Image of busy street in India representing the impact of the new regime for data protection in India
New Regime for Data Protection in India on the Cards

New Regime for Data Protection in India on the Cards

Right to privacy debates over the last month have led to the establishment of a ten-member committee that has been tasked with recommending a draft bill for data protection in India.

The committee is being formed to focus on the importance of data protection in India and its mandate specifically mentions that keeping personal data of citizens secure and protected is of utmost importance.” However, it seems inconceivable that the mandate would also not include bringing India into line with international norms to ensure that it remains a prime outsourcing destination.

Regime for data protection in India vital for outsourcing industry

India has long been regarded as a Mecca for organizations who wish to take advantage of the country’s reputation as one of the premier suppliers of outsourced services. Among the services that are offered by Indian companies are data storage and management. However, the latest Deloitte Outsourcing Survey (2016) pointed out that global companies are becoming a lot warier when it comes to the treatment of their data when it comes to entrusting it to outsourced entities.

In that report 23% of respondents indicate cyber risks are affecting outsourcing decisions. 41% of those respondents also indicated that lack of legislation and regulatory control would affect their decision to use outsourced services.

Now those figures may not have had a direct impact on recent discussions in India about privacy rights. However, they should certainly have been a factor the appointment of Justice B N Srikrishna, a former judge of the Supreme Court of India. Srikrishna has been chosen to head a Committee of experts which has been formed to discuss a new framework for data protection in India.

Keeping up with change

The fast pace of technological innovation also seems to have played its part in an increasing urgency by Indian authorities to update their legislation and regulatory approach to issues of privacy and data protection. Although India does have an ‘Information and Technology Act’ it is now recognised that an Act which was set into law 17 years ago and last amended in 2008 may not be up to the task of dealing with current requirements for protecting privacy rights and personal information as far as data protection in India is concerned.

The fact that this is the first time that India is looking at a specific data protection law is telling. India is the world’s 6th largest economy and is growing at an exponential rate. The new data protection law is expected to look at aspects such as data sovereignty, data retention and the responsibilities of government, companies and individuals when they are involved in handling third party data.