IndiaFilings » Learn » Legal » Website Privacy Policy Requirements

Website Privacy Policy Requirements


Website Privacy Policy Requirement

The Information Technology Act of 2000 governs various issues relating to the Internet, maintenance of websites and e-commerce. It is the Information Technology Act that criminalises and provides civil damages for hacking, infusion of viruses, unauthorised copying, tampering, etc., In 2008, the Act was further extended to criminalise additional activity such as sending of offensive content, theft of computer resources, identity theft, cheating by impersonation, cyber terrorism, transmitting of obscene content and child pornography. In this article, we mainly look at the rules concerning website privacy policy and privacy rules in India.

Privacy Laws in India

The 2009 amendment to the Information Technology Act introduced basic privacy and data protection provisions. The privacy law in India now requires businesses and websites to apply due care while collecting and dealing with sensitive personal data or information. A civil provision is now available, prescribing damages for an entity that is negligent in using “reasonable security practices and procedures” while handling “sensitive personal data or information”, resulting in wrongful loss or wrongful gain to any person. Further, criminal punishment is also provided for persons who:

  • Disclose sensitive personal information without the consent of the person or in breach of the relevant contract, with the intention of, or knowing that the disclosure would cause wrongful loss or gain.

Dealing with Sensitive Information

While dealing or collecting personal information, reasonable security practices and procedures must be followed by all businesses, websites and eCommerce businesses. Sensitive personal information relates to information that identifies an individual. Sensitive personal information includes:

  • Passwords
  • Financial information such as bank account credit card, or debit card information
  • Physical, physiological and mental health condition information
  • Sexual orientation
  • Medical records and history
  • Biometric information

Sensitive personal data only deals with information of individuals and not the information of entities.

Also, the business can collect sensitive personal information only if it obtains the prior consent of the provider of the information. The business must also provide an option for the user to not provide sensitive information. In such a case, the business has the right to cease providing goods and services for which the information is sought.

Website Privacy Policy

As per the Information Technology Act, all businesses require to have a privacy policy that is published on their website. The privacy policy must describe the information collected, the purpose of use of the information, to whom and how to disclose the information and reasonable security practices followed to safeguard such information. Create a free website privacy policy or download a format on

In addition to a website privacy policy, most websites also have terms and conditions. The Website Terms & Conditions is a legal document that details the terms and conditions that the user must abide by while using the website. The website terms and conditions agreement details the license of the copyright in the website and includes a disclaimer of liability, an acceptable use clause, a variation clause, a clause specifying the applicable law and jurisdiction and other legal information. Create free website terms and conditions or download a format on

Grievance Officer

The Information Technology Act also requires the appointment of a Grievance Officer whose name and contacts are published on the website. The Grievance Officer requires to act on any compliance within 30 days relating to the privacy policy or user information collection. The following is a clause from a Privacy Policy, mentioning the Grievance Officer details:

In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are as below:

Address Line 1
Address Line 2
City, State, PIN

If you have any questions about this Policy or other privacy concerns, you can also email us at [email protected]