Privacy Policy

A privacy policy is a document that defines and communicates the way in which an organization shall handle personal data and sensitive information which it may acquire from individuals. Chapter fourteen commences by listing and explaining the provisions of the Information Technology Act, 2000 as well as the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 which make it compulsory for organizations to maintain the privacy of personal data they collect. The chapter then enunciates which type of data is classified as personal information and which is classified as Sensitive Personal Data.

The chapter further lists all the mandatory and non-mandatory but essential compliances of different Acts/ Rules which need to be followed by companies and provides a brief overview and key takeaways of the same. Following this, the different types of policies and their requirement are also listed.

The chapter then deals with several elements of privacy and answers the frequently asked questions relating to the same, which include topics like Public Disclosure of Information, Aadhar Data, Privacy Policy, Consent, Security Requirements, etc.

For the benefit of the organizations which are reading the book with the intention of seeking guidance, the book provides a sample questionnaire to help them conduct an Information Technology Audit in their organization.