Under this Rules there are 4 sets of rules that are introduced like Security Practices Rules, Intermediary Guidelines Rules, Cyber Cafe Rules, and Electronic Service Delivery Rules.
Central Government as per powers conferred by Clause (ob) of Sub-rule (2) of Section along with Rule 43A of Information Technology Act 2000 made this Rules and it shall come into force on the date of its publication in the Official Gazette and it will be called as the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
Rule 2 explain various definitions like Act, Biometrics, body Corporate, Cyber incidents, Data, Information, Intermediary, Password, Personal Information. Rule 3 states about sensitive personal data or information like password, financial information, physical or mental health condition, sexual orientation, medical records and history, biometric information etc but any information that is freely available in public domain cannot be called as sensitive personal data.
Body corporate to provide policy for privacy and disclosure of information, collection of information which is done by writing or fax or email and body corporate should hold the information for longer period but body corporate cannot be held responsible for authenticity of information supplied by provider to body corporate. Disclosure of information to 3rd party will be with prior permission from provider but Government agencies can obtain it under the law.
Transfer of information is allowed only when necessary. Reasonable security practices and procedures have to be followed by body corporate and any other form other than IS/ISO/IEC codes if used should be approved by the Central Government.
Under Information Technology (Intermediaries guidelines) Rules, 2011 due diligence has to be observed by intermediary while discharging duties like rules and regulations terms and conditions where it shall inform users of computer not to display, upload, publish, update anything that is harmful, defamatory, obscene, libellous, hateful, harmful to minor, violate any laws, etc. intermediary should follow the provisions of the Act. Intermediary should make his computer secure and shall report to cyber security incidents of relating to cyber security.
Under third set of rules which may be called the Information Technology (Guidelines for Cyber Cafe) Rules, 2011 deals with Agency for registration of cyber cafe with name of establishment, address with contact details, date of incorporation, name of owner etc to be displayed. Registration of details should be published on website, Government should make an online registration facility available. Identification of user should be given in cyber cafe and the cafe should keep a record of such identification and he may be photographed by the cyber cafe using a web camera. A minor is not allowed to use the computer in cyber café without an adult accompanying with him. If any doubt arise regarding any person, cyber cafe should report to the police about such suspicion. Log register should be maintained by cyber cafe and prepare a monthly report, and they shall be responsible for storing such date and the log register should not be altered but should be maintained. Manage the physical layout and computer resource and inspection of cyber cafe by officer and owner of cyber cafe has to cooperate with his work.
Under the information Technology (Electronic Service Delivery) Rules, 2011 states that government should specify the form and manner of system of electronic service delivery and its manner of encryption, notifying the service provider about it, government also can determine norms on service levels to be complied by Service Provider.
Government to notify the services that can be delivered from time to time. Creation of repository of electronically signed electronic records by government authorities and procedure to make changes in these signed electronic records. Service provider should keep updated accounts of transactions, receipt of payment for electronic services delivered etc. Audit and accounts is explained under Rule 8 and different type of special stationery that may be used can be specified by Government is explained under Rule 9.
by Sushma Javare.