- The fact that information is being collected,
- The intention and purpose for collection of such information.
- The intended recipients of such information,
The name and address of the agency collecting such information and entity which will retain such information. While RSP Rules requires an active opt-in, users now are almost habituated to clicking “accept” without having read the terms or if there is a default opt-in, too bad it is not compliant to RSP Rules. Security: The above regulatory procedures are mandated to keep the information safe and secure. RSP Rules go on to prescribe the security measures to be taken, inform about security breaches etc. The point though is that RSP Rules makes it compulsory for the body corporate to certify or conduct an audit to check the validity and effectiveness of ‘Information Security Techniques’ (IS/ISO/IEC 27001) so as to comply with the Rules. But shouldn’t the regulators or enforcement agencies have the ability to check data use/ data discrimination practices? So, shouldn’t the Information Technology Act / RSP Rules provide for it? Author: Manas Ingle Disclaimer: The information contained in this post is for dissemination purposes only and shall not be relied upon as an opinion. For any help or assistance please email us on firstname.lastname@example.org  Why 'anonymous' data sometimes isn't, https://www.wired.com/2007/12/why-anonymous-data-sometimes-isnt/