The Washington Post reports on new data privacy regulations in India that are affecting U.S. companies:
Data privacy rules enacted last month in India are now alarming some U.S. companies, which worry that they may be too restrictive.
The rules in India’s Information Technology Act govern the collection and use of personal information including banking and medical details. But business leaders in India and the United States worry that they add a cumbersome layer of disclosures such as obtaining written consent from each customer before collecting and using personal data. […]
The rules about data privacy will apply to all Indian organizations and will affect multinational corporations that outsource business operations to India or have opened back-offices here.
The new measures were designed to ensure that all personal information that a company collects is secure. It obliges those who handle sensitive personal information — like passwords, bank account and credit card numbers, medical records, biometric data — to implement an elaborate technical, managerial, physical and operational information security practice and set up a dispute resolution process.
Some say they are far more restrictive than American and European data privacy laws, and may put off customers.