Ministry of Communications and Information Technology, Government of India had put up during draft rules under section 43A and 79 of Information Technology Act, 2000.
Section 43A provides for compensation for failure to protect senry sitive personal data by body corporates, who are expected to implement and maintain reasonable security practices and procedures as prescribed by Central Government. In this regard, the draft rules lay down for compulsory Privacy Policy by body corporates and also provide for restriction on disclosure of information to third party, which cannot be made except with prior permission of the information providers.
Section 79 provides exemption from liability to an intermediary, if the intermediary, among other factors also observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf. In this regard, the draft rules lay down that intermediary to have proper terms and conditions of use of its website, user agreement, privacy policy, etc.
Section 79 also includes role of cyber cafes as intermediaries, in this regard also draft of cyber cafe guidelines have been put up by ministry for public comments. It includes provision for Identification of User, Log Registers, Management of Physical Layout and computer resource and inspection of cyber cafe.