INFORMATION SECURITY AND CUSTOMER DATA MANAGEMENT IN INDIA: THE ROLE OF LEGAL FRAMEWORKS

AUTHOR – THEJASVI CS* & DR.S. MARUTHAVIJAYAN**

* STUDENT OF TAMIL NADU DR. AMBEDKAR LAW UNIVERSITY, CHENNAI, TAMIL NADU

** ASSISTANT PROFESSOR OF TNDALU, CHENNAI, TAMIL NADU

BEST CITATION – THEJASVI CS & DR.S. MARUTHAVIJAYAN, INFORMATION SECURITY AND CUSTOMER DATA MANAGEMENT IN INDIA: THE ROLE OF LEGAL FRAMEWORKS, ILE MULTIDISCIPLINARY JOURNAL, 4 (1) OF 2025, PG. 1102-1108, APIS – 3920-0007 | ISSN – 2583-7230.

ABSTRACT:

Customer data management and protection have become essential to business operations, governance, and customer trust in the digital period. The quantity of personal data collected, processed, and stored by Indian businesses has expanded dramatically in tandem with the rapid growth of India’s digital and practical services. This growth has created significant concerns about data privacy and information security. The current study looks into the legal issues of information security in Indian enterprises, with a focus on how Indian data protection regulations affect consumer data processing. The study examines at the evolution and impact of various significant components of regulations, notably the Sensitive Personal Data or Information (SPDI) Rules, 2011, the Information Technology Act of 2000, and the newly established Digital Personal Data Protection Act (DPDP) of 2023. It examines the extent that these legal and regulatory structures impact or restrict Indian business’ data duties, especially in industries like information technology, banking, e-commerce, and healthcare. The research additionally assesses whether corporate governance, enforcement approaches, and regulatory compliance could enhance data for security policies. Small and medium-sized businesses often encounter difficulties with compliance because of difficulties with infrastructure, cost, or awareness, but many major corporations are adapting to the needs of the law. Customers are asking for more improved in privacy policies and transparency in company’s operations, data handling and security of common people. The research identifies inconsistencies between legislative intent and actual execution utilizing a mixed – methods approach that includes legal analysis, case studies and privacy or primary data collected through researches of organization and customers. Then it looks into customer’s knowledge and trust in legal safeguards for private data and information.

KEYPOINTS: Data Protection, Information Security, Digital Personal Data Protection Act (DPDP) 2023, Indian Businesses, Consumer Trust, Legal Framework.