What specific challenges or concerns does blockchain present from a cybersecurity perspective?
India has no dedicated cybersecurity law. The IT Act, read with the rules and regulations framed thereunder, deals with cybersecurity and the cybercrimes associated therewith. As discussed in question 1.3, the ‘body corporate’ that handles sensitive personal data or information (SPDI) must implement “reasonable security practices and procedures” by maintaining a comprehensive documented information security programme. This programme should include managerial, technical, operational and physical security control measures that are commensurate with the nature of information being protected. In this context, the SPDI Rules recognise the International Standard IS/ ISO/ IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements” as one such approved security standard that can be implemented by a body corporate for the protection of personal information.