<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, research, and analysis. The bill, while not a certainty but likely to pass, would replace what some consider to be archaic data protection regulations. Although not finalized, the biggest obstacle if implemented as envisioned is strict data localization. India has been in the group of countries legislating data privacy for decades, culminating in the 2021 JPC report submission. Here’s a look at the history of data privacy legislation in India.


The History of Data Privacy Legislation in India

  • 2000 – Information Technology Act is passed by parliament and signed by President K.R. Narayanan addressing electronic documents, e-signatures, and record authentication.
  • 2017 – The Indian Supreme Court hears Justice KS Puttaswamy vs Union of Indiaand passes a historic judgment affirming the constitutional right to privacy.
  • 2019 – Introduction of the Personal Data Protection Bill and immediately sent to the JPC to be examined.
  • 2021 – JPC submits report on PDP to Indian Parliament revisions.


The long-awaited report submitted December 16, 2021 by the JPC has provided necessary clarification and modifications that seek to enhance the syntax and governance of the bill.


The recommended amendments are as follows:

  • Scope – The bill has a proposed name change to Data Protection Bill and will cover both personal and non-personal data which is unusual as distinction of data type can be difficult when managing mass amounts of data. Clauses also address the deceased and transfer of minor rights (see Clause 16 below).
  • Implementation Timeline – The report outlines a timeline with a 24-month implementation period for data processors to comply.
  • Definitions – The following terms have been defined or revised: consent manager, data auditor, data breach, data fiduciary, data processor, data protection officer, harm, and non-personal data.
  • Clauses 13 & 14 – These clauses apply to consent of personal data processing for employment and legitimate interest, marrying the interests of both the data principal and data fiduciary.
  • Clause 16 – Entities dealing with the data of children must register with the DPA and are required to communicate with the subject 3 months prior to adult age to regain consent and “must continue providing the services to the child unless the child withdraws consent.”


The implementation timeline for the Data Protection Bill is still unknown but will likely be a phased approach. Like California, there is discussion of an oversight committee called the Data Protection Authority of India that would supervise compliance with the proposed law. With the notable amendments to the bill, it’s unlikely we’ll see this come to fruition quickly. Not unlike most proposed privacy legislation, it has been met with dissent and opposition and will have to make its way through the courts of India before becoming law.


All Posts

Have Your Experienced These 3 Big CCPA Compliance Challenges? How to Overcome Them

There’s a growing movement to balance a company’s right to collect consumer data and the customer’s right to privacy. California is leading the way with the recent passage of the California Consumer Privacy Act (CCPA.) This new law, however, comes with specific compliance challenges for all companies, both big and small.

You can read further on our top three CCPA compliance challenges that your company is likely to face. Study these issues and how you can overcome them in your CCPA compliance journey.

What is CCPA?

CCPA was passed in 2018 to increase a California resident’s consumer privacy and protection rights. These CCPA laws standardize how a company can use any personal customer data information that they might collect.

This privacy law also permits California residents the right to find out what information businesses have about them. CCPA also gives residents the option to choose not to participate in any information collection efforts and instructs a company to remove that personal information they might have on that specific customer. Under the CCPA, Californians can also disallow a company from selling their personal data to another company.

Customer names, social security numbers, and mailing addresses, all fall under the protection of the CCPA. Other customer online metrics are also protected by the CCPA. These online metrics include online search and browsing histories and individual email addresses.

Who Does CCPA Apply to?

Not every California company is required to comply with CCPA regulations. CCPA applies only to those businesses that report over 25 million in revenues where half of those revenues result in personal data sales. Companies that buy or sell personal information for over 50,000 households or customers must also meet CCPA terms.

The CCPA also compels a company to enhance its cybersecurity protections to safeguard their collected personal information from unauthorized access or theft. The deadline for companies to comply with CCPA is January 1, 2020.

