The Bar Council of India does not permit advertisement or solicitation by advocates in any form or manner. By accessing this website, www.khaitanco.com, you acknowledge and confirm that you are seeking information relating to Khaitan & Co of your own accord and that there has been no form of solicitation, advertisement or inducement by Khaitan & Co or its members. The content of this website is for informational purposes only and should not be interpreted as soliciting or advertisement. No material/information provided on this website should be construed as legal advice. Khaitan & Co shall not be liable for consequences of any action taken by relying on the material/information provided on this website. The contents of this website are the intellectual property of Khaitan & Co.

Please accept the above


See all results for ""




On 11 March 2020, the World Health Organisation declared the Covid-19 outbreak as a pandemic, thereby calling for more urgent and aggressive action to stifle its spreading. Employers are taking a wide range of actions to deal with this extraordinary situation. However, even now, it is of the utmost importance that employers be mindful of protecting the privacy of data of their employees and business contacts in order to mitigate risk and ensure the smooth continuity of business in such a challenging time.

Brief overview of present day law

The Information Technology Act 2000 (IT Act) read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Sensitive Personal Data Rules) are the principal legislations governing the collection and processing of personal information and sensitive personal data or information (Sensitive Personal Data) on a sector neutral basis. Sensitive Personal Data may be collected by a body corporate by complying with the provisions of the Sensitive Personal Data Rules including obtaining consent.

Privacy concerns for employers for Covid-19 preventive practices

·       Temperature recording and physical screening: The Sensitive Personal Data Rules designates among others, “physical, physiological and mental health condition” as Sensitive Personal Data. Any information pertaining to the physical condition of an employee including body temperature will be considered as Sensitive Personal Data and all obligations under the Sensitive Personal Data Rules are required to be complied with.  

·       Self declaration of medical condition by employees: The Sensitive Personal Data Rules designates “medical records and history” as Sensitive Personal Data. Therefore, any such information as collected by employers through self declaration forms or otherwise is also required to be in compliance with the Sensitive Personal Data Rules. 

·    Collecting travel history and related information from visitors and business contacts: Information related to travel history collected from visitors and business contacts may in aggregate constitute personal information (but not Sensitive Personal Data). Under the IT Act, any personal information (not containing Sensitive Personal Data) which is collected while providing services under lawful contract, is not permitted to be disclosed except as agreed under such contract or if consent for the same has been obtained.

Some questions to consider


·     Does your organization’s HR policy cover situations under which Sensitive Personal Data can be collected and has consent been obtained for the same?

·    Does your organization follow any policy/protocol for collection and storage of personal information/ Sensitive Personal Data?

 ·     Does your organization deploy any technical standards for protection of personal information/ Sensitive Personal       Data collected by the organization?

 ·   Does your organization have a dedicated team dealing with the measures being taken to tackle the Covid-19 outbreak?       


While the current situation is alarming and poses a risk to doing business, it is important to maintain compliance with data protection laws. This will ensure that the business reputation of an organization remains unaffected even in the most trying of circumstances. 

- Supratim Chakraborty (Partner), Sumantra Bose (Senior Associate) and Vivekanand Bhardwaj (Associate)

We have updated our Privacy Policy, which provides details of how we process your personal data and apply security measures. We will continue to communicate with you based on the information available with us. You may choose to unsubscribe from our communications at any time by clicking here.

For private circulation only

The contents of this email are for informational purposes only and for the reader’s personal non-commercial use. The views expressed are not the professional views of Khaitan & Co and do not constitute legal advice. The contents are intended, but not guaranteed, to be correct, complete, or up to date. Khaitan & Co disclaims all liability to any person for any loss or damage caused by errors or omissions, whether arising from negligence, accident or any other cause.

© 2021 Khaitan & Co. All rights reserved.


One Indiabulls Centre
13th Floor, Tower 1
841 Senapati Bapat Marg
Mumbai 400 013 India

T: +91 22 6636 5000

E: mumbai@khaitanco.com

New Delhi

Ashoka Estate, 12th Floor
24 Barakhamba Road
New Delhi 110 001 India

T: +91 11 4151 5454

E: delhi@khaitanco.com


Simal, 2nd Floor
7/1 Ulsoor Road
Bengaluru 560 042 India

T: +91 80 4339 7000

E: bengaluru@khaitanco.com


Emerald House
1B Old Post Office Street
Kolkata 700 001 India

T: +91 22 6636 5000

E: kolkata@khaitanco.com