As follow up to my previous message, sharing an article below about new
privacy law in India.
Lynn
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This From: InformationWeek, May 5, 2011
http://www.informationweek.com

India Adopts New Privacy Rules
http://www.informationweek.com/news/government/policy/229402835

Organizations doing business in India may be forced
to re-evaluate how they handle personal information.

By Thomas Claburn InformationWeek
May 05, 2011 08:00 AM

Amid worldwide lobbying by IT companies to promote the harmonization of data
protection laws for the sake of cloud computing, India last month quietly
issued new privacy rules that impose significant limitations on how
businesses can handle personal information.

The Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011, or "Privacy Rules,"
were issued in April to implement India's 2008 IT Security Act amendment.
http://ibnlive.in.com/news/read-the-controversial-internet-control-rules/150319-53.html

Because the rules implement an existing law, they did not undergo the
prolonged period of public comment and industry input that typically
precedes the passage of a law. Nonetheless, they "have all the force of a
full-blow data privacy law," said Miriam Wugmeister, head of the global
privacy practice at law firm Morrison & Foerster, in a phone interview.

ISPI note - also see:

"India's New Privacy Regulations"
Morrison & Foerster Client Alert - May 4, 2011
By Miriam H. Wugmeister and Cynthia J. Rich
PDF: http://tinyurl.com/3r8ta85

The degree to which companies will comply with these rules remains unclear,
as does the extent to which Indian authorities will enforce them. But
Wugmeister believes the new privacy regime has the potential to dramatically
affect the business landscape for IT companies in India and for overseas
companies that contract IT services with Indian companies.

The Privacy Rules oblige organizations to notify individuals when their
personal information is collected via letter, fax, or email. They require
covered organizations to make a privacy policy available, to take steps to
secure personal information, and to offer a dispute resolution process
related to the collection and use of personal information.

"The law applies to all companies in India getting any information from
anywhere," said Wugmeister. "On the face of it, it doesn't exempt the
service provider."

What this means is that any personal collected in India, or outside of India
and transferred into the country, is governed by these rules. As a
consequence, Wugmeister suggests that outsourcing providers in India may be
required to notify every person seeking assistance at a call center about
their data handling practices and to obtain consent to handle personal data.
Outsourcing providers, she says, may also be forced to make sure their
customers' data handling practices match the requirements laid down in the
new rules. <| Powered by www.ISPIClips.com |>

India's new Privacy Rules arrive as large IT companies like Microsoft are
calling for more consistent international privacy and data protection laws,
so cloud computing companies can transfer data across borders without legal
uncertainty.

"[W]ith the migration to the cloud, it is increasingly important that data,
in fact, be able to move across borders, and even around the world, albeit
with real and effectively legal safeguards," argued Microsoft's general
counsel Brad Smith in a speech delivered to the French National Assembly in
January. http://www.microsoft.com/presspass/exec/bradsmith/01-24-11fna.mspx

India's new rules may reflect a desire by lawmakers to court cloud computing
providers, particularly those in the E.U., where data protection laws are
stringent. But winning business from the E.U. may come at a cost. U.S
companies may not want to adhere to India's relatively strong standards and
could seek outsourcing partners in other countries.

Given the importance of IT to India, however, it seems likely that overly
burdensome regulations will be relaxed, go unenforced, or be superseded by
subsequent legislation.



Copyright © 2011 UBM TechWeb, All rights reserved.


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~