Information Technology (Certifying Authorities) Rules, 2000
34. Access to Confidential Information.-
(1) Access to confidential information by Certifying Authority’s operational staff shall be on a "need-to-know" and "need-to-use" basis.
(2) Paper based records, documentation and backup data containing all confidential information as prescribed in rule 33 shall be kept in secure and locked container or filing system, separately from all other records.
(3) The confidential information shall not be taken out of the country except in a case where a properly constitutional warrant or other legally enforceable document is produced to the Controller and he permits to do so.