You Are Responsible For Data Privacy & Protection Obligation

Written By

Pravin Mehta

Updated on

March 17th, 2022

Category

Data Privacy

Min Reading

< 1 min

Comments

No Comments

Compliance Obligation & Penalties SOX,HIPAA, GLBA, JP/PA, EU-DPA, IS027001, IT-Act, PCi-DSS, /SAE3402-3416.

Whether an organization is disposing storage assets by donating to a charity or through a responsible recycler or while returning of leased IT Assets; it has an obligation to ensure that no incident of data breach occurs. The obligations are under various international laws and company policies to demonstrate strict compliance. In an event of data compromise the organization and its officers have to face severe financial penalties and risk imprisonment.

An organization should also exercise care when the IT assets are REASSIGNED INTERNALLY on account of a transfer, resignation, end of project etc. This becomes particularly more important when the same level of confidentiality is NOT maintained in various departments.

US – Compliance Requirement

It is a standard compliance requirement for organizations to completely erase data beyond the scope of data recovery from all IT assets before recycling or reassignment. In United States for public companies SOX and other regulatory directives exist which require complete and secure data erasure.

INDIA – Data Protection & Data Privacy

Under Section 43A of the Indian Information Technology Act, 2000, a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing & maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected.

Additional implications include high costs of lawsuit, loss of reputation & customer trust that may cause permanent or long-term impact on sustainability of an organization

About The Author

Pravin Mehta

8 posts

Pravin Mehta is a Sr. Content Specialist with more than 14 years in Information Technology and services industry. He has contributed opinion posts and technology articles to multiple media sites globally. He served as the Content Lead for Microsoft India web properties in the recent past.