In India's IT Rules 2011, which is included in the definition of "sensitive personal data"?
In India's IT Rules 2011, which is included in the definition of "sensitive personal data"?
In India's IT Rules 2011, 'sensitive personal data' includes information that is intimate and potentially vulnerable if disclosed, such as sexual orientation. This aligns with the regulations that aim to protect such personal information from unauthorized access or misuse.
Passwords, Financial information, physical or mental or physiological conditions,sexual orientation, medical records and history and biometric data provided that the information is not freely available/accessible in public domain or furnished under the Right to Information Act
3. Sensitive personal data or information.— Sensitive personal data or information of a person means such personal information which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.