Question

Which among the following is NOT a 'sensitive personal data or information' as per Information Technology rules, 2011?

• A. Password
• B. Sexual Orientation
• C. Blood Test Reports
• D. None of these

Hint:

The category of "Sensitive Personal Data or Information" (SPDI) under Indian law requires a higher degree of protection than other personal data. The list is specific and includes passwords, financial data, health data, sexual orientation, and biometrics.

Answer 1

The Correct Option is D

Step 1: Understanding the Question
The question asks which of the given items is not considered "sensitive personal data or information" (SPDI) under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Step 2: Analyzing the Definition of SPDI
Rule 3 of the IT Rules, 2011 provides a specific, exhaustive list of what constitutes SPDI. This list includes:

Passwords;
Financial information such as Bank account or credit card or debit card or other payment instrument details;
Physical, physiological and mental health condition;
Sexual orientation;
Medical records and history (which would include Blood Test Reports);
Biometric information;
Any information that is freely available or accessible in the public domain is not considered SPDI.

Step 3: Evaluating the Options


(A) Password: This is explicitly mentioned in the list of SPDI.
(B) Sexual Orientation: This is also explicitly mentioned in the list.
(C) Blood Test Reports: This would fall under "Medical records and history," which is part of the SPDI definition.
(D) None of these: Since all three options (A, B, and C) are types of SPDI, the correct answer is that none of the listed items are outside the definition.

Step 4: Final Answer
All the given options (Password, Sexual Orientation, Blood Test Reports) are considered 'sensitive personal data or information'. Therefore, the correct answer is "None of these". Option (D).