India/ 5.1 General legislation  

5.1.8 Data protection laws

Section 43 A of the Information Technology Act, 2000, as amended by the Information Technology Act, 2008 makes it mandatory to protect data in India. This section deals with the legal obligations of corporate bodies who ‘possess, deal or handle any ‘sensitive personal data’, requiring that they implement and maintain ‘reasonable’ security practices. Their inability to implement such practices could make them ‘liable to compensate those affected by any negligence attributable to this failure’.

Chapter published: 22-04-2014