WITH THE RISE of the Business Process Outsourcing (the “BPO”) in India, there has been an equally rising need for Data Protection Laws. In other words, a need for protection of databases through a separate legislation was first felt when a few cases of data theft, in the outsourcing industry came to light. Data from all over the world is being transferred to India. It is obvious that the first question which is to be asked is “How safe is the data in the hands of such outsourcing units?” What are the laws that govern Data Protection in India? With the European Union(EU) Directive forbidding the transfer of data to the nations which do not have Data Protection Laws, the pressure on India, to make such laws and bring them into action, has been fast increasing. It is true, that a nation that is outsourcing its confidential information like the credit card numbers, bank account numbers, to units outside, would be concerned about its safety. Just as it is in the interest of these nations, that are outsourcing work to India, it is also in the Indian interests, to form some sort of Data Protection legislation like the US and the EU.Such form of legislation will provide security to the nations who are outsourcing work to India, and India will benefit by seeing an increase in the volumes of data that is outsourced, thus increasing the business.
Though the need for Data Protection Laws was first felt due to the rise in the outsourcing business, it cannot be now denied, that various businesses thrive on collection of data, be it for offering better services to their existing customers, or for the purposes of marketing. Databases are now a major economic source in the country. So, a sui generis legislation is not only required to address the concerns of the outsourcing industry per se, but concerns of protection of databases at large.
This Research Paper (the “Paper”) thus aims to analyse shortcomings of the present legislations to combat the data protection issue, and to suggest a framework that can be employed to afford protection to databases, besides the existing legislations, that could act as a support to this framework. To understand how the databases should be protected and what type of databases should be afforded protection, we will have to delve into the concepts of Privacy and Databases. Thus, the scope of the Paper is limited to the protection of databases of personally identifiable data i.e. the Personal Data.
Chapter 1: Privacy and Databases
1.1 What is Privacy?
In this ‘Facebook’, ‘Twitter’ age, is there a meaning left to the word ‘Privacy’? What does ‘Privacy’ mean to an individual and why is it important to respect it? The simplest definition of the word ‘privacy’ is “the state of being free from intrusion or disturbance in one’s private life or affairs”. Moving away from the layman terminology and talking legal, Privacy could be defined as a right granted by the Constitution of India, that of to be let alone and free from intrusion. Privacy could be said to be a claim of the individual against the world at large to share or not share his personal space, to withdraw or participate, to communicate or remain silent, about matters that comprise the personal aspects of the individual’s life. Privacy could be divided into the following broad categories- 1. Information privacy – this involves the collection and handling of personal data. 2. Bodily privacy – which concerns the protection of people’s physical selves against invasive procedures such as genetic tests etc. 3. Communication privacy – which concerns the security and privacy of mail, telephones, e- mail and other forms of communication. 4. Territorial privacy –...