PL&B International E-news, Issue 85

1. India: new law on liability for personal data breaches

In February India adopted a new law, the Information Technology Amendment Act 2008, which increased the grounds of liability for negligently handling personal data, and increased the maximum damages to 50 million rupees (approximately £660,938). It also creates privacy violation offences, punishable by a maximum of three years imprisonment or a maximum fine of approximately £2,646. Companies outsourcing to India will need to ensure that their service providers comply with the new amendments. The Act was introduced in 2006 (PL&B International, February 2006, pp. 8-9). It also authorises the government to prescribe security practices.

There will be a more detailed report in the June issue of the Privacy Laws & Business International Newsletter.

2. Three more EU Member States Join BCR Mutual Recognition Club

The Czech Republic, Slovak Republic and Malta have joined the Binding Corporate Rules (BCRs) mutual recognition procedure. This provides that a set of BCRs approved by the data protection authority (DPA) of one state will be accepted by the DPAs of the other states. The number of participating countries is now 16.

3. EU acts against Sweden on data retention

The European Union has begun legal action against Sweden for its failure to implement the Data Retention Directive. The 2006 Directive requires EU member states to adopt legislation requiring Internet service providers to retain data for terms of six month to two years. National legislation was to have been passed by March 2009, but Sweden has yet to introduce a bill.

Click here for further information about subscribing to the international newsletter.

Copyright Privacy Laws & Business 2009