New Privacy Regulations Stricter Than EU, U.S. Provisions
PRIVACY LAW—INDIAMay 5, 2011
In a client alert released Wednesday, Morrison & Foerster reports on a "dramatic transformation" in the privacy landscape for India with the issuing of final regulations for the protection of personal information. The Information Technology Rules 2011 "apply to all organizations that collect and use personal data and information in India," the report notes, and represent the implementation of parts of the Information Technology Act. The rules include a provision for prior written consent for the collection and use of sensitive personal information in what the report's authors, Miriam Wugmeister and Cynthia Rich, describe as much stricter provisions than current laws in the EU and U.S. As a result, "U.S. and European multinational businesses...may have to adjust their personal data collection practices to conform to Indian data protection rules," the report states. Among the provisions in the regulations, organizations will be required to provide privacy policies and give individuals notice when information is collected, grant data subjects access and put in place the right to correct any personal data that has been collected. Information must also be secured, and a dispute resolution process must be put in place, the report states. "Given the scope of the Privacy Rules, it appears that every company in India and every company that sends data to a service provider in India will be affected by these new rules," Wugmeister told the Daily Dashboard.