Peter Brown writes:
India’s $41 billion dollar outsourcing industry and its clients can breathe a sigh of relief; the Indian Government has issued an official clarification concerning their new broad privacy regulations.
[…]
In response to industry concerns, the Indian Government has since clarified their recently adopted privacy regulations. India issued an official clarification recently, noting that sensitive personal data sent to India by customers outsourcing information technology work will not be covered by Rules 5 and 6 of the Privacy Rules. Rather, the new privacy rules only apply to Indian companies that collect information from “natural persons.” It is the companies collecting and sending the data, as opposed to the outsourcers, who are responsible for protecting the privacy of the data according to the rules of their respective countries. Therefore, United States companies sending data for processing to Indian outsourcers will be required to follow the privacy laws of the United States, not India.
Read more on Baker & Hostetler Data Privacy Monitor.