Page 19 - Approved Social Media Framework and Guidelines
P. 19
notices” and “information requests” currently being sent to social media and other
platforms for intellectual property rights infringement and other offences.
Provisions related to Personal Information & Security: Under the Information Technology
Act 2000, the Central Government has enacted various rules and regulations which impact
social media. Some of the most important in this regard are as follows:
i. The Information Technology (reasonable security practices and procedures &
sensitive personal data or information) Rules, 2011 define provisions for
personal information & security and what constitutes sensitive personal data.
Sensitive personal data or information of a person means such personal
informaLon which consists of informaLon relaLng to;―
a. password;
b. financial information such as Bank account or credit card or debit card or
other payment instrument details;
c. physical, physiological and mental health condition;
d. sexual orientation;
e. medical records and history;
f. Biometric information;
g. any detail relating to the above clauses as provided to body corporate for
providing service; and
h. any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise:
Provided that, any information that is freely available or accessible in public
domain or furnished under the Right to Information Act, 2005 or any other law
for the time being in force shall not be regarded as sensitive personal data or
information for the purposes of these rules.
ii. For the purposes of protecting such sensitive personal data, the Government
has mandated that any legal entity who is processing, dealing or handling
sensitive personal data must implement reasonable security practices and
procedures.
iii. The Government further stipulate that ISO 27001 is one acceptable standard
of reasonable security practices and procedures. Thus, all Government
Page 19 of 38
