DTCC_Hackathon/knowledgeBase.json at main · ASahithi2005/DTCC_Hackathon · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
[
  {
    "country": "IN",
    "law": "IT Act (Section 43A)",
    "clause": {
      "id": "IN-IT-43A-SecurityPractices",
      "text": "Implement reasonable security practices and procedures aligned with the sensitivity of data handled.",
      "category": "mandatory",
      "penalties": [
        {
          "type": "financial",
          "severity": "high",
          "details": "Compensation for negligence resulting in data breach."
        }
      ],
      "evidence_required": [
        "Security policy documents",
        "Access control logs",
        "Encryption protocols"
      ],
      "applicable_ngo_types": ["Trust", "Society", "All"],
      "applicable_regions": ["All"]
    }
  },
  {
    "country": "IN",
    "law": "IT Act (Section 43A)",
    "clause": {
      "id": "IN-IT-43A-ConsentCollection",
      "text": "User consent must be obtained before collecting or using personal or sensitive data.",
      "category": "mandatory",
      "penalties": [
        {
          "type": "legal",
          "severity": "medium",
          "details": "Violation can result in compensation claims from users."
        }
      ],
      "evidence_required": [
        "Consent forms",
        "Privacy Policy acknowledgment logs"
      ],
      "applicable_ngo_types": ["Section 8 Company", "Trust"],
      "applicable_regions": ["Maharashtra", "Karnataka"]
    }
  },
  {
    "country": "IN",
    "law": "IT Act (Section 72A)",
    "clause": {
      "id": "IN-IT-72A-DisclosureRestrictions",
      "text": "Disclosure of personal information without consent is prohibited except under legal obligation.",
      "category": "mandatory",
      "penalties": [
        {
          "type": "criminal",
          "severity": "high",
          "details": "Imprisonment up to 3 years or fine up to ₹5,00,000, or both."
        }
      ],
      "evidence_required": [
        "Disclosure logs",
        "Legal notice records"
      ],
      "applicable_ngo_types": ["All"],
      "applicable_regions": ["Telangana", "Maharashtra"]
    }
  },
  {
    "country": "IN",
    "law": "IT Rules (Reasonable Security Practices & Procedures), 2011",
    "clause": {
      "id": "IN-ITR-2011-ErasureRight",
      "text": "Users have the right to request deletion of their personal information from the platform.",
      "category": "user_right",
      "penalties": [
        {
          "type": "regulatory",
          "severity": "low",
          "details": "Non-compliance may lead to user complaints to data protection authorities."
        }
      ],
      "evidence_required": [
        "Erasure request logs",
        "Audit trails of deletion actions"
      ],
      "applicable_ngo_types": ["Society"],
      "applicable_regions": ["All"]
    }
  },
  {
    "country": "IN",
    "law": "IT Rules (Cookies & Tracking)",
    "clause": {
      "id": "IN-ITR-2011-CookiesNotice",
      "text": "Users must be notified of cookies usage and allowed to opt-out.",
      "category": "advisory",
      "penalties": [
        {
          "type": "reputational",
          "severity": "low",
          "details": "Potential user complaints or loss of trust."
        }
      ],
      "evidence_required": [
        "Cookie policy notice",
        "Opt-out logs"
      ],
      "applicable_ngo_types": ["All"],
      "applicable_regions": ["All"]
    }
  },
  {
    "country": "EU",
    "law": "GDPR Article 6",
    "clause": {
      "id": "EU-GDPR-LawfulProcessing",
      "text": "Personal data must be processed lawfully, fairly and transparently.",
      "category": "mandatory",
      "penalties": [
        {
          "type": "financial",
          "severity": "high",
          "details": "Fines up to €20 million or 4% of global turnover."
        }
      ],
      "evidence_required": [
        "Privacy policies",
        "Processing activity logs"
      ],
      "applicable_ngo_types": ["All"],
      "applicable_regions": ["All"]
    }
  },
  {
    "country": "EU",
    "law": "GDPR Article 17",
    "clause": {
      "id": "EU-GDPR-ErasureRequest",
      "text": "Data subjects have the right to request erasure of their personal data.",
      "category": "user_right",
      "penalties": [
        {
          "type": "regulatory",
          "severity": "medium",
          "details": "Complaints to EU data protection authorities."
        }
      ],
      "evidence_required": [
        "Deletion logs",
        "User request records"
      ],
      "applicable_ngo_types": ["Trust", "Section 8 Company"],
      "applicable_regions": ["Germany", "France", "All"]
    }
  }
]