Writing in Livemint, Kamlesh Bajaj (“Stringent data protection law to help maintain lead in IT sector”) predicts a continued boom for India as an IT hub, in terms of its vibrant role in the outsourcing sector — but he calls for the country to strengthen its domestic data protection regime so as to make global data flows to India more trustworthy. Bajaj, who is chief executive officer, Data Security Council of India, summarises current DP law in India, which dates back tot the Information Technology Act 2000, and itemises the amendments which he sees necessary if India is to retain its DP credibility. These include
• New definitions of terms such as ‘electronic signature’, ‘communication device’, ‘cyber café’ and ‘cyber security’, bringing more devices and services within the ambit of the Act;
• Conditions under which intermediaries will be liable for third-party information should be made more explicit;
• Stipulation that service providers must protect personal information of clients while processing under a lawful contract, with scope for consultation with industry bodies for prescribing security standards;
• Penalties for breach of confidentiality;
• Fresh provisions to deal with cyber crimes, including cyber terrorism and child pornography;
• Protected systems under the existing law should now be declared as critical information infrastructure and protected through additional laws by an Indian Computer Emergency Response Team;
• Preservation and retention of traffic data and information by service providers and intermediaries for cyber forensic evidence and for analysis for new attacks on the information infrastructure in the country.