April 2011 brought in a lot of changes and one such remarkable change in the Indian Legal Regime being the issuance of new rules implementing parts of the Information Technology (Amendment) Act, 2008. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 is applicable with regard to all the information which is in possession of organizations in India, irrespective of the place of origin of the information. It specifies the manner in which such information is to be collected and can be used by such organizations. Many obligations on the organizations part, both prior to collection and post collection are prescribed in the rules.
This brings in a sigh of relief for many but is also a cause of concern for many others. If we look at it from the point of view of data protection and reduction in the instances of privacy violations and in identity theft, then it is a welcome change and was long overdue. This is just a beginning and has raised hopes that the legislature would come up with a new legislation, which is more definite, concrete, accurate and practical so that there are shutters on the doors which have been left wide open due to growing technological advancement and the misuse of such growth.