New Delhi : The Ministry of Electronics and Information Technology has prepared a draft Bill, titled the Digital Personal Data Protection Bill 2022 and has invited feedback from the public as part of its public consultation exercise. The draft Bill sets out the rights and duties of the citizen (Digital Nagrik) and the obligations of the Data Fiduciary to use the collected data lawfully. As part of the compliance framework, it envisages the setting up of a Data Protection Board of India to determine non-compliance with the provisions of the draft Bill, impose penalty for such non-compliance, and perform such other functions as the Central Government may assign to it under the provisions of the draft Bill or any law.
Currently, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, made by the Central Government in exercise of its powers under the Information Technology Act 2000, provide the security practices and procedures that a body corporate or any person collecting, receiving, possessing, storing, dealing or handling information on behalf of the body corporate is required to observe for protecting personal data of users. These practices and procedures include the requirements that such body corporate or person publish on the website a policy for privacy and disclosure of personal information, data or information, to use information collected for the purpose for which it has been collected, to keep it secure and to obtain prior permission of the information provider for disclosing personal data.
This information was given by the Minister of State for Electronics and Information Technology, Shri Rajeev Chandrasekhar in a written reply to a question in Lok Sabha today.