Cybersecurity, e-discovery, Red Flag Rules — as if compliance with regulatory requirements surrounding data protection in the U.S. were not enough of a challenge for an entity already —then, you might well need to also be following the developments of data protection issues in India where India recently and quietly issued new privacy laws that impose significant limitations on how businesses can handle personal information.

The fact is that the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”) were issued in April to implement India’s 2008 IT Security Act amendment.

The new rules are intended to showcase a new commitment by India to rigorously protect data, but they could dampen offshore outsourcing business.  And, if your organization is either considering some or all of your IT functions moving to offshore outsourcing, then, this recent development should be explored and reviewed more seriously before such a decision is made.

Some significant points to consider about this privacy issue might be:

  1. The degree to which companies will comply with these rules remains unclear, as does the extent to which Indian authorities will enforce them.
  2. If enforced, the current drafted regulations, which deal with the protection of personal information, are more stringent than either the Gramm-Leach-Bliley Act in the U.S. or the EU Directive in Europe and would create new requirements for companies that outsource to service providers in India or maintain their own operations there.
  3. prior written consent will be required—without exception—to collect and use sensitive data about Indian citizens and about any person who’s personal information is collected within the country of India.
  4. Will China follow the same approach as India regarding privacy rules? (Read more)

If you wish, you can learn more about these Indian drafted data protection requirement by reading the draft version of these privacy rules as issued in India.

You can also read a related article written by Thomas Claburn posted on the Information Week website entitled, “India Adopts New Privacy Rules”.

You can also read an article written by Stephanie Overby, posted on the CIO website, and entitled, “Offshoring: 7 Tips to Prepare for India’s Proposed Privacy Rules”.

If applicable, please pass this information along to the IT information security, risk management or business continuity strategy planning  and preparedness team members in your organization.

Photo courtesy of

Pin It on Pinterest