Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » DPDP Act: Social media companies may have to delete data of users away for three years

DPDP Act: Social media companies may have to delete data of users away for three years

DPDP Act: Social media companies may have to delete data of users away for three years

The government may mandate permanent deletion of personal data of users who have been “completely away” from their accounts on social media and other internet platforms for at least three years in a row.

The proposal is part of draft executive rules of the Digital Personal Data Protection (DPDP) Act, which was ratified as a law in August this year. ET has seen a copy of the draft rules, which will be floated for discussion among stakeholders shortly, before being notified.

The rules, which mandate the deletion of personal data after the specified period, are also likely to be extended to ecommerce companies, online marketplaces, gaming intermediaries and all social media intermediaries, irrespective of the number of users they have in India.

“There was some feedback from social media intermediaries on the process to be followed if law enforcement agencies seek data of such accounts after these three years. Those details will need to be worked out. By and large, the idea here is to ensure that the concept of ‘perpetual consent’ for processing personal data is done away with,” a senior government official said.

The draft rules are also likely to propose that allied healthcare professionals, clinical establishments, medical educational institutes, healthcare professionals, health services and mental healthcare establishments be allowed to use some publicly available personal and non-personal data “in the interest of public health or making of evidence-based research, archiving and statistical purposes”.

Educational institutes that are established, owned, controlled or recognised by the central government, state government or any local authority or academic institutes that have been established for “higher education” or research and scientific and technical education will also be given the exemption to process such data for research purposes, the draft has proposed.

“There will be safeguards such as what is the nature or quantum of data that can be used and what standards and procedures need to be followed by these institutes if they collect sensitive personal medical records from their patients. Given the nature of information, the safety standards for these institutes will also be proportionate,” the official said.

In cases of breach of personal data, the intermediary handling the data must within 72 hours of becoming aware of the attack, inform the Data Protection Board (DPB) of the “facts related to the event, the circumstances and the reasons for the breach”.

Such intermediaries, also called data fiduciaries, must inform their users and the DPB about the nature, description, date, and time at which the fiduciary became aware of the data breach.

Further, the timing, duration, location and extent of the breach in terms of the quantum of data involved and the potential impact of the breach must also be informed to both the user as well as the DPB within 72 hours of the intermediary being made aware or becoming aware of the breach, the draft rules have suggested.

Data fiduciaries targeted by such breaches must inform the impacted users how they can safeguard their personal data and the measures that have been taken by the company to mitigate the risks to the user, the draft has proposed.

Within 72 hours of such data breaches, the intermediaries must also inform the DPB of details such as the number of users impacted and if they have been able to collect information on the person or entity or the cause behind such breach.

The DPDP Act mandates that any company or individual collecting, managing or working with data from other users must obtain explicit consent from them by telling them about the purpose for which the said data has been obtained.

It also mandates that such companies which collect, manage or process data must not go beyond the mandate for which the consent was obtained.

 

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket