IT ACT AMENDMENTS 2008- WHAT THEY ENTAIL FOR CORPORATE INDIA?
IT ACT AMENDMENTS
2008-
WHAT THEY ENTAIL
FOR CORPORATE
INDIA?
A PRESENTATION BY
PAVAN DUGGAL,
CHAIRMAN,
ASSOCHAM CYBERLAW
COMMITTEE
ADVOCATE,
SUPREME COURT OF INDIA
HEAD, PAVAN DUGGAL
ASSOCIATES
22ND JANUARY, 2009
�SCAM EMAIL CIRCULATED
�EXTREMELY DEFAMATORY AND
DEROGATORY STATEMENTS
�EMAILS TRACED
�DELHI HIGH COURT RESTRAINT
ORDER
CYBER LAW IN INDIA
�� In India the Information Technology Act,
2000 is the Mother Legislation that deals
with issues related to use of computers,
computer systems , computer networks and
the Internet.
CYBER LAW IN INDIA
�� Information Technology Amendment Bill, 2006
� Referred to Parliamentary Standing Committee on
IT
� Standing Committee Report- 2007
� Information Technology Amendment Bill, 2006
IT ACT AMENDMENTS
� INFORMATION TECHNOLOGY
AMENDMENT ACT, 2008
�PASSED BY BOTH THE HOUSES OF
PARLIAMENT IN END DECEMBER,
2008
�HISTORY REPEATS ITSELF.- 2000 /2008
COMPLIMENTS
�GOVERNMENT OF INDIA AND PARLIAMENTARY STANDING COMMITTEE ON IT NEEDS TO BE COMPLIMENTED FOR ALL THEIR HARD WORK IN MAKING THE NEW AMENDMENTS A REALITY
�LOT OF MAJOR SIGNIFICANT ADVANCES MADE BY THE NEW AMENDMENTS
TECHNOLOGY NEUTRAL LAW
� Amendments have made the Information
Technology Act, 2000 as a technology neutral
legislation
�� instead of, digital signatures, the law has come up instead of, digital signatures, the law has come up
with a more broad generic concept of electronic with a more broad generic concept of electronic
signatures signatures
�� paved the way for removing the implementation of paved the way for removing the implementation of
the IT Act by removing certain undesirable the IT Act by removing certain undesirable
wordings in some sections wordings in some sections
CYBER TERRORISM
�� for the first time, defined the concept of cyber for the first time, defined the concept of cyber
terrorism and has made it a heinous crime. terrorism and has made it a heinous crime.
�� cyber terrorism as an offence that has been made cyber terrorism as an offence that has been made
punishable with life imprisonment and fine. punishable with life imprisonment and fine.
�� This move should do tremendous service to the This move should do tremendous service to the
cause of the Indian nation as also the sovereignty , cause of the Indian nation as also the sovereignty ,
integrity and security of India.integrity and security of India.
�� Highly commendable move after Mumbai 26/11/ Highly commendable move after Mumbai 26/11/
attacksattacks
NEW CYBERCRIMES ADDED
��provide far more exhaustive coverage of provide far more exhaustive coverage of cybercrimes in the law. cybercrimes in the law.
��Various new cybercrimes have been added Various new cybercrimes have been added like the activities defined in Section 43 of the like the activities defined in Section 43 of the IT Act, 2000. IT Act, 2000.
��The new amendments have added identity The new amendments have added identity theft and phishing as cybercrimes . theft and phishing as cybercrimes .
��have also covered breach of privacy, child have also covered breach of privacy, child pornography as specific offences. pornography as specific offences.
INTERCEPTION
��The new amendments have strengthened The new amendments have strengthened
the hands of the nation by increasing the the hands of the nation by increasing the
ambit of the powers of interception of the ambit of the powers of interception of the
Government, Government,
�� Interception, blocking and monitoring Interception, blocking and monitoring
powers have been more detailed and powers have been more detailed and
elaborately stated. elaborately stated.
IT ACT AMENDMENTS &
CORPORATES
�HUGE RAMIFICATIONS OF THE NEW
AMENDMENTS ON CORPORATE
INDIA
�LAW HAS BEGUN TO FLEX ITS
MUSCLES
�THE CLOCK IS SLOWLY CHURNING
SECTION 2
� (ha)“Communication Device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image;’;
� (J)“computer network” means the inter-connection of one or more computers or computer systems or communication device through
SECTION 2
� (i) the use of satellite, microwave, terrestrial
line, wire, wireless or other communication
media; and
� (ii) terminals or a complex consisting of two
or more inter-connected computers or
communication device whether or not the
inter-connection is continuously
maintained;’;
HACKING NO LONGER AN OFFENCE
�HACKING AS AN OFFENCE HAS BEEN DELETED FROM THE LAW BOOK.
