Friday, August 26, 2011

New data protection rules wont apply to outsourcing providers located in India

New data protection rules wont apply to outsourcing providers located in India :

Govt clarifies new data protection rules (as provided under 43A of IT ACT) wont apply to outsourcing providers located in India.

It has clarified that the new rules wont apply to outsourcing providers located in India.After Nasscoms submission,the government this week issued a clarification stating that BPOs located in India will be governed only by specific contracts signed with their global and Indian customers.

The rules,in their previous form,were impacting a large number of BPOs which collect credit card or financial information from companies and individuals in US or Europe.Sensitive information here refers to physical,physiological and mental health condition,medical records and history.All medical transcription firms operating out of India have to have access to medical records of patients in US.The new section 43A of the Indian IT Act stated that a corporate shall have to obtain permission through letter or fax or email from each client before collection of sensitive information.Thus,BPOs would have to inform the client regarding purpose of usage before collection of such information,if they went by the IT rules 2011.Nasscom and Data Security Council of India (DSCI) have welcomed the clarification issued by the Ministry of Communications and Information Technology,on the notified Rules under section 43A of the IT Act.The government has added that consent can now given by any mode of electronic communication,such as SMS or a call.The rules issued recently had created possible interpretation issues for outsourcing companies.

As per the ACT Sensitive personal data or information.— Sensitive personal data or information of 

a person means such personal information which consists of information relating to;— 
(i) password; 
(ii) financial information such as Bank account or credit card or debit card or 
other payment instrument details ; 
(iii) physical, physiological and mental health condition; 
(iv) sexual orientation; 
(v) medical records and history; 
(vi) Biometric information; 
(vii) any detail relating to the above clauses as provided to body corporate for 
providing service; and 
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of 
these rules.

There is always a rule for such sensitive information which will provide boom to the development of BPO industry where in lot of personal data get transferred from US and other countries to India for transaction purpose.