Overnight, the privacy landscape in India has undergone a dramatic transformation. On April 13, 2011, India quietly issued final regulations implementing parts of the Information Technology (Amendment) Act, 2008, dealing with protection of personal information. These regulations could have a profound effect on multinational businesses that either outsource business functions to Indian service providers or maintain their own operations in India.
The new rules prescribe how personal information may be collected and used by virtually all organizations in India, including personal information collected from individuals located outside of India. Among other obligations, prior written consent will be required, without exception, to collect and use sensitive personal data. These consent requirements are far more restrictive than what is required under either the Gramm-Leach-Bliley Act or the EU Directive. As a result, U.S. and European multinational businesses that currently rely on their India-based operations or Indian outsourcing service providers to handle sales and other transaction-related calls from their U.S.- or EU-based customers (or even benefit-related calls from their U.S.- or foreign-based employees) may have to adjust their personal data collection practices to conform to Indian data protection rules, even though their current practices may comply fully with U.S. or EU privacy rules.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.