India’s new data protection and privacy rules, which involve asking for a written consent to collect data, do not apply to personal information from clients that outsource work to the country. This is according to CEO Kamlesh Bajaj of the Data Security Council of India, a company established by IT body National Association of Software and Service Companies (Nasscom) to set data security and privacy standards for outsourcing players.
Based on the new Information Technology Rules 2011, companies need to get a written consent to individuals that they would be collecting personal information. Bajaj said the government will soon clarify that the rules do not cover personal data from companies in other countries.
On the other hand, analysts think the country had gone overboard when it comes to implementing stringent data privacy rules to impress outsourcing buyers and investors. According to London-based law firm Lawrence Graham LLP, the new rules posed concerns on how this initiative could be implemented. Also, companies that outsource work to India need to look into their practices in collecting data to ensure that these are in accordance to India’s own data privacy rules.