Memorial Respondent

September 11, 2017 | Author: Kamakshi Jasra | Category: Privacy, Personally Identifiable Information, Information Privacy, Right To Privacy, Computer Security
Share Embed Donate


Short Description

Download Memorial Respondent...

Description

STATEMENT OF JURISDICTION

The peoples Union for Human Rights of Indiana have submitted this dispute to the Supreme Court of Indiana, dated March 11, 2011. This Court jurisdiction is invoked under article 32 of the Constitution of Indiana.

MEMORANDUM ON BEHALF OF THE RESPONDENT

STATEMENT OF FACTS Background of facts: •

The state of Indiana is located in the South Asia region of Asia. The country is well equipped with the cultural outlook with civilisation. It is a democratic country with a republican constitution. The constitution of the country guarantees fundamental rights to the citizens at par with the principal of International law on human Rights.



To cater the need of the society the state of Indiana opened up its economy in 1990. After the opening up of economy, the country and the union have started in line with the Information technology and started rendering various services through Information technology.



In order to keep up with the technological advancement, Government liberalised various laws for the establishment of a large number of Service centres by IT parks, individuals as well as mobile phone companies. Thereafter, the Multinational Companies developed certain guidelines to ensure that extensive information is gained by them so as to provide various services to the individuals.



Basing on this, the IT Parks as well as the mobile phone companies entered into tie ups with the various social organisations and launched a host of websites. The multinational companies in order to provide their services have developed formats to get extensive information of individuals.



Thereafter, the Government, in order to afford the cheapest services in the mobile industry, relaxed a number of clauses to provide licences to mobile companies. Apart from that, the Government updated its administrative machinery and most of the Public Institutions sought personal information of the individuals.



The service providers started to leak out the information of their clients to a host of websites with different purposes.The information included photographs which were digitally modified and used for various illegal activities which are offensive to the reputation of the individuals.

MEMORANDUM ON BEHALF OF THE RESPONDENT



In order to provide remedies for the said activities, the Government enacted the Information Technology Law and Regulation on the year 2000. However, this Law was seen to be lopsided as it does nothing to protect the privacy of the individuals and permits data banks to reveal the information to the Government as well as the other agencies approved by the Government on the name of the security of the Country. In the year 2008, the said law was extensively amended.



The Criminal Laws as well as the Law of Evidence have provisions in relation to the development of Information Technology. However, they need to be updated.

FACTUAL MATRIX: • Taking into account the background mentioned above, The Government decided upon

issuance of National identity cards to all the citizens before December, 2012. Apart from that, the Office of the Prime Minister sought the entire personal information of the individuals and for that reason, some of the mobile companies were approached. • Further, the Government authorised organisations like Police, Vigilance, etc to tap the mobile phones and encrypt the computer of any person in the country. • In order to avoid panic and ensure good governance, the Government conveyed to the

news channels that no item associated with the above issue be broadcast. •

The Opposition Parties opposed the said steps of the Government on the grounds of them being violative of Fundamental Rights as well as Human Rights inspite of Indiana being a party to various International Conventions on Human Rights.



The Government validated their act by putting it under the purview of Good Governance and on the pre note of the security of the Country.



The Ministry of Home Affairs of the Country issued a communiqué to state that the steps taken by the Government are only in consonance with the basic principles of the Constitution and the philosophical contours of Human Rights.

• It further stated that the paramount consideration of the Government is to provide security to all its citizens under any circumstances and to prevent the breach of security by foreign invaders. In this situation as argued by the opposition parties, privacy is not the only sole criteria to collect information of individuals by the state. MEMORANDUM ON BEHALF OF THE RESPONDENT

• The communiqué assured that the information received by the state in no way will be

either misused or leaked to private agencies for illegal purposes. • The communiqué also stated that the national security is of paramount interest and even

the human rights law is not above the interests of the state in providing security to its citizens. The state is only taking preventative measures protection of the individuals, especially from the massive attacks of terrorists and other national groups fighting for various reasons and killing innocent people. It also said that seeking of such information of individuals whenever it deem fit will effectively help the state to identify the acts of any group which tries to destabilize the peace and security of the country and the mass killings and other destructive activities aimed at the innocent lives of people. •

The Communiqué blamed the opposition parties as well as the Press for the exaggeration of the issue in order to gain popularity and create chaos in the Country while misguiding the people in the name of the infringement of the Right to Privacy.



