Our world is rapidly digitising and therefore our laws must keep pace to meet the ethical, political and economic challenges posed by this ongoing transformation. The Information Technology Act, 2000 was India’s first law which focused on technology and passed with the primary objective of providing legal recognition to transactions carried out through electronic means, regulating cybercrime and e-commerce. Since 2000, various amendments have been introduced in the Act and several Rules have been passed to regulate newer aspects of technological innovation including the comprehensive IT Rules, reasonable security practices and IT Intermediary Rules. 

In terms of protection of personal data and privacy, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 regulates processing of personal or sensitive personal data and prescribes security measures and standards to be followed by all body corporates while collecting / handling / processing or dealing in personal data of persons in India.