XYZ Inc of USA has setup a captive back office operations center in India. The captive is registered as a separate legal entity by the name XYZ India Private Limited and provides services only to XYZ Inc by catering its technology support needs. During the process of providing services, the Indian entity does not receive any customer information of the XYZ Inc. However, information such as financial information and biometric information etc. of the employees of XYZ India is shared with the XYZ Inc.
What necessary steps need to be taken before actual sharing of the aforesaid information happens?
1. Seek consent from the employees of XYZ India before sharing the information;
2. A lawful contract between the XYZ Inc and XYZ India regarding the terms of sharing and data protection measures to be taken, with the obligation on XYZ Inc of not sharing the received information further without permission from Indian entity;
3. The XYZ Inc should agree to provide better or at-par level of data protection as prescribed in the IT (Amendment) Act, 2008;
4. The country in which the XYZ Inc is located should ensure better or same level of data protection as prescribed in the IT (Amendment) Act, 2008
privacy
1 year, 2 months ago