�EXISTING SECTION 66 OF THE IT ACT, 2000
�THE SAID SECTION HAS BEEN SUBSTITUTED BY NEW LANGUAGE
�EXISTING LANGUAGE OF THE OFFENCE OF HACKING DOES NOT FIND MENTION IN THE CURRENT MANNER
YOUR FRIENDLY
CYBERCRIME LEGISLATION
AMENDMENTS SEEK TO MAKE INDIAN
CYBERLAW FRIENDLY CYBER CRIME
LEGISLATION:
- A LEGISLATION THAT GOES
EXTREMELY SOFT ON CYBER
CRIMINALS, WITH A SOFT HEART
CYBERCRIME FRIENDLY
�A LEGISLATION THAT CHOOSES TO
ENCOURAGE CYBER CRIMINALS BY
LESSENING THE QUANTUM OF
PUNISHMENT ACCORDED TO THEM
IN THE EXISTING LAWS
CYBERCRIMES BALIABLE
�DISTINCT ABSENCE OF LOGIC AND
RATIONALE IN REDUCING OF THE
QUANTUM OF PUNISHMENTS FOR
VARIOUS OFFENCES
�NOW CYBERCRIMES TO BE
INVESTIGATED NOT BY A DSP BUT BY
AN INSPECTOR
SECTION 6 ASECTION 6 A
�Delivery of Services by Service Provider
(Inserted vide ITAA-2008)
�The appropriate Government may, for the
purposes of this Chapter and for efficient
delivery of services to the public through
electronic means authorize, by order, any
service provider to set up, maintain and
upgrade the computerized facilities and
perform such other services as it may
specify, by notification in the Official
Gazette.
SECTION 6 A (Contd.)
�Explanation: For the purposes of this
section, service provider so authorized
includes any individual, private agency,
private company, partnership firm, sole
proprietor form or any such other body or
agency which has been granted
permission by the appropriate
Government to offer services through
electronic means in accordance with the
policy governing such service sector.
SECTION 6 A (Contd.)
�The appropriate Government may also
authorize any service provider authorized
under sub-section (1) to collect, retain and
appropriate service charges, as may be
prescribed by the appropriate Government
for the purpose of providing such services,
from the person availing such service.
SECTION 6 A (Contd.)
�Subject to the provisions of sub-section (2),
the appropriate Government may authorize
the service providers to collect, retain and
appropriate service charges under this
section notwithstanding the fact that there is
no express provision under the Act, rule,
regulation or notification under which the
service is provided to collect, retain and
appropriate e-service charges by the service
providers.
SECTION 6 A (Contd.)
�The appropriate Government shall, by
notification in the Official Gazette, specify
the scale of service charges which may be
charged and collected by the service
providers under this section: Provided that
the appropriate Government may specify
different scale of service charges for different
types of services.
SECTION 43 A
�Where a body corporate, possessing, dealing
or handling any sensitive personal data or
information in a computer resource which it
owns, controls or operates, is negligent in
implementing and maintaining reasonable
security practices and procedures and
thereby causes wrongful loss or wrongful
gain to any person, such body corporate
shall be liable to pay damages by way of
compensation, to the person so affected.
SECTION 43 A (contd.)
�Explanation: For the purposes of this
section
�"body corporate" means any company and
includes a firm, sole proprietorship or other
association of individuals engaged in
commercial or professional activities
SECTION 43 A (contd.)
� "reasonable security practices and procedures"
means security practices and procedures designed to
protect such information from unauthorised access,
damage, use, modification, disclosure or
impairment, as may be specified in an agreement
between the parties or as may be specified in any law
for the time being in force and in the absence of such
agreement or any law, such reasonable security
practices and procedures, as may be prescribed by
the Central Government in consultation with such
professional bodies or associations as it may deem
fit.
SECTION 43 A (contd.)
�"Sensitive personal data or information"
means such personal information as may be
prescribed by the Central Government in
consultation with such professional bodies
or associations as it may deem fit.
SECTION 79
�Exemption from liability of intermediary in
certain cases . Notwithstanding anything
contained in any law for the time being in
force but subject to the provisions of sub-
sections (2) and (3), an intermediary shall
not be liable for any third party information,
data, or communication link made hosted by
him.
SECTION 79 (contd.)
�The provisions of sub-section (1) shall apply
if-
� (a) the function of the intermediary is
limited to providing access to a
communication system over which
information made available by third
parties is transmitted or temporarily stored;
or
SECTION 79 (contd.)
� (b) the intermediary does not-
� (i) initiate the transmission,
� (ii) select the receiver of the transmission,
and
� (iii) select or modify the information
contained in the transmission
SECTION 79 (contd.)
� (c) The intermediary observes due diligence
while discharging his duties under this Act
and also observes such other guidelines as
the Central Government may prescribe in
this behalf
SECTION 79 (contd.)
