(a): The Information Technology Act 2000 provides for secure use of the Electronic Media and Promotion of E-Governance and E-Commerce, with prescribed modes or methods for encryption. The encryption has been recognized by the Government as means to securing data /transactions and the provision in the Information Technology Act 2000 enables the use of encryption for such purposes. There is no proposal with the Government to implement an encryption policy breaching the right to privacy of public.
(b): A High Level Expert Committee’s draft recommendations on Encryption Policy were put up on the website of Department of Electronics and IT (DeitY) for public comments. Government noted the public sentiments viz-a-viz the draft recommendations. Government clarified that the draft recommendations are not the final view of the Government on the matter. Further, Government took note of the ambiguity in some portions of the draft that may have led to misgivings. Hence, the draft recommendations of the policy were withdrawn. Government has initiated steps to revise the Encryption policy recommendations with wide consultation with stakeholders.
(c): The encryption has been recognized by the Government as a tool for protection of sensitive or private information from misuse by hackers, protecting and authenticating online transactions and ensuring integrity of nationally critical information systems and networks /transactions and provision in the Information Technology Act 2000 enables the use of encryption for such purposes.
(d): Section 43, Section 43A and Section 72A of the Information Technology Act, 2000 provides comprehensive legal framework for privacy and Security of data in digital form. Sections 43 and 43A of the Act provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. Section 43A also mandates that body corporate, who collect personal data or information must provide privacy policy for handling of or dealing in personal information including sensitive personal data or information on their websites. They are also required to implement reasonable security practices and procedures to protect the information. Indian Computer Emergency Response Team (CERT-In) has also empanelled auditors to facilitate body corporate to audit their information technology infrastructure and implementation of security best practices.
********
Download PDF Files