More than 60 countries around the world have enacted laws that protect the privacy and integrity of personal data. These laws focus on issues relating to the minimum standards for the collecting, processing & securing of data and the use of the data provided by internet users. It limits the use of the personal data only for the purpose for which the data was given. Visitors to any website want their privacy rights to be respected when they engage in e-Commerce. It is a part of the confidence-creating role that successful e-Commerce businesses have to convey to the consumers.
India presently does not have any law governing data protection or privacy. The Information Technology Act 2000 (IT Act 2000) incorporated a few provisions relating to data protection in Data Privacy Rules which deals with:
• protection of sensitive personal data: security practices and procedures that must be followed by organizations dealing with sensitive personal data
• due diligence to be observed by intermediaries
• guidelines for cybercafes
Sensitive Data is defined as personal information that relates to:
• Financial information such as Bank account or credit card or debit card or other payment instrument details
• Physical, psychological and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information
Sensitive Data is broadly defined to include data obtained by any method, including lawful contract. The problem that arises in e-Commerce is that the Internet is global. Generally the regulations of the Indian Government will have very little impact unless they are part of a larger international setting. The protection of personal data has never been a purely national problem; it was always a global issue.
The type of information collected by the operating websites can be classified as either individually identifiable information or mass undisclosed information.
Identifiable information can be defined as information that can be used to identify an individual like name, address, telephone number, credit card number, or email address and also IP address.
Mass undisclosed information can be defined as information that a website or a third party on its behalf aggregates and categorizes by established geographical areas, such as postal codes and contains non-consumer specific information. One of these tools is called Cookies which is simply a piece of information that is saved on your own computer or your browser. It contains information as to the personal preferences exhibited when visiting a website.
Websites would be required to provide consumers a notice of what information they collect and how they use it and even offer consumers choices as to how that information is to be used beyond the use for which the information was provided and reasonable access to that information and an opportunity to correct inaccuracies. Websites would be required to take reasonable steps to protect the security and integrity of that information. Websites that collect personal information from children, 12 and under, need to provide actual notice to the parent and obtain parental consent.
The purpose is to prevent violations of fundamental human rights such as unlawful storage of personal data, or the abuse or unauthorized disclosure of such data.