<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>As follow up to my previous message, sharing an article below about new</div><div>privacy law in India.</div><div>Lynn</div><blockquote id="replyBlockquote" webmail="1" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size:10pt; color:black; font-family:verdana;"><div id="wmQuoteWrapper">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
This From: InformationWeek, May 5, 2011<br>
<a href="http://www.informationweek.com">http://www.informationweek.com</a><br>
<br>
India Adopts New Privacy Rules<br>
<a href="http://www.informationweek.com/news/government/policy/229402835">http://www.informationweek.com/news/government/policy/229402835</a><br>
<br>
Organizations doing business in India may be forced<br>
to re-evaluate how they handle personal information.<br>
<br>
By Thomas Claburn InformationWeek<br>
May 05, 2011 08:00 AM<br>
<br>
Amid worldwide lobbying by IT companies to promote the harmonization of data<br>
protection laws for the sake of cloud computing, India last month quietly<br>
issued new privacy rules that impose significant limitations on how<br>
businesses can handle personal information.<br>
<br>
The Information Technology (Reasonable Security Practices and Procedures and<br>
Sensitive Personal Data or Information) Rules, 2011, or "Privacy Rules,"<br>
were issued in April to implement India's 2008 IT Security Act amendment.<br>
<a href="http://ibnlive.in.com/news/read-the-controversial-internet-control-rules/150319-53.html">http://ibnlive.in.com/news/read-the-controversial-internet-control-rules/150319-53.html</a><br>
<br>
Because the rules implement an existing law, they did not undergo the<br>
prolonged period of public comment and industry input that typically<br>
precedes the passage of a law. Nonetheless, they "have all the force of a<br>
full-blow data privacy law," said Miriam Wugmeister, head of the global<br>
privacy practice at law firm Morrison & Foerster, in a phone interview.<br>
<br>
ISPI note - also see:<br>
<br>
"India's New Privacy Regulations"<br>
Morrison & Foerster Client Alert - May 4, 2011<br>
By Miriam H. Wugmeister and Cynthia J. Rich<br>
PDF: <a href="http://tinyurl.com/3r8ta85">http://tinyurl.com/3r8ta85</a><br>
<br>
The degree to which companies will comply with these rules remains unclear,<br>
as does the extent to which Indian authorities will enforce them. But<br>
Wugmeister believes the new privacy regime has the potential to dramatically<br>
affect the business landscape for IT companies in India and for overseas<br>
companies that contract IT services with Indian companies.<br>
<br>
The Privacy Rules oblige organizations to notify individuals when their<br>
personal information is collected via letter, fax, or email. They require<br>
covered organizations to make a privacy policy available, to take steps to<br>
secure personal information, and to offer a dispute resolution process<br>
related to the collection and use of personal information.<br>
<br>
"The law applies to all companies in India getting any information from<br>
anywhere," said Wugmeister. "On the face of it, it doesn't exempt the<br>
service provider."<br>
<br>
What this means is that any personal collected in India, or outside of India<br>
and transferred into the country, is governed by these rules. As a<br>
consequence, Wugmeister suggests that outsourcing providers in India may be<br>
required to notify every person seeking assistance at a call center about<br>
their data handling practices and to obtain consent to handle personal data.<br>
Outsourcing providers, she says, may also be forced to make sure their<br>
customers' data handling practices match the requirements laid down in the<br>
new rules. <| Powered by <a href="http://www.ISPIClips.com">www.ISPIClips.com</a> |><br>
<br>
India's new Privacy Rules arrive as large IT companies like Microsoft are<br>
calling for more consistent international privacy and data protection laws,<br>
so cloud computing companies can transfer data across borders without legal<br>
uncertainty.<br>
<br>
"[W]ith the migration to the cloud, it is increasingly important that data,<br>
in fact, be able to move across borders, and even around the world, albeit<br>
with real and effectively legal safeguards," argued Microsoft's general<br>
counsel Brad Smith in a speech delivered to the French National Assembly in<br>
January. <a href="http://www.microsoft.com/presspass/exec/bradsmith/01-24-11fna.mspx">http://www.microsoft.com/presspass/exec/bradsmith/01-24-11fna.mspx</a><br>
<br>
India's new rules may reflect a desire by lawmakers to court cloud computing<br>
providers, particularly those in the E.U., where data protection laws are<br>
stringent. But winning business from the E.U. may come at a cost. U.S<br>
companies may not want to adhere to India's relatively strong standards and<br>
could seek outsourcing partners in other countries.<br>
<br>
Given the importance of IT to India, however, it seems likely that overly<br>
burdensome regulations will be relaxed, go unenforced, or be superseded by<br>
subsequent legislation.<br>
<br>
<br>
<br>
Copyright © 2011 UBM TechWeb, All rights reserved.<br>
<br>
<br>
~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~<br><br>
</div>
</blockquote></span></body></html>