Sec 43A- ITAA Checklist

The IT (Amendment) Act, 2008 (ITAA 2008), under section 43A and Rules under it, hold a ‘body corporate’ accountable to protect data privacy of data subject (provider of information). To help organizations having operations in India comply with the prescribed requirements, an assessment questionnaire has been separately designed to verify whether organizational practices are compliant
to the requirements mandated in the ITAA 2008.

The assessment questionnaire also very importantly takes into consideration the role of contracts in outsourcing relationships and the way these have been defined and recognized in the section 43A of the ITAA 2008. The questions have been designed to generate mostly a ‘yes / no’ kind of response in order to ease the usage of the questionnaire and make the assessment more objective in terms of generating a ‘compliant’ or ‘not compliant’ status against a particular regulatory requirement.

The questionnaire, however, provides provisions for the assessor to register their observations and remarks in case there are no clear objective answers. This approach would help organizations identify the gaps,rectify the loopholes and attain, and demonstrate compliance. However, this questionnaire is for the purposes of self-assessment.

This checklist is made available for the industry on the occasion of Data Privacy Day and in line with DSCI’s objective to promote Data Protection and its role in establishing a strong Data Protection Regime.