India has been under pressure from the outsourcing community for some time to implement standard rules regarding the protection of personal information. On April 13, India quietly issued final rules under its Information Technology (Amendment) Act, 2008 (the IT Act) regarding the protection of personal information (collectively, referred to as the “Privacy Rules”). The Privacy Rules include the following:
- Information Technology (Electronic Service Delivery) Rules, 2011
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the Security Rules)
- Information Technology (Intermediaries Guidelines) Rules, 2011
Observers now are questioning whether the Privacy Rules have gone too far and will have unintended implications on outsourcing suppliers and customers, imposing in many cases more stringent requirements on the collection of personal information in India (for example, by India-based call centers) than those imposed by the home country of the individual from whom the data is being collected. Outsourcing suppliers and customers are in the process of analyzing the impact of the Privacy Rules on existing and new transactions where India service locations are used, including potential changes that are required to the infrastructure, standards, and processes used to support such outsourcing transactions.
This LawFlash is intended to highlight several key provisions of the Privacy Rules and their potential impact on outsourcing transactions.
Please see full publication below for more information.