Employers must familiarise themselves with India's new Digital Personal Data Protection Act, and assess its implications for employee data. With compliance likely to require significant administrative and technical overhauls within organizations, it is prudent to begin readiness evaluations early.
India has enacted its long-awaited privacy legislation, the Digital Personal Data Protection Act on August 12. While there are various aspects of this Act which distinguish it from other privacy laws in the world, one that is particularly interesting is its approach towards user consent.
India has now been seeking to establish a single national-level personal data protection bill for about six years. The newest development in this saga is the Digital Personal Data Protection Bill, the first attempt introduced to Parliament since the previous effort was withdrawn in 2022.
World’s fourth-largest generic drugs manufacturer Sun Pharmaceuticals disclosed a ransomware attack that compromised some of its file systems.
The fourth draft data protection bill looks to be no less contentious, as it adds vital protections but also exempts the country's government from all of its terms and appears to give tech platforms a fairly free hand in sending citizen data overseas.
The decision to scrap the data protection bill came from a parliamentary review process. IT minister Ashwini Vaishnaw has told reporters that work was already underway on a new personal data law, no doubt to the delight of big tech companies.
Regardless of the motivation of the Delhi police, the handover of donor payment data has put India's lack of a national data privacy law and its speech laws in the spotlight.
Change to India's cybersecurity laws has sent VPN providers running from the country ahead of the slated June 27 start date for the new terms.
An attempted ransomware attack on SpiceJet systems disrupted flight operations leaving passengers frustrated and stranded for hours with flights canceled in some locations.
India’s new CERT-In order applies to VPN providers, virtual private server (VPS) providers, data centers and cloud service providers. These services are required to hold and turn over a variety of customer data.