RSS FeedOutsourcing
India exempts IT outsourcers from new privacy rules

India exempts IT outsourcers from new privacy rules

India's outsourcing industry breathes a sigh of relief as the government exempts it from strict new data protection rules

By | CIO US | Published 15:45,

Personal data sent to India by customers outsourcing IT work there will not be covered by India's new privacy rules, the government announced in late August, and a recent government clarification has come as a huge relief to India's large outsourcing industry.

The data privacy rules, issued in April, require companies or their intermediaries to get written consent from individuals about the use of the sensitive personal information they collect. But it would have been very difficult for Indian outsourcers to operate if they had to get written consent from every foreign citizen whose personal data moves through India's vast collection of call centres and other outsourcing operations.

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

India's Ministry of Communications and Information Technology issued a clarification saying the new rules apply only to Indian companies that collect information from individuals. That ended confusion over whether European and US companies sending data for processing to Indian outsourcers would have to follow India's privacy rules while collecting data in their countries.

The rules define "sensitive data" as including passwords, financial information, medical conditions, sexual orientation and biometric information.

It is now clear that it is the companies collecting and sending the data-not outsourcers-that are responsible for protecting the privacy of the data according to the rules of the countries they operate in, says Kamlesh Bajaj, CEO of the Data Security Council of India. The council was set up by India's National Association of Software and Service Companies to set standards for data security and privacy for outsourcers.

However, the preferential treatment given to outsourcers could be struck down in court, says Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court. The clarification has not been issued under any provision of the country's IT Act, and in fact violates the spirit of the IT Act, which does not limit the jurisdiction of its laws to companies within India, Duggal says.

The clarification is also vague and could lead to a variety of companies claiming to be exempt from the personal data rules, he adds.

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

Join the HP Business Answers Linkedin Community

Read the most recent discussions

Read more at the HP Business Answers Linkedin Community

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *