The Information Technology (Amendment) Act, 2008 made signification changes to the Information Technology Act, 2000, introducing Section 43A. This section provides compensation in the case where a body corporate that possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person.
Clear and easily accessible statements of its practices and policies;
Type of personal or sensitive personal data or information collected;
Purpose of collection and usage of such information;
Disclosure of information including sensitive personal data or information;
Reasonable security practices and procedures.