Cloud // Cloud Storage
News
5/4/2011
07:02 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

India Adopts New Privacy Rules

Organizations doing business in India may be forced to re-evaluate how they handle personal information.

Amid worldwide lobbying by IT companies to promote the harmonization of data protection laws for the sake of cloud computing, India last month quietly issued new privacy rules that impose significant limitations on how businesses can handle personal information.

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, or "Privacy Rules," were issued in April to implement India's 2008 IT Security Act amendment.

Because the rules implement an existing law, they did not undergo the prolonged period of public comment and industry input that typically precedes the passage of a law. Nonetheless, they "have all the force of a full-blow data privacy law," said Miriam Wugmeister, head of the global privacy practice at law firm Morrison & Foerster, in a phone interview.

The degree to which companies will comply with these rules remains unclear, as does the extent to which Indian authorities will enforce them. But Wugmeister believes the new privacy regime has the potential to dramatically affect the business landscape for IT companies in India and for overseas companies that contract IT services with Indian companies.

The Privacy Rules oblige organizations to notify individuals when their personal information is collected via letter, fax, or email. They require covered organizations to make a privacy policy available, to take steps to secure personal information, and to offer a dispute resolution process related to the collection and use of personal information.

"The law applies to all companies in India getting any information from anywhere," said Wugmeister. "On the face of it, it doesn't exempt the service provider."

What this means is that any personal collected in India, or outside of India and transferred into the country, is governed by these rules. As a consequence, Wugmeister suggests that outsourcing providers in India may be required to notify every person seeking assistance at a call center about their data handling practices and to obtain consent to handle personal data. Outsourcing providers, she says, may also be forced to make sure their customers' data handling practices match the requirements laid down in the new rules.

India's new Privacy Rules arrive as large IT companies like Microsoft are calling for more consistent international privacy and data protection laws, so cloud computing companies can transfer data across borders without legal uncertainty.

"[W]ith the migration to the cloud, it is increasingly important that data, in fact, be able to move across borders, and even around the world, albeit with real and effectively legal safeguards," argued Microsoft's general counsel Brad Smith in a speech delivered to the French National Assembly in January.

India's new rules may reflect a desire by lawmakers to court cloud computing providers, particularly those in the E.U., where data protection laws are stringent. But winning business from the E.U. may come at a cost. U.S companies may not want to adhere to India's relatively strong standards and could seek outsourcing partners in other countries.

Given the importance of IT to India, however, it seems likely that overly burdensome regulations will be relaxed, go unenforced, or be superseded by subsequent legislation.

Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.