Section 43A was amended by India's IT Rules 2011 to include?
Section 43A was amended by India's IT Rules 2011 to include?
Section 43A was amended by India's IT Rules 2011 to include a definition of what constitutes reasonable security practices. This amendment outlines the security practices and standards that organizations must adopt to ensure the protection of sensitive personal data, specifying the need for a comprehensive information security program and policies to address managerial, technical, operational, and physical security measures.
A. This is mentioned in Rule 8 of the IT Rules.
Section 43A and the 2011 Rules 3-8 In 2011, delegated legislation made under section 43a of the IT Act created a data privacy regime. However, the rules are perhaps ultra vires, apply only to very strict definitions of sensitive data, and provide rights of action only to the “providers of data”. Rule 8: Reasonable Security “Such security practices and standards have a comprehensive documented info sec program and info sec policies that contain managerial, technical, operational, and physical security control measures that are commensurate with the info assets being protected with the nature of business.” “In the event of an info sec breach, the body corporate … shall be required to demonstrate [to agency] that they have implemented security control measures as per their documented info sec program and policies.” Burden of proof in R8 likely does not override 43A’s standard of negligence. But does have separate obligation to demonstrate security.