It was also stated that if any individual or Organisation refuses to abide by the regulations passed by the Government, strict Criminal or Civil proceedings would be initiated by the State. It also empowered the police to take cognizance of any such incident in case of its occurrence in the Country.



Following this, the People’s Union for Human Rights wrote a letter to the Chief Justice of Indiana requesting intervention on the following grounds: 1. Violation of Right to Privacy as well as Law of Copyright. 2. Non atonement to the basic principles of Democratic Governance as well as Good Governance. 3. The action of mobile phone tapping will give rise to corruption within the Country and will further create loss to the Government. 4. To issue Directions for the State to amend the law on Information Technology and other necessary Civil and Criminal Laws. 5. Seeking further directions for the destruction of the data collected by the investigating agencies and the police. MEMORANDUM ON BEHALF OF THE RESPONDENT



Therefore, the present Petition.

ISSUE RAISED

1) Whether the said Petition is maintainable before the Honourable Supreme Court?

2) Whether there has been a violation of the Right to Privacy?

3) Whether the State is committing gross violations of the provisions of the Constitution as well as International obligations?

4) Whether the Government is legally justified to scrutinise Communications?

5) Whether the present laws with regard to Information Technology need amendments? MEMORANDUM ON BEHALF OF THE RESPONDENT

6) Whether relief is required to be granted by this Honourable Court in favour of the Petitioner, taking into consideration the Fundamental rights of the Citizens?

SUMMARY OF ARGUMENTS

MEMORANDUM ON BEHALF OF THE RESPONDENT

ARGUMENTS ADVANCED

1.

The Petition is not maintainable before the Honourable Supreme Court.

It is humbly submitted before the Honourable Supreme Court that, The said petition is not maintainable. The grounds for the said contention are as enlisted below: 1.1 There is no infringement of any Fundamental Right

The Writ Jurisdiction as enveloped under Article 32 of the Constitution of India suggests that it can be invoked only in case there is violation of any Fundamental Right mentioned in the Constitution. However, there has been no violation of any fundamental Right as enlisted. The Facts suggest that the Petition has been made before the Honourable Supreme Court stating that there has been a violation of the Right to Privacy as enshrined in the Constitution of India. However, there has been no violation to the Right to Privacy of the citizens. The Right to privacy as interpreted under Article 21 is not an absolute right. It is subject to the restriction of the Procedure established by Law. In the instant case, the Right to Privacy is subject to the restriction of Public Interest. Apart from that, the Constitution itself provides for the power of a State to make laws in relation to Institutions of National Security under Entry 65 of the Union list. The entry states the Central Government has the power to make laws with regard to:

Union Agencies and Institutions for: a. Professional, vocational or technical training, including the training of the Poilice

officers; or

MEMORANDUM ON BEHALF OF THE RESPONDENT

b. The promotion of special studies or Research; or c. Scientific and technical assistance in the investigation and detection of crime.

Apart from this entry, Entry 31 gives the power to the State to make laws with regard to the Posts and Telegraphs, telephones, wireless, broadcasting and other like forms of communication.

Therefore, we can say that the action of the State is very much as per the limitations determined by the Constitution and No where proves to be Utra vires the same. The Right to Privacy as determined by the Honourable Supreme Court in the case of Kharak Singh v. State of U.P1 is not valid in the instant case due to the difference in the nature of the two cases. The instant case comes after a series of Terrorist attacks as well as instances of violation of the National Security. The above steps mentioned act as a step towards the protection of the larger interest of the citizens.

1.2 No writ can be invoked under Article 32 of the Constitution of India.

The Article 32 of the Constitution of India suggests that a Writ can be filed only in case of there being an absence of an Alternate Remedy. However, in the instant case, the Indian Penal Code suggests an alternative remedy under Section 500 for Degfamation.In such a scenario, the writ for mandamus cannot be invoked. The Constitution of India suggests that the writ of mandamus can be invoked under Article 32 only in case of violation of a Fundamental Right. However, in the instant case, there has been no violation of any Fundamental right. More so, in the case of Cooverji v. Excise Commisioner2 states that, “A mere irregularity however in an authority exercising its power is not a sufficient ground for issue of the Writ.” 1 2

