"Need for sensitive information and data protection regulations in India.
"
INTRODUCTION
Data protection and data privacy are terms that are used interchangeably. Still, we will
understand the difference, that data privacy lies down to who can or has access to data. Data
protection provides rules or a method that restricts access to data and personal sensitive data
information. During covid, we saw many organizations come up with issues related to data
breach, so it is more essential to have laws and regulations which govern and ensure that the data
of their customer, clients, and users are protected. The USA and EU have privacy laws that
govern unauthorized access to the data, but India still doesn't have legislation regulating data
protection and privacy. The IT act governs it, and if India gets their PDPB, it will help them
protect the sensitive data of their residents. We need these regulations so that any person or third
party does not misuse the data stored by the businesses. As we can see, there are political and
economic changes happening, leading towards the need for the privacy law and increasing
concern for the users and 3rd party regarding keeping their data secured. Still, 20 percent of
countries don't have legislation for protecting data, and 5-6 percent of countries that don't even
have data of their users or own citizens, but some countries have their own law and regulation for
protection of data & have drafted legislation.
Data Privacy & Data Protection
The article mentioned talks about sensitive information personal data and its protection. So
“personal data” is the data that consists of individual information related to a natural person and
also the sensitive data related to that person, such as their passwords, health conditions details,
biometric data, and other banking data. Any third party can use this data for any kind of breach
or any unauthorized purpose. “Data privacy and protection helps to secure the personal data &
information” of our clients and users, which can also be called information security. The
organizations use data protection to store and collect sensitive information data formulate
different strategies to minimize information breaches and maintain the probity of the data. Data
privacy is no tool, but rules guide how the information can be made available only to the
certified parties. The information that comes under the ambit are the names, DOB, personal ID,
�numbers, contact information of the users, employees, and organization shareholders. It also lays
down that the organizations using these data have fulfilled the prior requirement for using this
information. The guidelines laid down under the data protection act should be adhered to by
every organization. If any action has been done contrary to the rules, this might lose their brand
value and impose fines for not meeting the requirements. To prevent such data breaches, we can
limit access to such data and do modules for the employees to know the information security and
organizations' data protection laws and software. GDPR & PDPB 2019 Europe has a GDPR,
which governs the European clients in India in case of any data breach. California has CCPA,
which allows its users to have “access to sensitive information”. In the same way, India will have
PDPB, a Personal data protection bill governing Indian companies and citizens. It also gives
power to the DPA, which is the data protection authority, to add a new type of sensitive data
category if the need arises. The data gathered should be stored in India only. If any organization
or country wants to access sensitive information, such data should be made available after
fulfilling the following requirements given under the protocols by the authority or board. The
GDPR can be applied to Indian companies with foreign clients or companies located outside the
EU. So there are strict regulations which are laid down in the GDPR that if any business or
organization breaches the contract or does an activity which is violative of the directions
provided, then that particular company might suffer penalty and fines. Different legislation in
Europe used to govern privacy; then, they came up with the “GDPR” for controlling and
monitoring the transfer of data and subjects. The government, companies, and various entities
were allowed to use data of residents, providing the right to residents to object or ask to erase
their data. The GDPR has high-security conduct and compliance to secure their data. That's how
the need arises to have some significant changes in the laws and establish new “guidelines for
data protection regulations in” India. We will also understand why it becomes essential to protect
individual information & data and find which provisions govern sensitive information before the
PDPB bill. What will happen when this data is going to be shared without the users' consent and
knowledge?
Significance of I.T. Act & PDPB in India.
The PDPB is still under consideration. With the usage of data information, the importance of
protecting data has increased at a global level. The IT act, 2000 governs sensitive information,
�and also article 21 deals in privacy of Indian constitution talks about the right to data security.
New provisions have been inserted in the “IT act”, such as section 43A, related to unauthorized
usage, sensitive information, and punishment for disclosing any personal information. After
many developments and changes in the Indian constitution, the PDPB bill suggested a separate
act for securing the data of individuals. This article will help the readers discover data secrecy
and the new regulations relating to protection of data in India. We will also come across
landmark cases that helped evolve “data protection rules”, such as the Puttaswamy judgment in
India, no separate law that governs data privacy. If we talk about provisions governing Indian
data privacy, then after the amendment in 2000, new sections were inserted in the IT Act,
sections 43, 43A,66 C, E 72, 72A, and other It rules. So these sections lay down that if any data
is extracted and used without the users' permission, then the individual or organization who has
done this can be held for punishment, fines, and imprisonment when the offense committed is
grievous. So it becomes important for the business to have policies to keep their data confidential
and have agreements with their user and clients before collecting the data. The absence was felt
when there was a lack of rules & processes to handle such practices. Now everything is being
done digitally, & the authorities are also focusing on making India a digital platform where we
have innovation and technology to secure the sensitive data of our citizens. The importance of
protecting the data is that it will benefit more clients and businesses to keep a good” database of
the users' information”. The new bill has “personal data protection, sensitive data protection ”,
principles governing the information and data, and what is the basis to process such data.
Consent is the primary provision that tells that there should be transparency. The reason behind
data processing must be in good faith and should not have any other intention to defraud anyone.
Also, we will have “authority for data protection and to secure and control it” which will be there
to establish safeguards “related to the transfer of data and processing of the data” and a
centralized mechanism for controlling the activity. In this article, I have discussed the evolution
of GDPR and the Indian regulations dealing in privacy laws and have described various concepts
related to it. Other than that, I have explained the need and significance of data protection and
privacy in India, the new bill concerning Indian data protection, why there was a need to have
such legislation, and how they can help to secure the users' personal data information. These
laws are essential to protect users from exploitation. Indian constitution also recognized Indian
data protection regulations under the article 21 which talks about privacy. We have also seen
�how the privacy law is evolving and how new are being enacted and many landmark judgments
acts and amendments are contributing towards new legislations. Any data or information is
regarded as a piece of “sensitive information” that should be secured and protected from any
breach. People have trust in the processor that will protect their data. In India, we can see any
update on this bill by the winter session of 2021, and still, till then, the IT Act will govern Indian
data protection. Countries not having law to protect their data or are not able to protect their
citizens' data results in the violation of their privacy rights.
�References
1 Lee A Bygrave, Privacy in data protection rules HEINONLINE
https://heinonline.org/HOL/LandingPage?handle=hein.journals/swales24&div=25&id=&pa ge=
2 Kurt Wimmer, CIPP/E, CIPP/US, Gabe Maldoff & Diana Lee Covington & Burling INDIAN
PERSONAL PDPB 2029 vs. GDPR
https://iapp.org/media/pdf/resource_center/india_pdpb2019_vs_gdpr_iapp_chart.pdf
3 (GDPR) HEINONLINE KNOWLEDGE BASE https://help.heinonline.org/kb/general-data-
protection-regulation-gdpr/
4 Muskan Parihar Big Data Security and Privacy 10 (IJERT) https://www.ijert.org/big-data-
security-and-privacy
5 State IT Secretaries Conf. 1DP IN INDIA (12, 13 February, 2018)
https://digitalindia.gov.in/writereaddata/files/6.Data%20Protection%20in%20India.pdf
6 2 GUIDELINES GOVERNING THE PRIVACY AND TRANSBOARD FLOWS OF
SENSITIVE DATA 27-28 ISSUE-2 1983
