The revised Data Protection Bill foresees imposition of strict financial penalties if organizations fail to contain data breaches or intimate users and the government about such incidents, a draft version revealed.
The media source “Economic Times” reviewed some portions of the Bill that has been renamed as the Digital Data Protection Bill. It is expected to be released for public consultation in the next few days of this month.
The Data Protection Board of India, slated to operate as an independent body and function as a “digital office,” will be empowered to adjudicate on deciding the quantum of any such penalties.
According to the draft Bill, “If any organization, data fiduciary or processor, handling personal data of users fails to “take reasonable and necessary security safeguards to prevent personal data breach”, a penalty of up to Rs200 crore may be levied to that organization.
In addition to this, if an organization fails to “notify the Board and affected Data Principals or users in the event of a personal data breach that is likely to affect the data principals, a penalty of up to Rs150 crore shall be applicable,” it further stated.
A similar penalty may be imposed in case of non-fulfilment of some additional obligations and duties in relation to children where a child has been defined as a person who has not completed 18 years of age.
The proposed Board will be led by a chairperson as well as full and part-time members with major experience and qualifications. They will be considered civil servants during their tenure with the Board.
The Government will define which geographies are “trusted” from time to time.
Criminal penalties proposed on staff of companies involved in data breach may also be scrapped in the new draft, which is likely to be released for public consultation in the next few days.
For feedback and suggestions, write to us at editorial@iifl.com