Page 35 - Approved Social Media Framework and Guidelines
P. 35
Explanation.—For the purposes of this section,—
(i) “body corporate” means any company and includes a firm, sole proprietorship or
other association of individuals engaged in commercial or professional activities;
(ii) “reasonable security practices and procedures” means security practices and
procedures designed to protect such information from unauthorised access, damage, use,
modification, disclosure or impairment, as may be specified in an agreement between the
parties or as may be specified in any law for the time being in force and in the absence of
such agreement or any law, such reasonable security practices and procedures, as may be
prescribed by the Central Government in consultation with such professional bodies or
associations as it may deem fit;”
Further the Information Technology (reasonable practices and procedures and sensitive
personal data and information) Rules, 2011 define what is sensitive personal data in the
following manner:-
“3. Sensitive personal data or information.— Sensitive personal data or information of
a person means such personal informa*on which consists of informa*on rela*ng to;―
(i) password;
(ii) financial information such as Bank account or credit card or debit card or other
payment instrument details;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for
providing service; and
(viii) any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise:
Provided that, any information that is freely available or accessible in public domain or
furnished under the Right to Information Act, 2005 or any other law for the time being in
force shall not be regarded as sensitive personal data or information for the purposes of
these rules.”
Page 35 of 38
