Step 1: Understanding Indian Cyber Laws:
The Information Technology (IT) Act, 2000, is India's primary law regulating cybercrime and e-commerce. Under Section 43A of this Act, the Indian government enacted the Sensitive Personal Data or Information (SPDI) Rules in 2011.
Step 2: Core Provisions of the SPDI Rules, 2011:
These rules set compliance standards for body corporates (companies, organizations, and web platforms) that collect, process, store, or transfer sensitive personal data of Indian citizens.
• It defines what counts as sensitive data (passwords, financial info, medical records, biometric data, sexual orientation).
• It mandates publishing a clear privacy policy.
• It requires obtaining explicit user consent before data collection.
• It requires implementing robust security standards (like ISO 27001).
Step 3: Verification of Options:
Option (B) is the accurate objective of these rules. Option (A) is a violation of the rules, while Options (C) and (D) are outside the scope of data privacy rules.