Data protection law mulled

 The government is planning to introduce a law on data protection, which will regulate the working of Indian business process outsourcing (BPO) companies. The proposed legislation will provide a framework to govern the use of customer data by Indian companies and prevent any misuse.

 This will be the first attempt by the government to regulate the working of call centres and BPO companies. The proposed law will cover areas like financial transactions, unsolicited bulk e-mails, hacking and unauthorised access to personal information, such as health information, credit card and other personal details.

 The new law has been necessitated by an European Union (EU) directive, which insists on EU member states restricting outsourcing to countries that fulfil certain data protection requirements.

 Government sources said the law would not only cover companies offering outsourcing services to overseas customers, but also those operating in the domestic market.

 The government has also set up an expert group to review the existing legal framework in the country, including the IT Act, 2000, and suggest specific changes.

 According to the sources, the proposed law will not only have provisions to protect the privacy of individuals and companies, but will also set stringent conditions on the use of personal information by companies in India.

 The sources also said the government might introduce the law as a separate legislation or may amend the IT Act to incorporate various clauses on data protection.