AIR 1963 SC 1295 AIR 1954SC220

MEMORANDUM ON BEHALF OF THE RESPONDENT

In the instant case, there is absolutely no form of illegality as all the guidelines given by the Judiciary as well as the legislature have been followed. Moreover, the Article 246 (1) of the Constitution of India gives the Parliament the exclusive power to make laws with respect to any of the matters enumerated in List I in the Seventh Schedule (Union List). This power of Parliament is unfettered by Article 246(2) and (3). The entry Article 246 (2) of the Constitution of India gives the Parliament and the State Legislature the power to make laws with respect to any of the matters enumerated in List III in the Seventh Schedule (Concurrent List). The power of the State Legislature is subject to Article 246(1) while the power of Parliament is unfettered by Article 246(3). Article 246 (3) of the Constitution of India gives the State Legislature the exclusive power to make laws with respect to any of the matters enumerated in List II in the Seventh Schedule (State List). This power of the State Legislature is subject to Article 246(1) and (2). In the absence of a specific privacy related regulation in India, IT (Amendment) Act, 2008 – clause 43A is a step in the right direction to protect the privacy rights of the individual in the digital economy. However, the IT (Amendment) Act, 2008 limits its scope to ‘implementing and maintaining reasonable security practices and procedures’ when possessing, dealing and handling of the sensitive personal data by ‘body corporate’ and does not specifically address the ‘collection’ and ‘use’ of this sensitive data by the ‘body corporate’ amongst other prevalent privacy principles, though the Indian government is expected to include Privacy Principles through the issuance of rules pertaining to clause 43A, ITAA 2008. It is critical to address all the principles of privacy other than processing, dealing and handling of information as each privacy element is a critical ‘cog’ in the ‘wheel’ of data protection regime (‘security’ being one of the privacy elements). Adopting all the applicable principles of privacy in the ITAA 2008, clause 43A becomes even more critical from an Indian context as Indians are less aware and educated about their privacy rights and it is the responsibility of the Indian Government to protect their privacy by penalizing information misuse. The Indian legal system addresses cyber security and data protection issues with various enactments, namely (i) The Indian Telegraph Act, 1885 (ii) The Indian Contract Act, 1872 (iii) The Specific Relief Act, 1963

MEMORANDUM ON BEHALF OF THE RESPONDENT

(iv) The Public Financial Institutions Act, 1983 (v) The Consumer Protection Act, 1986 (vi) The Credit Information Companies (Regulations) Act, 2005 (vii) The IT (Amendment) Act, 2008

2.

There is no violation of the Right to Privacy.

2.1 The Right to privacy “The law does not determine what privacy is, but only what situations of privacy will be afforded legal protection3.” The above statement refers to the legal protection afforded to the Privacy in India. The concept of Privacy has undergone Judicial Activism through Various case laws and it can be said that it is not an absolute right. It is subject to reasonable restrictions. In the case of Gobind v. State of M.P4.,The Supreme Court laid down that “ …………privacydignity claims deserve to be examined with care and to be denied only when an important countervailing interest is shown to be superior. If the Court does find that a claimed right is entitled to protection as a fundamental privacy right, a law infringing it must satisfy the compelling State interest test………” If one follows the judgments given by the Hon’ble Supreme Court, three themes emerge5: (1) That the individual’s right to privacy exists and any unlawful invasion of privacy would make the ‘offender’ liable for the consequences in accordance with law; (2) That there is constitutional recognition given to the right of privacy which protects personal privacy against unlawful governmental invasion;

3

Hyman Gross, The Concept of Privacy, 42 N.Y.U.L. Rev. 36, 36 (1967). (1975) 2 SCC 148 5 Sharma, Vakul. Information Technology-Law & Practice. Delhi: Universal Law Publishing Co. Pvt. Ltd, 2004. 4

MEMORANDUM ON BEHALF OF THE RESPONDENT

(3) That the person’s “right to be let alone” is not an absolute right and may be lawfully restricted for the prevention of crime, disorder or protection of health or morals or protection of rights and freedom of others; The third theme is most valid here. The Right to privacy cannot be taken as an absolute right especially when the Security of the majority is at stake. The instant case comes in the scenario of the recent terrorist activities that have shaken the very basics of the establishment of the defence of India. It is evident, from a detailed examination of the Constitutional position and the history of the right to privacy in India that the right must be made subservient to the national interest and national security at all times. It is also important to note that the formulation of safeguards by Justice Kuldip Singh in the P.U.C.L case is remarkably similar to the safeguards devised by the OECD. There is however, one important exception. The OECD guidelines make it clear that the person who is the subject of the investigation should be consulted before any kind of action is taken. This position has been rejected in P.U.C.L. since it may result in rendering the idea of surveillance or information gathering useless. It may be mentioned that in certain cases, the matter could be referred to the judiciary for prior review6. At such an instance, the Government has all authority to formulate laws that protect the nation’s foundation. Hence, the action taken by the Government to collect the information from the people for the purpose national security is valid and bona fide in nature.

