The Complete List of Data Security Standards

Until the enforcement date is officially notified, the IT Act and SPDI Rules continue to govern data privacy. The future regime will bring India closer to global standards, balancing innovation and privacy in a digitally empowered society. Section 69A of the IT Act grants the government power to issue directions to block public access to any information in the interest of the sovereignty and integrity of India, security of state, friendly relations with foreign states, etc, khelo24 if it deems it necessary.

Don’t risk non-compliance!

The general obligations and rights stipulated in the SPDI Rules and the DPDP Act would apply to the processing of personal data by IoT service providers. Although the IT Act does not specifically mention the term “internet of things”, its provisions apply to IoT devices and services in several ways. For instance, in respect of data protection, the SPDI Rules (and subsequently the DPDP Act) would apply to processing personal data in providing such services. The CERT-IN also requires service providers and companies to enable logs of all ICT systems, and to maintain them in India. These datasets often contain personal information or data, and are used during all stages of AI training, development, deployment and use.

How do emerging technologies influence data security standards?

• The Companies Act 2013 requires every company to maintain books of account and financial statements for every financial year.
• Those interested in data governance and its implementation can find relevant insights in our article on Data Governance Implementation Steps.
• And if you decide later to change your justification, you need to have a good reason, document this reason, and notify the data subject.
• Moreover, any entity deploying AI that qualifies as an intermediary under the IT Act would have to comply with the due diligence requirements provided in the Information Technology (Intermediary Guidelines) Rules, 2021 (the “IT Rules 2021”).
• The Act defines ‘direct marketing’ as ‘approaching a data subject in person or by any means of communication (electronic or otherwise) for the direct or indirect purpose of promoting or offering to supply any goods or services’.

State or Territory authorities and instrumentalities are also exempt from the Privacy Act, although the notifiable data breach provisions apply to breaches involving Tax File Numbers (TFNs). Furthermore, if there is a higher degree of restriction/protection on transfers of personal data outside India in any law (or sectoral regulation) other than the DPDP Act, then this higher regime must be followed. Accordingly, sectoral laws such as those relating to RBI’s payment systems-related data (having data localisation requirements) will continue to be applicable. These guidelines require entities to register themselves with the DoT and comply with, among other things, the Know-Your-Customer (KYC) and related guidelines and maintenance of customer data requirements. The guidelines also mandate technical and security measures to ensure the protection of communication and data privacy.

As with other ISO management system standards, companies implementing ISO/IEC can decide whether they want to go through a certification process. Some organizations choose to implement the standard in order to benefit from the best practice it contains, while others also want to get certified to reassure customers and clients. Conformity with ISO/IEC means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard. Finally, unlike in cases where Personal Data is processed by human agents, it is often difficult to identify and control processing activity that is carried out by automated systems. As such, the interplay of the DPDPA and AI will depend heavily on how the government and the new Data Protection Board view and prescribe such interplay. It will be up to the regulators to interpret the DPDPA in ways that do not hinder AI development, while at the same time working to protect the interests of individual data subjects.

SOC 2 is a voluntary compliance standard developed by the American Institute of CPAs (AICPA) that focuses on managing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality, and privacy. This standard is particularly relevant for technology and cloud computing companies that store customer data in the cloud. This article will explore ten essential data compliance standards that every business must be aware of to protect their data, maintain customer trust, and avoid costly penalties. By familiarizing yourself with these standards, you’ll be better equipped to navigate the complex world of data compliance and safeguard your organization’s valuable information assets.

The DPB cannot prevent access nor seize any equipment capable of adversely affecting the daily functioning of a person. The Sarbanes-Oxley Act, also known as SOX, is a U.S. federal law enacted in 2002 to protect investors from fraudulent financial reporting by corporations. While primarily focused on financial reporting, SOX also has significant implications for data management and IT controls. Professionals engaged in IT infrastructure management and cybersecurity will find ISO/IEC invaluable for developing a comprehensive approach to cyber threats. Related insights can be found in our Introduction to Cloud IDS, which discusses intrusion detection systems in cloud environments.