What Does The Law Say About Data Protection?
Agreement & Contract

What Does The Law Say About Data Protection?

Data Protection has emerged to be a leading concern in today’s world due to the rise in the number of cybercrimes. The current Indian legal framework is inadequate in dealing with the threat posed by cyber-crimes. The Supreme Court of India has also recognized the need and importance of legislation that seeks to protect the personal data of the citizens. Based on this report, the Personal Data Protection Bill was tabled in the Parliament. The Bill has not yet become a law. Once passed, it will become the sole law addressing data protection issues in India, replacing Section 43A of the Information Technology Act, which regulates data privacy in India currently. 



The Information Technology Act, 2000

In 2008, Section 43A was inserted in the Information Technology Act along with Section 72A to address the issue of protection of personal data. Section 43A makes a company that collects sensitive personal data and fails to protect the same, thereby causing wrongful gain or loss liable for damages. Sensitive personal data is nothing but sensitive information that may be used to identify a person. For instance, information like password, biometrics, medical records, physical and mental health, financial information, or any other information which relates to a person, and which can be misused against that person.


However, information of an individual that is freely available from a public domain or under the Right to Information Act is not included under sensitive personal data or information. Section 72A spells out the penalty for unauthorised disclosure of such information. Any person who discloses sensitive personal data shall be liable to be imprisoned for a term not exceeding three years or fine up to INR five lakhs or both. 



The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

The Sensitive Personal Data or Information rules presently regulate data protection in India. They only apply to companies and individuals based in India. The Sensitive Personal Data Information Rules, mandate the following:


  1. Rule 3 lays down an illustrative list of information that may be considered as sensitive personal information. It includes information like passwords, credit/ debit card information, biometrics, sexual orientation, medical history, physical and mental health condition. 
  2. Rule 4 makes it mandatory for a company to draft a privacy policy and make such policies accessible for the people who are giving their personal information. 
  3. Rule 5 and Rule 6 contain certain basic duties and obligations which are to be complied with by the company seeking information.
  4. Rule 8 mandates certain reasonable security practices and procedures that all companies are required to adopt. 




The Sensitive Data Protection Rules have been inadequate in addressing the issue of data protection. Not having a dedicated law aimed at data privacy, is altering India’s image in the world. The Personal Data Protection Bill, 2019 (PDP), as stated earlier, if passed, will become an exclusive law regulating data protection in India.


The PDP seeks to protect not only sensitive personal information but personal information of all kinds. It calls upon companies that collect and determine the purpose of collection of personal information to follow certain safeguards in order to protect the data from being leaked. Among other things, the PDP, stresses on the consent of the individual for the processing and usage of his personal data. If passed, it can go a long way to provide proper data protection mechanisms in India.

All you need to know about Digital Signatures and how to get the Certificate
Registration & Licenses

All you need to know about Digital Signatures and how to get the Certificate

Digital signature is a technique used to validate the authenticity of a digital document. It provides more credibility to digital communications. A digital signature is defined and dealt with under Sections 2, 3 and 15 of the Information Technology Act. Section 2(1)(p) of the Information Technology Act defines Digital Signature as, “mean authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of Section 3”. In order to obtain a Digital Signature Certificate, there are certain procedures that need to be followed.



What do you require to apply for a Digital Signature Certificate


The following are the requirements to apply for a digital signature certificate: 

  1. Fill Form: Duly filled application form for Digital Signature Certificate
  2. Photo ID Proof: This can include one’s driving license, PAN card, Aadhaar card etc.
  3. Address Proof: Typically, phone bill, electricity bill, rent/sale agreements etc. are accepted as address proof.

Types of Digital Signature Certificate


Class 1 Certificates: These certificates are issued to private as well as individual subscribers. These certificates are issued to ensure that the user’s name, email address and other details provided are true and within the database of the Certifying Authority


Class 2 Certificates: These certificates are issued to the director or the signatory authorities of the companies. The main purpose of issuing these certificates is for the E-filing of the Registrar of Companies. Individuals who sign all the documents manually and file the returns with the Registrar of Companies, must mandatorily have Class 2 certificates.


Class 3 Certificates: These certificates are used for online participation or for people bidding in e-auctions or any online tenders across India. Class 3 certificates are mandatory for all the vendors who wish to participate in online tenders.   



Procedure for obtaining a Digital Signature Certificate 


The following steps need to be followed in order to obtain a Digital Signature Certificate:


Log-in to the Certifying Authority’s website: Not anyone and everyone can issue Digital Certificates. There is a list of Certifying Authorities that are licensed to issue Digital Certificates. This list is available on the MCA website and includes authorities such as the NSDL, E-Mudhra etc. In order to obtain a Digital Signature Certificate, one must log on to the site of the Certified Authority and visit the Digital Certification Services section and choose the type of form. For example, whether you want to obtain a digital signature certificate for an individual or an organization, and accordingly one must download the form.  


Fill necessary details: Upon receiving the form, the person must fill correctly all the required details. Some of the details asked are class of digital certificates, validity, contact details, residential address, type of digital certificates, GST number if applying for the organization, declaration etc. After filling the form, one must recheck the information provided and thereafter take a printout of the form and preserve the copy of it. 


Provide the required proofs: The residential proof and ID proof attached to the form must be attested by an officer. It must be ensured that the sign and seal of the officer is clearly visible so as to avoid any obstruction in the procedure further.


Make the payment: The payment must be made in order to acquire the Digital Signature Certificate either by cheque or by Demand Draft in the name of the Local Registration Authority. The details of the Local Registration Authority differ from the person’s city of residence, and such details can be obtained by searching the appropriate certifying authorities licensed to issue Digital Signature Certificate.


Send a hard copy of the form to the Local Registration Authority: After filling the form, one must send in an enclosed envelope the following documents to the Local Registration Authority-:

  1. Duly filled application form,
  2. Attested copies of the Residential Proof and ID Proof, and 
  3. Demand Draft or Cheque 


A digital signature certificate is extremely important at times of incorporation and during all compliance stages. Having a valid digital signature, makes authentication of electronic records easy and faster.