<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, research, and analysis. The bill, while not a certainty but likely to pass, would replace what some consider to be archaic data protection regulations. Although not finalized, the biggest obstacle if implemented as envisioned is strict data localization. India has been in the group of countries legislating data privacy for decades, culminating in the 2021 JPC report submission. Here’s a look at the history of data privacy legislation in India.


The History of Data Privacy Legislation in India

  • 2000 – Information Technology Act is passed by parliament and signed by President K.R. Narayanan addressing electronic documents, e-signatures, and record authentication.
  • 2017 – The Indian Supreme Court hears Justice KS Puttaswamy vs Union of Indiaand passes a historic judgment affirming the constitutional right to privacy.
  • 2019 – Introduction of the Personal Data Protection Bill and immediately sent to the JPC to be examined.
  • 2021 – JPC submits report on PDP to Indian Parliament revisions.


The long-awaited report submitted December 16, 2021 by the JPC has provided necessary clarification and modifications that seek to enhance the syntax and governance of the bill.


The recommended amendments are as follows:

  • Scope – The bill has a proposed name change to Data Protection Bill and will cover both personal and non-personal data which is unusual as distinction of data type can be difficult when managing mass amounts of data. Clauses also address the deceased and transfer of minor rights (see Clause 16 below).
  • Implementation Timeline – The report outlines a timeline with a 24-month implementation period for data processors to comply.
  • Definitions – The following terms have been defined or revised: consent manager, data auditor, data breach, data fiduciary, data processor, data protection officer, harm, and non-personal data.
  • Clauses 13 & 14 – These clauses apply to consent of personal data processing for employment and legitimate interest, marrying the interests of both the data principal and data fiduciary.
  • Clause 16 – Entities dealing with the data of children must register with the DPA and are required to communicate with the subject 3 months prior to adult age to regain consent and “must continue providing the services to the child unless the child withdraws consent.”


The implementation timeline for the Data Protection Bill is still unknown but will likely be a phased approach. Like California, there is discussion of an oversight committee called the Data Protection Authority of India that would supervise compliance with the proposed law. With the notable amendments to the bill, it’s unlikely we’ll see this come to fruition quickly. Not unlike most proposed privacy legislation, it has been met with dissent and opposition and will have to make its way through the courts of India before becoming law.


All Posts

CCPA Compliance: The Top Tips to Help Make Sure You're Compliant

Last year, the United States was listed as the global leader, in the science and technology markets. The US spends over $400 billion annually, in research and development costs to expand its science and technology capabilities. Along with these expanded capabilities, comes more responsibility to protect online data privacy rights for people as well.

One US state stepping up to meet these responsibilities is California. In 2018, the California Consumer Privacy Act (CCPA) became law and goes into effect by January 2020. By this date, certain businesses must move their existing privacy policies and data protection efforts closer to agree with these new laws. 

Are you ready to meet these new CCPA compliance rules? If not, check out our guide to learn more. Some of these new provisions may be a hidden game changer for those companies who aren’t prepared to comply.

What is CCPA?

The California Consumer Privacy Act (CCPA) is the California state regulation that boosts consumer protection and privacy rights for California residents. The CCPA standardizes what companies can do with the personal customer data information they collect.

This privacy bill allows California residents the right to learn what information a business has about them. CCPA also allows residents to opt out of that information collection exercise and direct businesses to eliminate what personal information they currently have on that customer. Under the CCPA, California residents can also prohibit businesses from selling their personal data to another party.

Examples of customer information subject to the CCPA include names, mailing addresses, social security numbers, and medical information. Customer technology metrics are also subject to CCPA requirements. These metrics include email addresses, online browsing and search history, and computer device IP addresses.

Who Must Comply With CCPA?

Not all California businesses are subject to the CCPA provisions. This California data privacy act only applies to those companies that earn 25 million in annual revenues, where 50 percent of those revenues come from personal data sales. Companies that sell or buy information for more than 50,000 individuals or households must also comply with CCPA.

Not all data collected by a business is treated the same under CCPA either. For example, data collected twelve months prior to 2018 is exempt from the provisions in CCPA. Any data for children under sixteen years old cannot be transferred to another party unless they and their parents have agreed to opt-in to have their information sold.

The CCPA also requires organizations to boost cybersecurity safeguards against releasing personal information to third-parties through either theft or unauthorized employee access. The deadline for complying with this California privacy act is January 1, 2020.

Steps to Help Move Closer to CCPA Compliance

The new CA privacy bill may create some compliance challenges for companies of all sizes. Here are some tips to help your company start moving in the right direction.

Appoint a Team to Lead the  CCPA Compliance Process

Designate a team of staff members to help direct compliance efforts by the 2020 deadline. This team should include staff members from your legal and IS divisions. If you have onsite records management professionals, these people should also be appointed to this initiative.

These professionals will lead the effort to understand legislative intent and how to re-program your company’s data inventory systems. You should also appoint your company’s cybersecurity professionals to lend their wisdom to the initiative for protecting un-redacted personal information.

Program and Categorize Your Data Inventory

Organizations need to have the technical capabilities to create and categorize their inventory of stored personal data. Companies will be asked to perform tasks such as verifying consumer identities and providing collected personal information upon the individual consumer’s request. These data inventories should also be ready to delete this information if the consumer asks them to.

Categorizing your data can also help you stay organized while complying with CCPA. Categorizing your data will make it easier to flag those customers who fall under unique criteria. This criterion could include categories for those who ask you to delete their information or fall under other overlapping information privacy statutes such as federal HIPAA requirements.

Update Your Privacy Policies and Notices

Your appointed compliance team should also lead you through the steps to update your companies written privacy policies. CCPA now requires companies to let Californians know what information you plan to sell or collect before you start accumulating it.

Your privacy policy is also an ideal place to clearly spell out how customers can delete their information on request or refuse to have their personal information sold. Be sure your website also has an easy link or “opt out” button for customers to use.

As a result, although the law is widely regarded as the United States most advanced privacy law, it also requires that

Review Your Existing Cybersecurity Practices

The CCPA also charges organizations to be directly responsible for customer data theft if they don’t have reasonable protocols in place to safeguard it. The law specifies that companies may owe statutory damages between $100 and $750 per person for any breach of their confidential customer data.

It’s wise for your IT professionals to develop privacy protocols that go above and beyond to protect your client’s personal information. Otherwise, your company may be liable for millions of dollars for any future breaches or errors in sharing access rights to your customer’s data.

Next Steps

CCPA compliance may be difficult, but it’s not impossible. If you haven’t done so, appoint your CCPA compliance team to guide you through this important process. This team can update your privacy policies and notices to bring your business further into compliance.

The California Attorney General’s Office is scheduled to have compliance regulations done by July 2020. In the meantime, inventory and map your current data. That way, you can flag those data sets that meet the unique aspects of CCPA.

If you want to gauge your own company’s CCPA readiness, give us a call. We can help you reach compliance with CCPA with minimal impact on your company’s operations or bottom line.

Truyo Product Preview

About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, ...

Log4J Vulnerability Update

At Truyo we take data privacy and security very seriously. Recently a security vulnerability was reported in the open-source Java library “Log4J” that...

Forrester Wave Announcement: Truyo Named Strong Performer

Report notes Truyo’s “management and fulfillment of individual privacy rights capabilities are some of the best in the market ” PHOENIX (Dec. 09, 2021...

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers b...