The Information Technology Act, 2000, came into force on 17 October 2000. As IT by its nature is continually transforming and reinventing itself, it is necessary to periodically take a fresh look at any IT-related law. Rising concerns in the last few years – about data security, data privacy, hacking, child pornography, spam, phishing and other online offences – gave rise to the need for the IT act to be revised.
The IT act review process began with the setup of an expert committee in January 2005, and culminated on 5 February with presidential assent of the amendment bill and the entering of the Information Technology (Amendment) Act (ITAA), 2008, in the statute book. The ITAA, which is yet to come into force pending finalization of the draft rules and issuance of the necessary notification, introduces significant changes:
Data protection: To satisfy a long-felt need to protect confidential information handled by the business process outsourcing (BPO) sector, the ITAA formally introduces the concept of data protection through two new sections, 43A and 72A. These provide for civil and criminal liability for failure to protect personal data and impose strong obligations on Indian BPOs to implement the best security practices for handling the data they collect while rendering services.