Data Protection
Legal Language,
Data Protection & Confidentiality Policy:
This Data Protection & Confidentiality Policy (“Policy”) sets out the principles and procedures followed by Nyayasetu to ensure the protection, confidentiality, integrity, and lawful processing of personal and sensitive data belonging to clients, employees, interns, and third parties. The Firm is committed to maintaining the highest standards of professional secrecy, ethical responsibility, and statutory compliance.
This Policy outlines the commitment of Nyayasetu to uphold the principles of data protection and confidentiality in all its operations.
2. Legal Framework
This Policy is framed in accordance with:
- The Digital Personal Data Protection Act, 2023
- The Information Technology Act, 2000 and allied rules
- Professional conduct rules prescribed by the Bar Council of India
3. Scope of Application
This Policy applies to:
- All clients of the Firm
- Junior advocates, associates, interns, clerks, and support staff
- Consultants and third-party service providers
4. Nature of Data Collected
In the course of legal practice, particularly criminal litigation and advisory matters, the Firm may collect and process:
- Identity documents (Aadhar, PAN, Passport, etc.)
- FIRs, charge sheets, bail applications
- Medical reports and forensic records
- Financial and banking information
- Call records, electronic communications, WhatsApp chats
- Case strategy notes and legal opinions
- Court filings and evidence records
- Documents related to client's profession
- Other miscellaneous documents
Such information may constitute Personal Data and/or Sensitive Personal Data under applicable laws.
5. Principles of Data Protection
Nyayasetu adheres to the following principles:
• Lawful Purpose
Data shall be collected only for legitimate legal purposes directly connected with representation and legal advisory services.
• Data Minimisation
Only necessary information required for case handling shall be collected.
• Confidentiality
All client communications and records shall remain strictly confidential unless disclosure is:
- Required by law, or
- Expressly authorised by the client.
• Accuracy
Reasonable steps shall be taken to ensure data accuracy and relevance.
• Storage Limitation
Data shall not be retained longer than necessary for professional or statutory purposes.
6. Security Measures
• Physical Security
- Files stored in locked cabinets
- Restricted access to office records
- Secure disposal through shredding of old documents
• Digital Security
- Password-protected devices
- Encrypted storage where feasible
- Two-factor authentication for email accounts
- Restricted file-sharing access
- Regular software updates and antivirus protection
• Access Control
Only authorised personnel directly involved in a matter shall have access to related data.
7. Data Retention Policy
- Active case files shall be retained during the pendency of proceedings.
- Closed matters may be retained for a reasonable period (typically 5–7 years) unless longer retention is required by law or professional necessity.
- Data no longer required shall be securely destroyed.
8. Data Sharing & Disclosure
Client's data shall not be shared except:
- With courts, quasi-judicial authorities, investigating agencies, or statutory authorities where legally required.
- With opposing counsel during legal proceedings.
- With third-party experts (forensic auditors, medical experts, etc.) where necessary for case handling.
- With client's prior knowledge or consent where required.
9. Data Breach Protocol
In the event of:
- Theft or loss of device
- Unauthorised access
- Hacking or cyber intrusion
- Accidental disclosure
Nyayasetu shall:
1. Immediately assess the nature and extent of the breach
2. Take remedial measures to contain damage
3. Notify affected parties where legally required
4. Comply with reporting obligations under applicable law
10. Obligations of Staff & Interns
All juniors, interns, and staff must:
- Sign a Confidentiality Undertaking
- Not copy, remove, or circulate client documents
- Not discuss client matters outside professional context
- Return all documents upon termination of association
- Violation may result in termination and legal action.
11. Client Rights
Clients may:
- Request information regarding data held about them
- Seek correction of inaccurate information
- Request deletion where legally permissible
12. Policy Review
This Policy may be revised periodically to ensure compliance with evolving legal requirements and technological standards.
13. Declaration
Nyayasetu affirms its unwavering commitment to maintaining strict confidentiality and safeguarding all personal and sensitive information entrusted to it in the course of legal practice.