(1) In these rules, unless the context otherwise requires,–
(a) “Act” means the Information Technology Act, 2000 (21 of 2000);
(b) “Biometrics” means the technologies that measure and analyse human body characteristics, such as ‘fingerprints’, ‘eye retinas and irises’, ‘voice patterns’, “facial patterns’, ‘hand measurements’ and ‘DNA’ for authentication purposes;
(c) “Body corporate” means the body corporate as defined in clause (i) of explanation to section 43A of the Act;
(d) “Cyber incidents” means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation;
(e) “Data” means data as defined in clause (o) of sub-section (1) of section 2 of the Act;
(f) “Information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;
(g) “Intermediary” means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(h) “Password” means a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information;
(i) “Personal information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
(2) All other words and expressions used and not defined in these rules but defined in the Act shall have the meanings respectively assigned to them in the Act.