In today’s digital age, data privacy is more important than ever. As a business professional, it’s essential to be well-versed in the Data Protection Under the IT Act 2000 so you can protect your company’s confidential information. This act sets out specific regulations governing the collection, use, and disclosure of personal data by organizations operating in India. In this blog post, we’ll provide an overview of the key provisions of the act and how they may impact your business. Stay safe online!
Data Protection under IT ACT 2000
Every industry has its own set of regulations, laws, and standards, which often change over time. Risk managers need to make sure that their company or organization is compliant with these standards and regulations at all times. So, failure to be compliant can result in fines or other penalties.
The company or organization imposes this in question. So, this section is about “Misuse of sensitive personal data or sensitive personal data of a deceased person”. Under Section 43, any person who:
1. Obtains or has access to any sensitive personal data in any manner whatsoever.
2. In any manner whatsoever discloses or publishes or makes available to any other person. Also, these are such sensitive personal data without the approval of the person and the authority.
3. In any manner whatsoever discloses or publishes or makes available to any other person. So, these are such sensitive personal data without the consent of the authority. Also, the ACT may prescribe, in contravention of any law for the time being in force.
4. In any manner whatsoever obtains for himself or another person access to such sensitive personal data.
5. Knowingly, it helps, permits, facilitates, or encourages another person to do any of the above acts shall be punishable. So, that is with imprisonment for a term that shall not be less than six months. However, this may extend to five years and with a fine which shall not be less than one lakh rupees. Thus, this may extend to ten lakh rupees.
Provided that nothing contained in this sub-section shall apply if:
First, if the public servant creates the disclosure. Second, if the disclosure is made under the direction of a Court, Tribunal, or Committee established by law. Third, if the disclosure is made under the direction of an officer who has been authorized by a Court, Tribunal, or Committee established by law for this purpose;
Fourth, the disclosure is made under any law relating to taxation. Fifth, the disclosure is made with the written authorization of the Controller. Sixth, the disclosure is made with the written authorization of an officer authorized by the Controller on this behalf;
Seventh, such disclosure is made while acting under the color of legal proceedings. Furthermore, such disclosure is made from information published or otherwise available to the public from other sources. Lastly, such disclosure is made by a credit information agency registered under section 27A of this Act.
So, the purposes if for providing credit information services as defined therein and to maintain records thereof as per regulations framed thereunder. Also, such disclosure, if such sensitive personal data are disclosed in the interest of national security. And such disclosure, if such sensitive personal data are disclosed in the interest of preventing or detecting crime;