What is Website Privacy Policy?

Applicable law India

He Information Technology (Amendment) Act, 2008 made significant changes to the Information Technology Act, 2000, introducing Section 43A. This section provides compensation in the case where a body corporate that possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person.

In 2011, the Government of India prescribed the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011by publishing it in the Official Gazette. These rules require a body corporate to provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information. Such a privacy policy should consist of the following information in accordance with the rules:

  • Clear and easily accessible statements of its practices and policies.
  • Type of personal or sensitive personal data or information collected.
  • Purpose of collection and usage of such information.
  • Disclosure of information including sensitive personal data or information.
  • Reasonable security practices and procedures.

The privacy policy should be published on the website of the body corporate, and be made available for view by providers of information who have provided personal information under lawful contract.