Currently, there are a variety of laws in India which contain provisions dealing with the processing of data, which includes personal data as well as sensitive personal data. These laws include but are not limited to the following: Financial Sector Banking Regulation Act, 1949 Credit Information Companies (Regulation) Act, 2005 Credit Information Companies Regulation, 2006 The Insolvency and Bankruptcy Code, 2016 and the regulations framed thereunder such as the Insolvency and Bankruptcy Board of India (Information Utilities) Regulations, 2017 Payment and Settlement Systems Act, 2007 Reserve Bank of India Act, 1934 as well as the circulars/directions/notifications issued by the RBI from time to time including but not limited to Master Direction on Know Your Customer (KYC), 2016 Master Circular on Credit Card, Debit Card and Rupee Denominated Co-branded Prepaid Card Operations of Banks and Credit Card issuing NBFCs Master Circular on Customer Service in Banks, 2015 Master Circular on Policy Guidelines on Issuance and Operation of Pre - paid Payment Instruments in India The Security and Exchange Board of India Act, 1992 as well as the regulations made thereunder including but not limited to SEBI (Stock-Brokers and Sub - Brokers) Regulations, 1992 SEBI KYC (Know Your Client) Registration Agency Regulations, 2011 SEBI (Investment Advisers) Regulations, 2013 Securities Contract (Regulation) Rules, 1957 Insurance Act, 1938 as well as regulations issued thereunder by the Insurance Regulatory and Development Authority of India (IRDAI) including but not limited to Insurance Regulatory and Development Authority of India (Sharing Of Database for Distribution of Insurance Products) Regulations, 2010 Circular on Submission of Insurance Data of IRDAI to Insurance Information Bureau of India (IIB) Guidelines on Information and Cyber Security for Insurers. Health Sector The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 Pre-Conception and Pre-Natal Diagnostic Techniques (Prohibition of Sex Selection) Act, 1994 The Mental Health Act, 1987 Information Technology and Telecommunications Sector Digital Personal Data Protection Act, 2023 The Indian Telegraph Act, 1885 The Telecom Regulatory Authority of India Act, 1997 The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 Information Technology Act, 2000, including, but not limited to the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 Information Technology (Intermediaries Guidelines) Rules, 2011 Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 Miscellaneous Digital Media Guidelines and Policies The Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 including Regulations made under the Act including but not limited to Aadhaar (Data Security) Regulations, 2016, Aadhaar (Sharing of Information) Regulations, 2016. Census Act, 1948 Collection of Statistics Act, 2008 Consumer Protection Act, 1986 Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act, 1995 Right of Children to Free and Compulsory Education Act, 2009 Right to Information Act, 2005 Source : MeitY - White Paper on Data Protection framework for India