What is Privacy Policy
A company, firm, sole proprietorship, association of individuals, NGO etc which is engaged in any commercial / professional activity and is handling any sensitive personal data or information of third parties in a digital format, needs to implement reasonable security practices and procedures.
Under regulation/s, implementation of security practices and procedures is a mandatory requirement.
The security practices and procedures are typically documented and maintained in the form of a Privacy Policy.
What is sensitive personal data or information
The regulation/s state the following information as sensitive personal data or information:
- Password
- Financial information such as Bank account or credit card or debit card or other payment instrument details
- Physical, physiological and mental health condition
- Sexual orientation
- Medical records and history
- Biometric information
What is included in a Privacy Policy
The following information is typically included in a Privacy Policy:
- Fact that information is being maintained in digital format
- Purpose of collection of information
- Intended manner in which the information is being used and disclosed
What are the regulations on dealing with sensitive data or information maintained in digital format
The key legal provisions are stated in the following:
- The Information Technology Act, 2000
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- The Information Technology (Intermediaries Guidelines) Rules, 2011
The above article provides a general overview on the topic. For further information, kindly contact services@jneela.com.