The Ministry of Electronics and IT (MeitY) has issued guidelines for the setting up of IT infrastructure by government departments using cloud computing technology. The new guidelines come with a specific clause stating the service provider has to store data within the country. The guidelines note that since data could be located in one or more discrete sites in foreign countries, the conditions for data location has to be mentioned in the agreement with the service provider.
“The location of the data could be located in one or more discrete sites in foreign countries. Therefore it has to be specifically mentioned in the agreement. The terms and conditions of the Empanelment of the Cloud Service Provider has taken care of this requirement by stating that all services including data will be guaranteed to reside in India,” the guidelines state.
The guidelines also state that if the data being stored is very sensitive, departments may include a clause to make sure that the data is encrypted. Further, if any law enforcement agency wishes to gain access to data, the onus shall be on the service provider to perform all due diligence before releasing the information.