�The provisions of sub-section (1) shall not
apply if- (a) the intermediary has conspired
or abetted or aided or induced whether by
threats or promise or otherwise in the
commission of the unlawful act.
SECTION 79 (contd.)
� (b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
SECTION 79 (contd.)
�Explanation:- For the purpose of this
section, the expression "third party
information" means any information dealt
with by an intermediary in his capacity as an
intermediary.
E-HAFTA AND CORPORATE INDIA
�INSPECTOR RAJ IN CYBERCRIME
SCENARIO
�CONCEPT OF E-HAFTA WILL TAKE
CONCRETE FEET
�CONCERNS OF CORPORATE INDIA
REGARDING THEIR CONFIDENTIAL
DATA AND INFORMATION NOT
ADDRESSED
NEED OF THE HOUR
�NEED TO PROTECT YOURSELF
�TRY TO ADOPT CYBER SECURITY
PRACTICES
�PREVENTION IS BETTER THAN CURE
�FOCUS ON PROACTIVE ACTION
NEW CHALLENGES
�SOCIAL NETWORKING
�P2P
�USER GENERATED CONTENT
�SPYWARE AND MALWARE
�E-DISCOVERY
INTERMEDIARIES & DUE DILIGENCE
�ALL COMPANIES COMING WITHIN THE DEFINITION OF INTERMEDIARIES NEED TO DO DUE DILIGENCE
�DUE DILIGENCE CRITICAL FOR LIMITATION OF LIABILITY
�DUE DILIGENCE NEEDS TO BE DOCUMENTED AND BE READILY AVAILABLE
PAVAN DUGGAL DUE DILIGENCE
PROGRAMME, 2009
�PAVAN DUGGAL DUE DILIGENCE PROGRAMME VERSION 2009
�CONDUCTED BY PAVAN DUGGAL ASSOCIATES, INDIA’S NICHE TECHNOLOGY LAW FIRM
�AN ASBOLUTE MUST FOR ALL INTERMEDIARIES AND COMPANIES
PAVAN DUGGAL DUE DILIGENCE
PROGRAMME, 2009
�EXHAUSTIVE DUE DILIGENCE DONE
FOR ALL STAKEHOLDERS
�NO REINEVENTION OF THE WHEEL
�PROACTIVE PROTECTION KEEING IN
THE MIND THE CUSTOMIZED
REQUIREMENTS OF THE RELEVANT
LEGAL ENTITY
PAVAN DUGGAL DUE DILIGENCE
PROGRAMME, 2009
��CRITICAL FOR COMPANIES AND CRITICAL FOR COMPANIES AND
THEIR TOP MANAGEMENT TO GET THEIR TOP MANAGEMENT TO GET
THE SAID DUE DILGENCE DONETHE SAID DUE DILGENCE DONE
��NEED TO LIMIT POTENTIAL LEGAL NEED TO LIMIT POTENTIAL LEGAL
EXPOSURE , BOTH CIVIL AND EXPOSURE , BOTH CIVIL AND
CRIMINAL, FOR THE COMPANIES CRIMINAL, FOR THE COMPANIES
AND THEIR TOP MANAGEMENTSAND THEIR TOP MANAGEMENTS
CYBERLAWS.NET SURVEY ON ECYBERLAWS.NET SURVEY ON E--
COMPLIANCECOMPLIANCE
�Generate awareness & orientation about the compliance requirements of Indian Cyber Law
Sensitize people about :
� The level of compliances of their respective organizations pertaining to Indian Cyber Law.
�Possibility of exposures to potential risks.
CYBERLAWS.NET SURVEY ON CYBERLAWS.NET SURVEY ON
EE--COMPLIANCECOMPLIANCE
CYBERLAWS.NET SURVEY ON CYBERLAWS.NET SURVEY ON
EE--COMPLIANCE ( contd)COMPLIANCE ( contd)
CYBERLAWS.NET SURVEY ON CYBERLAWS.NET SURVEY ON
EE--COMPLIANCE( contd)COMPLIANCE( contd)
To take the survey & know your present To take the survey & know your present
compliance situation visit the following web compliance situation visit the following web
address :address :
http://http://cyberlaws.net/ecompliancecyberlaws.net/ecompliance
IT Act Amendments, December 2008IT Act Amendments, December 2008
IT Act Amendments, 2008IT Act Amendments, 2008
For details visit:For details visit:
www.cyberlaws.net/itamendmentswww.cyberlaws.net/itamendments
OrOr
www.cyberlawindia.comwww.cyberlawindia.com
A PRESENTATION A PRESENTATION
BY BY
PAVAN DUGGAL,PAVAN DUGGAL,
ADVOCATE, SUPREME ADVOCATE, SUPREME
COURT OF INDIACOURT OF INDIA
PAVAN DUGGAL PAVAN DUGGAL
ASSOCIATESASSOCIATES
EMAIL : EMAIL : pduggal@[email protected]
[email protected]@gmail.com