CCPA Compliance Challenges

Approximately fifty percent of US industries impacted by CCPA are expected to be in compliance by that 2020 deadline. Some of these companies are reporting that their three biggest challenges to comply with the new CCPA compliance requirements fall into these three broad categories.

Limited Implementation Time

Many executives are concerned about the limited time available to prepare. Numerous companies rank CCPA compliance as their top business priority. Retail and TMT companies, for example, are prioritizing CCPA compliance to a greater degree than other sectors.

CCPA now includes a process for customers to bring action against companies that violate the CCPA. Consumers must now provide a 30-day notice to a company that they think violated the terms of the CCPA before they can take legal action. Companies have 30 days to respond and “correct” the violation.

Proper Technological Infrastructure

Part of the success in complying with CCPA provisions is to be able to quickly prove that compliance efforts have been launched. One way companies can do this is to use content management systems to organize their customer’s personally identifiable data.

Enterprise Content Management systems manage personally identifiable information. These content management systems can look for and reply to any security breach. These systems can also pinpoint gaps in security frameworks that might make a company prone to security risks.

Adept at Multiple Data Privacy Laws

For a company operating in multiple states (let alone other countries), the scale of the challenge is clear. Every state expects a company to respect its customer’s privacy in different ways. It won’t be a “one size fits all” approach for companies to comply.

For example, the Nevada Privacy Act only applies to companies that operate online businesses. The CCPA compels both online and offline businesses to comply with the Act. New York’s Privacy Act requires companies to prioritize customer privacy over making a profit.

How Can Companies Prepare?

CCPA becomes effective on January 1, 2020. The good news is that companies can prepare right now to meet these new compliance expectations. Follow this quick CCPA compliance checklist to help make sure you are on your way:

1. Brief Your Staff That Changes are Coming

The best way you can update your existing systems is to enlist the professionals you hired in the first place. Brief your IT leadership teams to let them know of the upcoming CCPA changes so that they can advise you on how to prioritize upgrades within your existing systems. Your IT staff can also help you map out the process to update your employee procedures as well.

2. Train Your Team

Educate your staff on the key aspects of the CCPA. This training should take place well before Jan. 1, 2020. This training should include an overview of individual state privacy laws that do business with your company.

3. Create a Customer Response Process

By January 1, 2020, CCPA requires companies to answer customer inquiries about their personal data. To be able to respond to these inquiries, your company should develop procedures for processing these requests. These inquiries might include:

• How can I get a copy of my personal information?
• How can I get my personal information deleted? and
• What parts of my personal information are being sold?

4. Update Your Website with a Privacy Homepage

This page should contain your updated privacy disclosures that inform clients of the personal information that you collect. Provide advisory information on what point during the interaction you will start collecting information during your interchange. Advise your customers on what information you are collecting and what purpose you plan to use this information.

Your privacy page should also advise viewers on what type of third parties you plan to share their data with. Be sure to have a way for viewers to choose not to have their personal information sold. You can handle this with a clearly marked privacy link or button that reads “Don’t Sell My Information.”

Next Steps

Feel like you are more informed on some of these CCPA compliance challenges ahead? Make no mistake, there are many changes waiting for you. Just be confident that you have a team of able in-house professionals who can help you comply with these new terms.

If you’re ready to start your compliance efforts, call your team together. Purchase a new enterprise management system to start your data collection efforts. Revise your company website to outline your privacy disclosures as well as your “Don’t Sell My Information” button.

Don’t forget to check our website for more helpful information on privacy rights management. We can help safeguard your customer's privacy rights without overburdening you!

About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, ...

Log4J Vulnerability Update

At Truyo we take data privacy and security very seriously. Recently a security vulnerability was reported in the open-source Java library “Log4J” that...

Forrester Wave Announcement: Truyo Named Strong Performer

Report notes Truyo’s “management and fulfillment of individual privacy rights capabilities are some of the best in the market ” PHOENIX (Dec. 09, 2021...

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers b...