Question:

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, mainly focus on:

Show Hint

The SPDI Rules, 2011, were India's first major step toward formal data privacy regulations, holding companies accountable for leaking sensitive user information.
Updated On: Jun 29, 2026
  • Collecting personal data without prior permission from users
  • Protecting sensitive personal data or information by companies
  • Promoting digital games and online entertainment services
  • Regulating the pricing of mobile devices and services
Show Solution
collegedunia
Verified By Collegedunia

The Correct Option is B

Solution and Explanation



Step 1: Understanding Indian Cyber Laws:

The Information Technology (IT) Act, 2000, is India's primary law regulating cybercrime and e-commerce. Under Section 43A of this Act, the Indian government enacted the Sensitive Personal Data or Information (SPDI) Rules in 2011.

Step 2: Core Provisions of the SPDI Rules, 2011:

These rules set compliance standards for body corporates (companies, organizations, and web platforms) that collect, process, store, or transfer sensitive personal data of Indian citizens.
• It defines what counts as sensitive data (passwords, financial info, medical records, biometric data, sexual orientation).
• It mandates publishing a clear privacy policy.
• It requires obtaining explicit user consent before data collection.
• It requires implementing robust security standards (like ISO 27001).

Step 3: Verification of Options:

Option (B) is the accurate objective of these rules. Option (A) is a violation of the rules, while Options (C) and (D) are outside the scope of data privacy rules.
Was this answer helpful?
0
0