A new bill considered by the Center proposes penalties for the data processor in the event of a data breach.
The Center is framing a new data protection bill that will do something about personal data breach. Ignored for a long time, the new data protection bill will fine the data processor or data fiduciary a sum of up to ₹250 crores in case it fails to have security safeguards to prevent such personal data breaches, say sources.
The new bill is currently in the drafting stage as part of the Digital Data Protection Bill, which was earlier withdrawn from the Personal Data Protection Bill 2019. The original bill had proposed a penalty of Rs. 15 crores, or four percent of the company’s global turnover. The new draft wants to incorporate stricter penalties for regulating social media. The penalties will range from Rs. 10000 to Rs. 200 crores, if there is no compliance with the provisions of the law.
“If the Board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance,” the draft said.
The draft also proposes a graded penalty system for data fiduciary that will process the personal data of owners in accordance with the provisions. It also says that the same set of penalties for the data processor. The draft is already published and it will be open to public comments until December 17.
The new proposed data protection bill is expected to put an end to the misuse of customer data. Those who violate the law will face action under the rule, says IT Minister Rajeev Chandrasekhar.