6

Privacy and the Indian Constitution: A Case Study of Encryption, Dr..Nehaluddin Ahmad

MEMORANDUM ON BEHALF OF THE RESPONDENT

3. The State has not committed any gross violations of the Constitution of India International Obligations. 3.1. The State has adhered to the norms of the Constitution as well as the International Obligations when it comes to Governance. The International obligations state clearly that the Freedom of a person with regard to Speech and Expression must be protected. The Government here is in no manner in contravention to the same. The present scenario is not with an intention to curtail the rights of an individual but to protect the freedom of the majority. The intention here is also to be in consonance with the Global standards and strengthen the data privacy system. With the evolving data privacy ecosystem, Indian Government is also gearing to strengthen the privacy protection measures. Amendments in IT Act 2000 in year 2008 reflect government’s commitment towards the need of hour and strengthening the data protection regime in India. ITAA 2008, clause 43A is a step in the right direction as it intends to protect ‘sensitive personal information’ by penalizing body corporate that fails to implement ‘reasonable security practices’. Further to ITAA 2008, Department of Personnel and Training (DoPT) under Government of India is also working on enacting India’s first ‘specific’ law to safeguard privacy. Once in place, the law will effectively recognize the right to privacy of an individual. It is likely to contain specific rules that will address any breach of a citizen’s right to privacy and include safeguards against potential violations of the law even by the government. Where government is ascertaining the measures for protecting the individual privacy; regulatory bodies, law enforcement agencies (LEA), businesses and corporates also hold equal responsibility. The regulatory bodies shall be made to understand the industry specific privacy needs and issue specific and granular set of guidelines in order to provide direction and guidance to the industry under their purview. The responsibility of the businesses and corporates to build, implement and continuously monitor a risk based data protection program, create awareness amongst individuals / employees / customers / consumers and ensure compliance to data protection laws either through self regulation or co-regulation is to be reinforced.

MEMORANDUM ON BEHALF OF THE RESPONDENT

NASSCOM has established DSCI as not-for-profit, independent entity – a Section 25 Company, that is governed by corporate laws, with an independent Board of Directors. It is a SRO. DSCI’s Charter & Mission are as follows: a. Public Advocacy on data protection and cyber security, both in India and abroad: Engage with governments, law enforcement agencies and judiciary for a strong and credible data protection regime through appropriate policy instruments. b. Capacity Building through security and privacy awareness seminars, workshops, trainings, and conferences c. Thought Leadership: Develop, Promote and Implement Best Practices and Standards for Data Security and Data Privacy d. Independent Oversight as a credible and committed body that would oversee data security and privacy implementations and evolve a mechanism to provide independent assurance over service provider’s preparedness. e. Establish a Dispute Resolution Mechanism based on Alternative Dispute Resolution Procedures acceptable to clients and service providers f. Cyber Crimes Speedier Trials through training of law enforcement agencies and judiciary in cyber forensics

At the same time, The Indian Parliamenty has clearly stated under Section 72 of the Act, establishing an Information Technology Offence of “Breach of Confidentiality and Privacy” reads as under: “72. Breach of confidentiality and privacy.—Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.” The nature of the penalty can be seen to state that the liability can be as good as a criminal liability. This in itself reveals the bona fide intention of the Government. MEMORANDUM ON BEHALF OF THE RESPONDENT

4.

The State has the power to scrutinise communication.

4.1 The Indian Telegraph Act, 1885 as well as the Information Technology Act, 2000 have expressly provided for provisions in relation to the telephone tapping. They state that the Government has full authority to scrutinise any activity in such a scenario. The Indian Telegraph act, 1885 has stated in Section 5(2) that the Government has the power to intercept the communication between two parties in any form. This is valid in case of any kind of Public emergency as well as the security of the State. Apart from that, the messages that may lead to any form of disruption of Public Order may be intercepted or detained. In the given case, the Security of the Country is at Stake. In the light of the terrorist activities that have shaken Indiana, it is essential to devise such laws that would help in the betterment of the security. Hence, the Central Government has exercised its power under The Indian telegraph Act, 1885. The section 10 Information Technology Act, 2000 also gives power to the Central Government to prepare laws in relation to digital signatures. Hence, in order to secure the nation’s best interest, the Central Government can amend as well as create laws.

