In the recent years India has emerged as one of the preferred destinations for offshore business outsourcing. Financial services, educational services, legal services, banking services, healthcare services, marketing services and telecommunication services . The factors that have turned India into one of the hotspots for offshore outsourcing are the educated and unemployed masses, enterprising nature of Indians who have excellent spoken English skills and relatively cheap labour.
In June 2005, one BPO was in the eye of the storm when one of its employees sold personal data belonging to a large number of British nationals to an undercover reporter from the British tabloid ‘The Sun’. The incident sparked off a debate among the offshore industry circles, media and the legal world as to how safe foreign data is in Indian hands. The discussions were also veered towards the need for some kind of protection for personal data in India which is absent currently.
Data Protection Issues have time and again raised concern in the authorities about the cyber extortion, privacy, confidentiality, data protection and national security. With the increasing penetration in the online usage of more and more people towards internet, e-banking, e-shopping etc. the concerns of data protection and related issues are growing day by day.
Privacy is closely connected to Data Protection. An individual’s data like his name address, telephone numbers, profession, family, choices, etc. are often available at various places like schools, colleges, banks, directories, surveys and on various web sites.
Passing on such information to interested parties can lead to intrusion in privacy like incessant marketing calls.
It would be a misnomer to say that India does not have ‘data protection’ legislation at all.
This is factually wrong. The fact is that there exists data protection legislation in India.
The subject matter of data protection and privacy has been dealt within the Information
Technology Act, 2000 but not in an exclusive manner.
Data protection is not a subject in any of the three lists in Schedule VII of the
Constitution of India. But Entry 97 of List 1 states: “any other matter not enumerated in
List II and List III …….” Thus only the Indian Parliament is competent to legislate on
data protection since it can be interpreted as any other matter not enumerated in List II
and List III.
Data protection is, thus, a Central subject and only the Central Government is competent
to frame legislations on issues dealing with data protection. In fact, the Information
Technology Act, 2000,and the Indian Copyright Act, 1957 , enacted by the Indian Parliament are the main legislations in this field, which contains provisions on data protection. There is also a proposed Personal Data Protection Bill, 2006, which deals with the protection of personal data.
THE INFORMATION TECHNOLOGY ACT, 2000
The Indian Parliament enacted an Act called the Information Technology Act, 2000. It
received the assent of the President on the 9th June, 2000 and is effective from 17th October, 2000. This Act is based on the Resolution A/RES/51/162 …