Skip to main content

Types of Data under Digital Personal Data Protection Act 2023

After the introduction of the Digital Personal Data Protection Act 2023, we can expect a significant enhancement in data governance and the legitimate use of data without infringing on an individual's personal information. This Act lays the foundation for a harmonious coexistence between humans and technology, allowing technology to flourish while also protecting individuals from breaches and grievances.

The Act categorizes data into three primary types: Digital Data, Personal Data, and Non-Personal Data. Understanding these definitions is crucial to comprehending the scope of this legislation.



Digital Data

Digital Data refers to any information that has been converted from non-digital form to digital form. This encompasses various forms of digital data, including:

  1. Video files: Captured or recorded video content.
  2. Audio files: Recorded sound files, such as music or voice recordings.
  3. Image files: Photographs, graphics, and other visual content.
  4. Text file: Documents, emails, and other written content stored digitally.
  5. Database records: Structured collections of data, such as customer information, inventory levels, or financial transactions.

The Act also recognizes Critical Data, which is a subset of Digital Data that requires special protection due to its sensitive nature.

By categorizing and defining these different types of data, the Digital Personal Data Protection Act 2023 aims to ensure that individuals' personal information is protected while also promoting responsible data handling practices and technological innovation.




Personal Data

Refers to any information that identifies an individual, including:

  • Name: First name, last name, pseudonyms, or initials
  • Identification numbers: Passwords, email addresses, Aadhaar numbers, driver's license numbers, or other government-issued identification numbers
  • Financial information: Bank account numbers, credit card numbers, or other financial data
  • Health information: Medical records, medical history, or health-related data
  • Contact information: Address, phone number, or other contact details
  • Biometric data: Fingerprints, facial recognition data, DNA profiles, or other biometric identifiers
  • Browsing history: Search queries, login information, or other online activities
These examples are not exhaustive, as personal data can include any information that can identify an individual.


The Digital Personal Data Protection Act 2023 aims to protect the personal information of individuals by:

  1. Restricting access: Limiting who can access personal data to ensure it is only shared with authorized parties.
  2. Complying with transparency: Requiring companies to maintain transparency on what information is collected and used, ensuring individuals are aware of how their data is being handled.
  3. Holding organizations accountable: Punishing organizations for breaches and misuse of personal data and compelling them to take remedial actions to mitigate any harm caused.
  4. Compelling robust security systems: Mandating organizations to have robust security measures in place to protect personal data from unauthorized access, use, or disclosure.

By implementing these measures, the Digital Personal Data Protection Act 2023 aims to promote trust between individuals and organizations while ensuring the responsible use of technology and innovation.

Non Personal Infromation:

Any information which is related to information which makes keeps the identity of an induvial hidden but still give away information about the person, Anonymous Data is any information that cannot be used to identify an individual. It is data that does not relate to a specific person and does not contain personal identifiers, such as names, addresses, or other unique characteristics. Examples of Non-Personal Information include GPS location, data collected for statistic or research  

Non-Personal Information can be collected and used without obtaining consent from the individual, as it does not pose a privacy risk. However, organizations must still comply with applicable laws and regulations regarding the collection and use of Non-Personal Information.

In contrast to Personal Data, which is protected by data protection laws and requires informed consent before being collected or used, Non-Personal Information is often subject to less stringent regulations. However, organizations must still ensure that they handle Non-Personal Information in a responsible and transparent manner.




Critical Data:

Critical Data, as per the Data Protection and Privacy Act (DPDP), refers to sensitive and essential information that requires robust protection to prevent unauthorized access, use, or disclosure. 

By prioritizing the protection of Critical Data, organizations can minimize the risk of data breaches and ensure the confidentiality, integrity, and availability of their most sensitive information.

Comments

Post a Comment

Popular posts from this blog

Legal Frameworks Addressing Medical Negligence in India

Does the Indian legal system provide enough protection to healthcare providers? Does it offer supportive measures for doctors who find themselves facing false negligence claims? In this blog, we will dissect the law and legal framework related to medical negligence in India. Doctors are human, and humans are bound to make mistakes. Furthermore, desired results depend on various factors such as physical fitness, lifestyle, pre and post-care. The most important question here is: what mistakes become negligence? To answer this question, we must first understand what negligence is. In layman's terms, negligence can be referred to as a lack of attention or care that leads to harm or damage to someone else. Simply put, being careless is being negligent. In legal terms, negligence is failing to take reasonable care or acting imprudently. It is a breach of a legal duty to take care, resulting in damage undesired by the defendant to the plaintiff. To prove negligence, it is essential that a...
Post a Comment
Read more

PHI, PII, and Indian Health Data Laws Explained

If you are a law student or a newbie in the legal field, then it is very common to scratch your head around these concepts. In this blog, we will deal with the understanding of not only the concept of PHI and PII, but we will also dive into Indian laws to investigate similar concepts in the Indian legal landscape. PHI (Personal Health Information) is data associated with information about an individual's health. There is a list of 18 pieces of information that fall under the category of Personal Health Information. This data is often collected by medical practitioners or hospitals for providing better health services. HIPAA, the Health Insurance Portability and Accountability Act, protects the PHI of an individual from being disclosed without his/her consent. Personal data of an individual's health status can cause damage in insurability, employability, and can engrave damage to their privacy. It is obvious to be curious about what elements can be considered as PHI. This includ...
Post a Comment
Read more

Meetings and types / kinds of meetings

Purpose of Meetings: Meetings in a company provide a platform for directors and shareholders to discuss and develop strategies for growth and development. These meetings serve essential functions, including controlling company affairs, preparing future policies, scrutinizing current policies, and more. Statutory Meeting: The first meeting of the company, held once during its lifetime, is known as the Statutory Meeting. Not all companies are eligible to hold such meetings, as only companies limited by shares or guarantee with share capital are permitted to do so. Private companies, regardless of their ownership structure, public companies without share capital, unlimited companies, and government companies are not eligible. The Statutory Meeting must be held after one month but not later than six months from the receipt of the certificate of commencement of business. Notice of the meeting must be given to directors and shareholders at least 21 days prior to the meeting. The purpose ...
Post a Comment
Read more