Page 24 - KDU Law Journal Volume 4 Issue 2
P. 24

KDU Law Journal                                  Volume 04 Issue II
                                                              September, 2024
             Rule 8(1) , Reasonable Security Practices and Procedures of IT
                      47
             Rule 2011, focuses on data protection and privacy. The rule requires
             organizations to implement appropriate security measures to protect
             personal data from unauthorized access, disclosure, alteration, or
             destruction. This includes implementing access controls, encryption,
             and secure data storage practices.  The IT Rules 2011 concerning
             privacy are an important step towards establishing a legal framework
             for  safeguarding  individuals’  privacy  rights  in  the  digital  age.  By
             implementing  these  provisions,  proactive  measures  ensure  the
             privacy and security of information in the digital age.
             Addressing Privacy Concerns in the  Age of Digital
             Transformation
             The emergence of new technologies such as IoT (Internet of Things),
             artificial intelligence (AI), machine learning, and big data analytics
             has further complicated the privacy landscape. These technologies
             have the potential to analyze and interpret vast amounts of personal
             data, raising concerns about the potential misuse or unauthorized
             access  to  such information.  The  current  legal  framework for
             protecting privacy is a topic of considerable debate with both
             strengths and weaknesses.
             Strengths of Existing Legal Frameworks:
             (a)  Constitutional  recognition  of the  right  to  privacy  as a
                 fundamental right by the Supreme Court of India, particularly
                 through the landmark  judgement  of  Justice  K S Puttawamy

             47  Rule 8(1) Reasonable Security Practices and Procedures-A body corporate or a person
             on its behalf shall be considered to have complied with reasonable security practices and
             procedures, if they have  implemented  such security  practices  and standards and have  a
             comprehensive  documented  information security  programme  and  information  security
             policies  that  contain  managerial,  technical,  operational  and physical  security  control
             measures that are commensurate with the information assets being protected with the nature
             of business. In the event of an information security breach, the body corporate or a person
             on its behalf shall be required to demonstrate, as and when called upon to do so by the
             agency mandate under the law, that they have implemented security control measures as
             per their documented information security programme and information security policies.
             Supra note 45.
                                                             law.faculty@kdu.ac.lk
                                          17
   19   20   21   22   23   24   25   26   27   28   29