Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/50874
in. "It is tough to get a clear view of the laws and how they are applied because sometimes one gets the opinion that the laws are applied differently in dif- ferent jurisdictions," says Ochrym. One of the concerns for Canadian investors is the lack of an Indian counter- part to Canada's Personal Information Protection and Electronic Documents Act. PIPEDA provisions cover organi- zations and companies that collect, use, and/or disclose personal information about Canadians. The Office of the Privacy Commissioner issues guide- lines for companies working within the act. So far the office has issued guide- lines for methods of identifying and authenticating customers in ways that respect PIPEDA for recording of cus- tomer telephone calls, for overt video surveillance in the private sector, for surveillance of public places by police and law enforcement authorities, and for responding to privacy breaches. In a March address to the Joint Forum for Financial Market Regulators in Toronto, assistant Privacy Commissioner Elizabeth Denham told the conference, "PIPEDA does not India gate in Mumbai, India. to the local laws." There are no specific privacy and data protection laws in India. However, various other laws exist intending to safeguard information. The Indian Information Technology Act, 2000 and Credit Information Companies Regulation Act, 2005 are two laws that It is one thing putting the law on the books and it is another thing enforcing it. I think that is the challenge Indian regulators face, I mean, that is a legitimate challenge when you are governing one billion some odd people, NATALIE OCHRYM, Sun Life Financial Inc. prohibit trans-border data flows. But it does require companies to protect the personal information in their care, even if the use of the information has been outsourced beyond Canada's bor- ders. PIPEDA also requires companies to inform customers that their personal information may be sent out of the country, and that while such informa- tion is out of the country, it is subject seek to safeguard data. Manjula Chawla, a corporate law- yer in India and author of the report "Overview of Data Protection Laws in India" wrote, "the lack of a comprehen- sive legislation pertaining to privacy and data protection has been a matter of concern. This concern has been particularly expressed by foreign com- panies that are doing business in India and are transmitting confidential data into the country." Chawla's report also says the Indian penal code does not specifically address breaches of data piracy. However, under s. 403 of the penal code there are penal- ties for "misappropriation or conver- sion of 'movable property' for one's own use." Movable property in this context refers to "property which is not attached to anything and is not land." One area where defined penalties do exist is for breach of intellectual prop- erty laws under the Indian Copyright Act. The laws allow for a maximum penalty of three years in jail and fines up to $5,000 depending on the severity of the piracy. Soma Choudhury, a lawyer with the Ogilvy Renault LLP India practice group in Toronto, says while one of the complaints about doing business in India is a lack of laws, in reality the opposite may be true. "Some of it is also not being aware of the market. The laws exist, it is a highly-regulated regime, so it is a myth that some of the laws just don't exist, but you've got to know the laws," she says. "That's when you partner up with the proper Indian law firms and with INHOUSE AUGUST 2009 • 23