In response to industry pressure, on Wednesday, August 24, 2011, the Indian Ministry of Communication & Technology issued a clarification of the Privacy Rules (“Clarification”). Of significance is that the Clarification appears to: 1) exempt service providers from the main substantive obligations of the Privacy Rules other than the cross-border limitations and the security obligations; 2) clarifies that a “provider of information” is a “natural person”; and 3) clarifies that consent is valid if it is in any mode of electronic communication (as opposed to just letter, fax or email).
In April 2011, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”), was issued under the Information Technology (Amendment) Act, 2008. (See our alert dated May 4, 2011.) The Privacy Rules raised significant issues and caused concern among organizations that outsource business functions to Indian service providers. As a result, industry both within and outside India expressed concern that the Privacy Rules would decimate the outsourcing industry.
Exemption for Service Providers: As drafted, the Privacy Rules applied to all organizations that collect and use personal data and information in India regardless of where the individuals resided or what role the company that was collecting the information played in the process of handling the information. The Clarification provides...
Please see full publication below for more information.