New privacy legislation for India

On February 5, 2009, the President of India signed into law the Information Technology (Amendment) Act, 2008 (the “ITAA”)3, a robust amendment to the country’s Information Technology Act, 2000 (the “IT Act”).

For companies doing business in India or with Indian entities, Section 43A of the ITAA is of particular importance. Section 43A is a new provision designed to hold companies accountable for the protection of personal data. It provides:

“Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.”

Perhaps one of the more important consequences of the ITAA is that it introduces the concept of personal data into Indian law. The original IT Act punished unauthorized extraction of or damage to data, but it did not explicitly target personal data. The ITAA, however, requires companies to maintain the security of “sensitive personal data,” thus recognizing that certain data deserves a higher level of protection.

The ITAA, however, limits the protections afforded to “sensitive” personal data, which is defined in the act as “such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.” The Central Government of India has not yet prescribed what constitutes “sensitive personal data,” but the DSCI, at the government’s behest, has recommended that personal information be defined consistently with the EU Data Directive,8 as information that can identify an individual through one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Sensitive personal information, however, would be defined more narrowly to include health and financial data (but not embracing the broader EU concept of data regarding racial, ethnic, political and religious beliefs, which the DSCI has noted is often publicly known in India).

Taken from Technology Law Section, State Bar of Georgia.

Great firewall of China filled with ‘twittering’ holes ;-)

On the eve of the 20th anniversary of the Tiananmen killings, social networking sites such as Twitter and the photo-sharing site Flickr were blocked in China in an attempt by the government to prevent online discussion on the subject. However twitterers were finding ways around this. Read more on BBC news.

Talk differently

My latest publication in the May 2009 issue of IT Now published by the British Computer Society. Imagine moving the concept of social networking and the power of the people into the organisational context. This is what this article is about. It is missing some text and a diagram from the original publication. Although a blogger has tried, and quite successfully managed to capture the essence of the article. Send me an email if you want a copy of the original. My email address is found on the About Me tab.

This article is a cruelly condensed version of a paper I wrote for my MBA studies with the Henley International School of Management on “Managing People and Performance”. I guess there will be similar publications coming as I progress onto year two of my studies 🙂

So you want to know how much your colleagues earn?

This is easy in Sweden. First even when I came to Sweden in 2003 it was possible to go to the tax office and request directly a person’s earnings during the previous tax year. Potential employers often do this to check that what you have stated on your present earnings is true. You as the data subject have no idea that this has happened. Although if an organisation makes a formal request for your earnings, credit status etc., you will be informed of this by a letter in the post.

Well a development has occured. It is now possible for any person to go online and request anonymously your earnings for the previous tax year in Sweden at, and you get the information by SMS. 1

So you just type in the name of the person that you want to know their earnings. The image below states (in Swedish) that you should send an SMS to number 72550 with word INKOMST. The earnings for the person will be sent anonymously to your mobile telephone! 2

I tested this and it works! The SMS arrived in a matter of seconds.

I really need to look more into this from the EU data privacy perspective. Or anyone else, can you comment on this? Surely your earnings should be classified as ‘sensitve’ information as it can discrimate against you no matter how you look at it. The only positive aspect is that you can ascertain if you are earning a similar level of earnings as colleagues doing the same work particularly important for women… but still I don’t like this aspect of not being able to choose myself to remove myself from this register!

Thanks to May for coming across this!