Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

Ministry of Communications and Information TechnologyrulesIn ForceNotified: 11 Apr 2011

Defines sensitive personal data or information (SPDI), requires body corporates to implement reasonable security practices (IS/ISO/IEC 27001), mandates privacy policy publication, and sets rules for collection, disclosure and transfer of SPDI.