Industry decries lack of data protection law

Govt not doing much to protect data owned by Indians: Experts

While the IT Act is being amended to deal with international concerns related to cyber crimes, very little is being done on the data protection law, required to protect the data owned by Indians.

"While the IT Act needs to be amended for prevention of theft of digital information owned by the foreign clients of the IT companies, a data protection law is equally important to protect data owned by Indians," said Raghu Raman, CEO, Mahindra Special Security Group.

Thus all companies collecting, storing or transporting any information regarding Indian citizens like credit cards, bank account numbers or driving license would come under the purview of the data protection law.

The law, as in the US and UK, would require that the companies seek the permission of their clients before they disclose any such information.

So, while India has no laws to protect the privacy of Indians, the US has vertical-specific and state-wise privacy laws and UK has the UK Data Protection Act, 1998.

The alleged theft of data owned by UK citizens, however, will not be covered under a data protection law and would require amendments in the existing IT Act. Presently, the Act does not address the issue of prevention of misdeamenour of stealing.

"The Act needs to be more unambiguous to clearly define incidence and should include forensic evidence", said Sivarama Krishnan, Associate Director, PwC.

Under the law, only government and enforcement officials are penalised for disclosure of unauthorised information to third party, while employees of an organisation are not covered.

Concerns relating to privacy of data while offshoring to India will be addressed by amending the existing IT Act. Not suprisingly, industry association Nasscom feels there is no need for a data protection law.

"A data protection law is not required in India as we have a fairly robust mechanism to deal with cyber crime, all that we require is amendments pertaining to unauthorised access in the present IT Act," says Sunil Mehta, vice-president, Nasscom.

Most lawyers and consultants, however, feel that mere amendments to the IT Act will not address any privacy issues that plague Indian citizens.