Applicable law India
He Information Technology (Amendment) Act, 2008 made significant changes to the Information Technology Act, 2000, introducing Section 43A. This section provides compensation in the case where a body corporate that possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person.
- Clear and easily accessible statements of its practices and policies.
- Type of personal or sensitive personal data or information collected.
- Purpose of collection and usage of such information.
- Disclosure of information including sensitive personal data or information.
- Reasonable security practices and procedures.