The Indian government has taken a step toward creating a comprehensive set of data protection rules to safeguard privacy. The draft regulations, which deal with the protection of personal information, are more stringent than either the Gramm-Leach-Bliley Act in the U.S. or the EU Directive in Europe and would create new requirements for companies that outsource to service providers in India or maintain their own operations there, say Miriam H. Wugmeister, partner in the law firm Morrison Foerster and Cynthia J. Rich, senior international policy analyst with the firm.
The new rules are intended to showcase a new commitment by India to rigorously protect data, but they could dampen offshore outsourcing business. Most notably, prior written consent will be required-without exception-to collect and use sensitive data about Indian citizens and about any person who’s personal information is collected within the country.