Page 311 - DMGT308_CUSTOMER_RELATIONSHIP

Page 311 - DMGT308_CUSTOMER_RELATIONSHIP_MANAGEMENT

P. 311

Customer Relationship Management

Notes At present, India has a privacy jurisprudence that has been judicially derived from the fundamental
rights set out in the Constitution. Through a series of cases the courts have upheld an implicit
right against police action that impinges upon the personal privacy of citizens. However, most
of these cases have been argued in the context of invasion of physical privacy and relate to the
right of individuals against harassment by governmental authorities.
With the increasing digitization of data, many entities both public as well as private, have
collected and currently hold vast amounts of personal data. It is possible that public entities and
governmental agencies currently hold much more personal information about a larger section
of society than any private entity. There is currently no legislation that protects against the
misuse of this data. Should legislation be passed that addresses the privacy concerns around
such data, it is imperative that such legislation apply equally to public as well as private entities
in order to equally protect citizens and individuals against the misuse of their personal data.

Data

All the legislations that were examined, with the exception of 13 countries, made a distinction
between personal data and personal sensitive data, applying a greater standard of care when
dealing with personal sensitive data as opposed to personal data.

Recommendation

In the Indian context, it is advisable that such a distinction be brought about in order to ensure
that all forms of identifiable data are protected under the general right to privacy but that a
greater responsibility is imposed on entities processing or collecting certain categories of
information which if disclosed could result in significant financial, reputational or other
associated loss to the person concerned. At present the Information Technology Act, 2000 includes
data protection provisions that apply to personal sensitive data alone without making the
distinction between that and personal data. It will be important to reexamine the definition as it
currently stands in that Act, and suggest an appropriate definition that realistically distinguishes
between personal data that deserves some amount of protection and personal sensitive data that
requires a greater degree of protection.

12.1.14 Personal Data

Almost all the legislations define personal data to mean any information that relates to an
identifiable person. Unless the sum total of the information in question has the ability to identify
a real person it will not be elevated to the status of personal data.

In most cases, personal data refers to identity information about natural persons. However,
some jurisdictions include within the ambit of personal data, identity information about legal
persons, bodies or associations.

Recommendation

In the Indian context it is advisable to limit the legislation to personal information relating to
real persons as there are other legislations that deal with information in the context of legal
persons such as corporations. Besides, there is a greater risk of personal injury in the context of
real persons as opposed to legal persons.
It is also important to draw from the best practices of countries around the world in coming up
with an appropriate definition for personal data that results in information that is capable of
identifying a person, either directly or indirectly (and thereby causing risk to his identity),
being included within the ambit of the definition. It is possible that a person could be identified

306 LOVELY PROFESSIONAL UNIVERSITY

306 307 308 309 310 311 312 313 314 315 316