The Washington Post reports on new data privacy regulations in India that are affecting U.S. companies:
Data privacy rules enacted last month in India are now alarming some U.S. companies, which worry that they may be too restrictive.
The rules in Indiaâ€™s Information Technology Act govern the collection and use of personal information including banking and medical details. But business leaders in India and the United States worry that they add a cumbersome layer of disclosures such as obtaining written consent from each customer before collecting and using personal data. […]
The rules about data privacy will apply to all Indian organizations and will affect multinational corporations that outsource business operations to India or have opened back-offices here.
The new measures were designed to ensure that all personal information that a company collects is secure. It obliges those who handle sensitive personal information â€” like passwords, bank account and credit card numbers, medical records, biometric data â€” to implement an elaborate technical, managerial, physical and operational information security practice and set up a dispute resolution process.
Some say they are far more restrictive than American and European data privacy laws, and may put off customers.