[P.S: Privacy law is evolving and hence answers given here can be considered only as the best available answer at this point of time. We reserve the right to make changes]
|Is PDPA applicable to paper based manual filing systems?
|Is Financial data such as Bank account balance, Asset value, Share value come under PDPA?
|Can we list all laws other than PDPA that are applicable for Personal Data Protection?
|Mainly ITA 2000 and Indian Contract Act 1872 would be applicable. There could be other laws where some provisions may apply to personal data for a specific purpose (eg Company’s Act,Indian Evidence Act etc). If there is conflict, it has to be resolved under exemptions or legitimate interests
|Which other country Personal data protection acts have been referred by Justice Srikrishna commission while drafting
|EU, US, China, and about 68 countries in total have been referred to in the report. etc.
|Which are the types of Privacy covered under PDPA?…Profiling? Privacy of personal communication? Bodily Privacy? Spatial Privacy?
|Is Personal data refers only to a natural person and not Juridical person?
|Anonymisation – to make Anonymisation an irreversible process, key identifiers from a set of personal data will be removed . Post that the key identifiers are supposed to be destroyed by DF & DP.
How do we ensure that the identifiers have been destroyed?
How this can be ensured while auditing ? Do we need to rely on
documented statement by DP or DF & trust the same or any other means?
|Guideline is expected from DPA. Companies need to develop algorithms for anonymization and the process has to be shared with the DPA in the Privacy by design policy. Auditors will check the process and may also conduct some test verifications. They will also obtain certifications from the DF that the process is irreversible.
|Section 3 (12) -Definitions – Data – includes a representation of information, facts, concepts, opinions or instructions. Can we get some examples for Data representing – Concepts & Instructions.
|Data can be in many form. A representation could be an image or sound, besides text. It can include illustrations, diagrams, sensory perceptions conveyed through appropriate hardware. It also includes data in the form of tables, unstructured forms etc.
|Section 3 (36) – Sensitive Personal data – How all Official Identifiers becomes sensitive data – Eg: DL Number, Voter ID, Passport Number etc…?
|Official identifier may singly be able to identify the person completely with publicly available information
|A set of 30 questions are answered separately here