information available under the Right to Information Act or any other law shall not be treated as Sensitive personal data or information.as per information technolgy Act
Here, it was not defined by the law “What is sensitive personal data or information” and though explanation of “reasonable security practices and procedures” has been provided it is too vague and open for interpretation.
Hence, to address the issue, on February 7, 2011, the Department of Information Technology, published draft rules titled (The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011) in exercise of the powers conferred by Section 87(2) (ob), read with Section 43A of the Information Technology Act, 2000.
Its features are as follows:-
Rule 3 defines Sensitive person
Hence, to address the issue, on February 7, 2011, the Department of Information Technology, published draft rules titled (The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011) in exercise of the powers conferred by Section 87(2) (ob), read with Section 43A of the Information Technology Act, 2000.
Its features are as follows:-
Rule 3 defines Sensitive person
