Leaking consumer contact info may make biz entities liable to Rupees 250 crore fine

NEW DELHI: The proposed digital personal data protection law seeks to clamp down heavily on consumer-facing industries such as banks, insurance companies, real estate and automobile sellers, hotels and restaurants and e-commerce as well as social media giants if they compromise vital information of customers by leaking and selling names, phones numbers, or other information to third parties.

A top official involved in the drafting of the new law said that the government has taken care to make sure that entities who are the first recipients of the information from the customers are the ones that would be charged for any leaks, with fines that may go up to Rs 250 crore for a single leak and higher in case of the sharing is done with numerous companies.

“For example, you approach a bank for a car loan, and a bank official sells your details to car makers who in turn transfer it to insurance companies. In this case, it is the bank that will be penalized for illegal sharing of the data under the new law,” the official said.
“The whole concept of the data law is to protect the privacy of individuals and guard against any unauthorized usage of the data,” the official said.
In fact, the bill – which was tabled in the Lok Sabha last week by communications and IT minister Ashwini Vaishnaw – gives out examples of how to handle sensitive consumer information and what to do with it once the task is over.
It clearly spells out that the information collected on the users needs to be removed once a given task is over.