India Poised to Pass Strict Data Protection Rules

Lora Bentley

If you think the European Union's data privacy directives are tough, you're really not going to like what's in the pipeline from India. According to, the comprehensive data privacy requirements the country released this spring are tougher than the EU's requirements and the Gramm-Leach-Bliley Act in the U.S. And just like the anti-spam act in Canada will impact many outside Canadian borders, these new rules in India could change the way those who outsource to India do business.


If enacted, the rules would require companies doing business in India to get written consent from customers before collecting and using personal information about them. Moreover, the rules would apply equally to Indian citizens and anyone else whose information is collected in the country, writer Stephanie Overby explained.


As yet, there are no details regarding when and how the implementation will occur if the proposed rules are enacted. As such, companies that outsource to India are in a limbo of sorts. But that doesn't mean they should sit around twiddling their thumbs.


The best course of action is to prepare for what's coming. Besides using this time to get permission from those whose information might need collecting later, Overby suggests seven different steps.


The top two: Review your current data-retention practices to determine what is being collected and/or stored in India. And put together a response team that will be ready to move as soon as the implementation schedule and requirements are clear. That team should consist of the CIO, legal and outsourcing governance specialists, at least.

Add Comment      Leave a comment on this blog post
May 27, 2011 9:42 AM Beoweolf Beoweolf  says:

Finally, someone gets "it". Until the keepers of the keys take data protection, privacy, resposiblity and offer encryption as a "cost of business" instead of as a Premium upgrade - we are attempting blame the victim for our lack of due diligence.

Any hack with a computer can put a shingle on a post and claim to be open for business "On the Cloud" - as data professionals we need to differentiate ablity with capablity.

At this juncture we collectively are like a motorist who complains that he doesn't understand why his tire will not stay inflated - after all, it only has a 8mm hole in the carcass., the other 99.99% of the tire has full integrity.

Folks - its a full service only when 100% protection is expected and provided - at all times.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.