Data Protection Laws In India

The primary Indian legislation which regulates data privacy is the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“I.T. Rules”) under the Information Technology Act, 2000 (“ITA”). The I.T. Rules are implemented by the Department of Electronics and Information Technology (“I.T. Department”). The I.T Rules seek to regulate disclosure, collection and storage of what is termed ‘sensitive personal data or information’ (“Protected Data”).

Section 43A of the ITA, 2000 addresses the penalties for non-compliance by a recipient of Protected Data under the I.T. Rules. The section provides for penalizing the recipient of Protected Data for non-compliance, by way of imposing compensation of up to Rs. 50,000,000.

After the Act was enacted, which are the major amendments which have been done?

The Indian Penal Code, 1860. The Indian Penal Code was amended by inserting the word ‘electronic’ thereby treating the electronic records and documents on a par with physical records and documents. The Sections dealing with false entry in a record or false document, etc. have since been amended as ‘electronic record and electronic document’. Now, electronic record and electronic documents has been treated the same as physical records and documents during commission of acts of forgery or falsification of physical records in a crime.

The Indian Evidence Act 1872. Prior to enactment of ITA, all evidences in a court were in the physical form only. After existence of ITA, the electronic records and documents were recognized. The definition part of Indian Evidence Act was amended as “all documents including electronic records” were substituted. Other words e.g. ‘digital signature’ and ‘electronic form’ were also inserted to make them part of the evidentiary importance under the Act.

The Bankers’ Books Evidence (BBE) Act 1891. Before passing of ITA, a bank was supposed to produce the original ledger or other physical register or document as evidence before a Court. After the enactment of ITA, the definitions part of the BBE Act stood amended as: “bankers ‘ books’ include ledgers, day-books, cashbooks, account-books and all other books used in the ordinary business of a bank whether kept in the written form or as printouts of data stored in a floppy, disc, tape or any other form of electro-magnetic data storage device”. The above amendment in the provisions in Bankers Books Evidence Act recognized the printout from a computer system and other electronic document as a valid document during course of evidence, provided, such print-out or electronic document is accompanied by a certificate in terms as mentioned above.

The data protection law has been an evolving mode in India. To know more about the data protection in India, write to