The PUCL7 judgment delivered by Kuldip Singh, J., took a broad overview of the development of the right to privacy as a constitutional right in India and held that telephone tapping was definitely a move against privacy and, therefore, ought not to be permitted except in the gravest of grave circumstances such as a public emergency.

7

People’s Union of Civil Liberties v. Union of India and Anr, AIR1997SC568.

MEMORANDUM ON BEHALF OF THE RESPONDENT

5.

The Laws with regard to Information Technology are sufficient at the present stage.

5.1 The Indian Parliament enacted an Act called the Information Technology Act, 2000. It received the assent of the President on the 9th June, 2000 and is effective from 17th October, 2000. This Act is based on the Resolution A/RES/51/162 adopted by the General Assembly of the United Nations on 30th January, 1997 regarding the Model Law on Electronic Commerce earlier adopted by the United Nations Commission on International Trade Law (UNCITRAL) in its twenty-ninth session. The aforesaid resolution of the U.N. General Assembly recommends that all States give favourable consideration to the Model Law on Electronic Commerce when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper-based methods of communication and storage of information. It was a foresight on the part of the Government of India to initiate the entire process of enacting India’s first ever information technology legislation in the year 1997 itself. There were three objectives: (a) to facilitate the development of a secure regulatory environment for electronic commerce by providing a legal infrastructure governing electronic contracting, security and integrity of electronic transactions; (b) to enable the use of digital signatures in authentication of electronic records; and (c) to showcase India’s growing IT prowess and the role of Government in safeguarding and promoting IT sector and attracting FDI in the said sector. It is important to understand that while enacting the Information Technology Act, 2000, the legislative intent has been not to ignore the national or municipal (local) perspectives of information technology and also to ensure that it should have an international perspective as advocated by the UNCITRAL Model Law on Electronic Commerce. Enumeration of the main principles of the Information Technology Act, 2000 It is significant to note that by enactment of the Information Technology Act, 2000, the Indian Parliament provided a new legal idiom to data protection and privacy. The main principles on data protection and privacy enumerated under the Information Technology Act, 2000 are: (i) defining ‘data’, ‘computer database’, ‘information’, ‘electronic form’, ‘originator’, ‘addressee’ etc. (ii) creating civil liability if any person accesses or secures access to computer, computer MEMORANDUM ON BEHALF OF THE RESPONDENT

system or computer network (iii) creating criminal liability if any person accesses or secures access to computer, computer system or computer network (iv) declaring any computer, computer system or computer network as a protected system (v) imposing penalty for breach of confidentiality and privacy (vi) setting up of hierarchy of regulatory authorities, namely adjudicating officers, the Cyber Regulations Appellate Tribunal etc. Further, the Information Technology Act, 2000 defines certain key terms with respect to data protection, like access [S.2 (1)(a)], Computer [S.2 (1)(i)], Computer network [S.2 (1)(j), Computer resource [S.2 (1)(k)], Computer system [S.2 (1)(l)], Computer database [S.43, Explanation (ii)],Data [S.2 (1)(o)], Electronic form [S.2 (1)(r)], Electronic record [S.2 (1)(t], Information [S.2 (1)(v)], Intermediary [S.2 (1)(w)], Secure system [S.2 (1)(ze)] and Security procedure [S.2 (1)(zf)]. The Information Technology Act, 2000 provides for civil liability in case of data, computer database theft, privacy violation etc. The Act provides a complete Chapter (Chapter IX) on cyber contraventions, i.e., section 43 (a) – (h) which cover a wide range of cyber contraventions related to unauthorised access to computer, computer system, computer network or resources. Section 43 of the Act covers instances such as: (a) computer trespass, violation of privacy etc. (b) unauthorised digital copying, downloading and extraction of data, computer database or information;. theft of data held or stored in any media, (c) unauthorised transmission of data or programme residing within a computer, computer system or computer network (cookies, spyware, GUID or digital profiling are not legally permissible), (d) data loss, data corruption etc., (e) computer data/database disruption, spamming etc., (f) denial of service attacks, data theft, fraud, forgery etc., (g) unauthorised access to computer data/computer databases and (h) instances of data theft (passwords, login IDs) etc. The Information Technology Act, 2000 provides for criminal liability in case of data, computer database theft, privacy violation etc. The Act also provides a complete Chapter (Chapter XI) on cyber offences, i.e., sections 65-74 which cover a wide range of cyber offences, including offences related to unauthorised alteration, deletion, addition, modification, alteration, destruction, duplication or transmission of data, and computer database. For example, section 65 [Tampering with computer source documents] of the Act is not limited to protecting computer source code only, but it also safeguards data and computer databases; and similarly section 66 [Hacking with Computer System] covers cyber offences related to (a) Illegal access, (b) Illegal interception, (c) Data MEMORANDUM ON BEHALF OF THE RESPONDENT

