Sdpi Case Study
The IT act has set out two kinds of information:
• Personal information
• Sensitive personal data or information- which includes passwords, sexual orientation, financial, medical and biometric information.
Rule 4 of the regulations also provides for the body corporate to frame a ‘privacy policy’ in order to deal with disclosures. The Regulation says that such policy should be clearly accessible, should expound the reasonable security measures which will be taken to protect the SDPI and should explain the purpose of collecting the SDPI. Additionally Rule 8 mandates compliance with the security systems in place to protect SDPI. So what the company should see is to have proper managerial, operational, technical security control measures and to
• Personal information
• Sensitive personal data or information- which includes passwords, sexual orientation, financial, medical and biometric information.
Rule 4 of the regulations also provides for the body corporate to frame a ‘privacy policy’ in order to deal with disclosures. The Regulation says that such policy should be clearly accessible, should expound the reasonable security measures which will be taken to protect the SDPI and should explain the purpose of collecting the SDPI. Additionally Rule 8 mandates compliance with the security systems in place to protect SDPI. So what the company should see is to have proper managerial, operational, technical security control measures and to