Data protection laws in India relating to sensitive personal data under IT Act 2000

To ensure data privacy and security, the Government of India inserted Section 43A in the Information Technology Act 2000, to ensure that corporates handling sensitive personal data(as defined in the rules) take adequate precautions, and are subject to certain minimum obligations and liabilities even when not specified in the contract. For this, they framed the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011(read it at the link
http://www.mit.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf ) which gives some comprehensive guidance on the subject. Rule 3 defines sensitive data, with a focus on financial/health records, with a safeguard clause that information accessible in public domain is not considered sensitive.

3. Sensitive personal data or information.— Sensitive personal data or information of
a person means such personal information which consists of information relating to;—
(i) password; (ii) financial information such as Bank account or credit card or debit card or
other payment instrument details ; (iii) physical, physiological and mental health condition;
(iv) sexual orientation; (v) medical records and history; (vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for
providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

Besides the requirement for explicit opt-in consent from individual(that can be withdrawn at any time), privacy policy, restrictions on sending data abroad etc, Rule 8(3) gives a safe harbour of what does reasonable safety practices mean for the purpose of these Rules.
The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis(atleast annually or when significant upgradation takes place!) by entities through independent auditor, duly approved by the Central Government.

As this law applies to all companies, they better be careful else for those not getting audited, proving good faith/due diligence will be difficult

Learning about the real facts of life online

A side effect of surfing online is that you stumble across plenty of interesting stuff. But thanks to the surfeit of PR material masquerading as content, it is sometimes difficult to get the true picture. Below are some useful resources I found in that regard.

1. IIM tips/NIT tips/ CA tips-a new fad has sprung up on Facebook where groups are made ending with 'tips' that give tongue in cheek one liners about anything under the sun, right from IIMs to Gujjus. This community is growing by the day, and chances are you will get information on any profession/aspect of life on that soon
2. Memes:- Many sites have memes which are again one liners, mostly on communities but often on other things as well. Sites like tumblr are a classic example of this.
3. Jokes: They say there is no smoke without fire. Hence, even the 'racy' jokes have a factum of truth, and can be very illuminating on the profession
4. Glassdoor:-This is often more reliable than Vault Guides in my view, because people can safely state even negative aspects online, which is not possible always in standard publications.
5. Quotable Quotes:-Sites like brainyquotes have a very rich collection of quotes online, and most are quite insightful
6. Classics:- Thanks to Project Gutenburg and other sites, one can read classics online for free(even the Kindle Store has free classics for Kindle). They say that the past repeats itself, so reading classic novels can give deja-vu when those situations are unfolding around you.
7. Anonymous blogs:-For example, a famous finance blog-the Eipcurean Dealmaker has an anonymous writer who frankly writes about the industry, unafraid of the consequences on his day-job. This is a luxury which only anonymity confers.  (http://epicureandealmaker.blogspot.com/)
8. Comment section on certain sites:-Often, the comments section is entire spam as in Rediff and TOI, but on more reputed forums like Economist/HBR/FT, the quality is comments is great and often surpasses the result of the post itself. And many commentors supplement their views with real life examples.
   

The online forum users who get my hackles up.

Be it Rediff/Facebook pages/online job postings etc, one invariably sees a lot of spam and clutter. This is because of the people below.

• The Q jumper:-This person does not bother to use the 'report abuse'/'customer service ticket' options but straight away plugs in a forum message
• The spammer:-This person advertises their product/services ranging from Nigerian letter fraud to work from home to online retail for certain err..drugs.
• The English challenged:-This person posts rants in broken English. Nothing wrong in that per se, just that I dislike it.
• The Agenda pusher:-This person has a rant against a person(say AzimPremji/Sonia Gandhi/Congress/missionaries) and whatever be the topic, somehow finds a way to insert their views into the fray and create a mess. 
• The CAPSLOCKER:-This person imagines that by  writing everything in caps, they will somehow get more attention. Nothing can be farther than the truth.
• The hoarder:-When a kind soul states that s(he) will email/share a resource with all those who email them, the hoarder is too lazy to send an email, but instead decides to
• The potential social engineering victim:-This person gives their personal details like name/address/contact details and even account numbers, hoping that the customer care person will take care of it OR that the

The vocabulary premium-how the digital words rewards command over keywords

The other day, I was reviewing the statistics of this(and others) blog of mine, and it struck me that the most popular posts were the ones with jargon/keywords(thus increasing the traffic from Google and other search engines). The reason for this was perhaps that those posts showed up prominently in the results of certain keywords.

Other non trivial examples of this in practice are

• Journals insist on keywords for ease of indexing, but increasing with them going digital, these keywords are often most valuable to quickly locate the paper/article or to invite serendipity by browsing all content under a particular keyword. 
• Google Advertising has a successful 'Ad Words' program where advertisers bid for the right to exhibit their relevant content alongside the search results for certain keywords. 
• As the cybersquatting and legal domain name sale data shows, those who are creative enough to register popular domain names well in advance, can mint millions. 
• Blogs have a special term for keywords as 'tags','categories' etc so that the blog visitors can see similar content grouped together. 
• As veteran search engine users would have uncovered, an ounce of correct and comprehensive keywords can save a pound of laborious searching over hundreds of pages.  
• For patent landscape analysis or corporate name search, one needs creativity and a good vocabulary for finding out 'simillar' categories and names.