interference, (d) System interference, (e) Misuse of devices, etc. Page 10 of 11 Interestingly, section 72 [Penalty for breach of confidentiality and privacy] is aimed at public (and private) authorities10, which have been granted power under the Act to secure access to any electronic record, book, register, correspondence, information, document or other material information. The idea behind the aforesaid section is that the person who has secured access to any such information shall not take unfair advantage of it by disclosing it to the third party without obtaining the consent of the disclosing party. Proposed amendments to the Information Technology Act, 2000 vis-à-vis data protection and privacy The Expert Panel constituted by the Department of Information Technology, Ministry of Information Technology, Government of India in its recommendations proposed following amendments in the Act to strengthen data protection and privacy: Section 43, Explanation (v) “Reasonable security practices and procedures” means, in the absence of a contract between the parties or any special law for this purpose, such security practices and procedures as appropriate to the nature of the information to protect that information from unauthorized access, damage, use, modification, disclosure or impairment, as may be prescribed by the Central Government in consultation with the self-regulatory bodies of the industry, if any. Section 43, Explanation (vi) “Sensitive personal data or information” means such personal information, which is prescribed as “sensitive” by the Central Government in consultation with the self-regulatory bodies of the industry, if any. It is obligatory to note that not only the aforementioned proposed amendments would pave the way of self-regulation in terms of defining what constitute: “reasonable security practices and procedures” and “sensitive personal data or information” but also grant statutory protection to sensitive personal data. These public and private authorities may be referred as ‘data collectors’ or ‘data users’. Expert Panel submitted its report in August, 2005 Page 11 of 11 Further, the proposed amendments have enlarged the scope of section 66 by making it consistent with the provisions of the Indian Penal Code, 1860, and also providing extent of criminal liabilities in case of data, computer database theft, privacy violation etc. Moreover, newly proposed sub-section (2) of section 72 makes the intermediaries (network service providers) liable for data and privacy violations. Now, such intermediaries to pay damages by way of compensation to the subscriber so affected. 6.

The relief cannot be granted in favour of the Petitioner. MEMORANDUM ON BEHALF OF THE RESPONDENT

6.1. As per the arguments advanced, we can say that the Government is not at the fault here since the State is taking measures to ensure the privacy of the citizens. The Government is not in violation of the With the evolving data privacy ecosystem, Indian Government is also gearing to strengthen the privacy protection measures. Amendments in IT Act 2000 in year 2008 reflect government’s commitment towards the need of hour and strengthening the data protection regime in India. ITAA 2008, clause 43A is a step in the right direction as it intends to protect ‘sensitive personal information’ by penalizing body corporate that fails to implement ‘reasonable security practices’. Further to ITAA 2008, Department of Personnel and Training (DoPT) under Government of India is also working on enacting India’s first ‘specific’ law to safeguard privacy. Once in place, the law will effectively recognize the right to privacy of an individual. It is likely to contain specific rules that will address any breach of a citizen’s right to privacy and include safeguards against potential violations of the law even by the government. Where government is ascertaining the measures for protecting the individual privacy; regulatory bodies, law enforcement agencies (LEA), businesses and corporates also hold equal responsibility. The regulatory bodies need to understand the industry specific privacy needs and issue specific and granular set of guidelines in order to provide direction and guidance to the industry under their purview. Law enforcement bodies need to update themselves with latest technology, trends, etc. and need to regularly hone their skills to combat cyber crime. The responsibility of the businesses and corporates is to build, implement and continuously monitor a risk based data protection program, create awareness amongst individuals / employees / customers / consumers and ensure compliance to data protection laws either through self regulation or co-regulation. NASSCOM has established DSCI as not-for-profit, independent entity – a Section 25 Company, that is governed by corporate laws, with an independent Board of Directors. It is a SRO. DSCI’s Charter & Mission are as follows:

MEMORANDUM ON BEHALF OF THE RESPONDENT

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF