The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, fall under the Information Technology Act, 2000, and govern the collection, use, storage, and sharing of sensitive personal data or information (SPDI) in India. These rules protect individuals' privacy and regulate how organizations handle sensitive personal information.
According to the rules, any unauthorized sharing, disclosure, or misuse of sensitive personal data or information can have legal consequences. The punishment for sharing clinical data, private data, or personal details in violation of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, can include:
It's important to note that penalties and consequences may vary depending on the nature and extent of the data breach and any applicable laws or regulations related to data protection and privacy.
To ensure compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, organizations and individuals handling sensitive personal data or clinical information should implement adequate security measures, obtain explicit consent from data subjects for data sharing, and adhere to the principles of data protection and confidentiality.
In this regard, the IT Act also prescribes criminal penalties that include both imprisonment of up to three years and fines for persons that disclose personal information without the consent of the person to whom the data relates, where such disclosure is in breach of a contract or results in wrongful loss or gain.
- Badges
- Science topic
- Similar topics
- Phytochemistry
- Extracts