The Information Technology Rules 2011 require companies to gain written consent from individuals about the use of the sensitive personal information they collect, reports PC World, but they will not apply to companies outsourcing data processing to service providers in India. Kamlesh Bajaj, CEO of the Data Security Council of India, says the Indian government will soon issue a clarification that the new rules will only apply to a "body corporate" in India. Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court, says the new rules imposed on service providers will "not be well known or understood by the vast majority of Indian outsourcers," resulting in infringements of the law. Editor's note: For more information on the new Indian information technology rules, see this month's edition of The Privacy Advisor newsletter. (IAPP member login required.)
If you want to comment on this post, you need to login.