Peter Brown writes:
In the United States, India is synonymous with outsourced data processing services and customer service call centers for credit card issuers, banks and retailers. The flow of data between the two countries has been unrestricted and, to a large extent, unregulated. This has now been changed.
In April 2011, India adopted new privacy regulations known as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These rules apply to all organizations that collect and use personal data and information in India and are likely to affect any corporation that outsources to India or collects personal information there in its business.
One of the more important provisions relating to foreign companies is that no organization inside India may transfer sensitive personal data to a third party outside of India unless the transferee ensures the same level of protection that is required by the Indian Rules. Sensitive personal data is defined as financial information; passwords; physical, physiological, and mental health condition; sexual orientation; medical records and history; and biometric information.
Read more on Data Privacy Monitor.