External Context

Ecology
Consumers
 Consumer Privacy
What’s the big deal?
Why do we need a law?
Formation of the Law
The Law
Information Technology Act
2000
Case
Measures taken by commercial organizations
to ensure that confidential customer data is
not stolen or abused.

Laws and regulations that seek to protect any

individual from loss of privacy due to failures
or limitations of corporate customer privacy
measures.
 Sensitive information is required to meet the
customers’ demands for services and products.

 Consumers have an expectation that their

information will not be shared without their
consent.

 Identity theft and data breaches are on the

rise.

 Consumers, investors, public policy-makers &

the media have taken notice of these trends.

 Dramatic increase in credit based products.

The damage done by privacy loss is typically
not measurable, nor can it be undone, and
that commercial organizations have little or
no interest in taking unprofitable measures
to drastically increase privacy of consumer -
indeed, their motivation is very often quite
the opposite, to share data for commercial
advantage, and they fail to officially
recognize it as sensitive.

People -- not computers -- are often the

weakest link in a security program.
The Constitution of 1950 does not expressly recognize
the right to privacy.

The Supreme Court first recognized in 1964 that there is

a right of privacy implicit in the Constitution under
Article 21 of the Constitution.

In 2000 the National Association of Software and

Service Companies (NASSCOM) urged the government
to pass a data protection law to ensure the privacy of
information supplied over computer networks and to
meet European data protection standards.
The Consumer Protection Act 1986.

In May of 2000, the government passed

the Information Technology Act, a set of
laws intended to provide a
comprehensive regulatory environment
for electronic commerce.
Section 43- unauthorized access of the
computer system.

Section 65- against tampering of computer

source documents.

Section 66- against hacking

Section 70- protection to the data stored in

the “protected system”

Section 72- against breach of confidentiality

and privacy of the data.
In June 28, 2006, close to £233,000
(approximately Rs 1.8 crore) appears to
have been siphoned off the accounts of
around 20 customers from the HSBC
Electronic Data Processing India centre in
Bangalore.