The Information Technology Act of India is a landmark legislation that provides the legal framework for electronic commerce, digital signatures, cybersecurity, and data protection in India. Enacted in 2000 and significantly amended in 2008, this law aims to facilitate e-commerce while protecting digital transactions and personal data.
The Act is particularly notable for introducing the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules (SPDI Rules) in 2011, which established India's first comprehensive data protection framework.
Data Protection Requirements:
Corporate Obligations:
"Where a body corporate, possessing, dealing or handling any sensitive personal data or information [...] is negligent in implementing and maintaining reasonable security practices and procedures [...] shall be liable to pay damages"
Electronic signature implementation standardsSecurity procedures and practices under section 16Information security practices for protected systemsEncryption methods and standardsRegulatory Oversight:
Security Practices:
Key Authorities:
Penalties and Compensation:
Regulatory Powers:
Section 43A: Compensation for data protection failuresSection 87: Rule-making powers of Central GovernmentSection 70: Protected systems and critical infrastructureIf you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page