the IT Act, 2000, rules, regulations made thereunder;  Damages or causes to be damaged any computer resource, date, computer database, or other programmes residing in such computer resource; shall be punishable with imprisonment up to 2 years or a fine which may extend up to rupees 500,000 or with both.

Privileged & Confidential 18 Various attempts for passing Data Protection Legislation Expert Committee on Cyber Laws: –Section 72: Breach of confidentiality and privacy: Penalty increased to rupees 500,000 Additional provisions for intermediaries Intentional capturing and broadcasting images violating the privacy Bar on jurisdiction of courts to take congnizance except upon complaint filed by the aggrieved person in writing before a Magistrate Punishment: damages by way of compensation of rupees 2.5 million to the person so affected –Section 79: Exemption from liability of intermediary in certain cases.

Privileged & Confidential 19 Present Status No clarity on form of legislation. Absence of any specific protection causes concern for trans-border flow of personal data. Stray incidents of misuse of personal data by persons handling personal data. The recommendations of Expert Committee likely to be placed before Parliament in February 2006 for amending the existing Information Technology Act, No certaninity of enforcement mechanism.

Privileged & Confidential 20 Way forward… Need for comprehensive legislation on data protection in India. At least the proposed amendments should capture all the aspects of data protection principles.

Privileged & Confidential 21 THANK YOU