[Yearbook] Information and Technology Act: Salient Features and Provisions

Yearbook18 Comments

Ad Online Taiyari
  1. Introduction
  2. Timeline of Events
  3. Why was IT Act 2000 amended in 2008?
  4. Data privacy
  5. Definitions
  6. What is the punishment for cyber crimes?
  7. Who can conduct RAIDS AND INVESTIGATION for Cybercrimes?
  8. About the Author

This is a guest article written by Mr.Krapesh Bhatt, an IT Security professional from Surat.

Introduction

Dear All, Firstly, I would like to thank Mrunal for providing me with the opportunity to write and come up with the article which provides information on our IT ACT.

  • I am motivated to write this article relating to Our Information Technology Act and its related amendments so as to spread the awareness of the Act.
  • I have tried to make the IT Act’s major sections which come in our daily lives simpler to understand. As India is one of few countries in the world which enacted the law specially to curb cyber crime – a positive approach in this direction.
  • The countries which have their own cyber laws are U.S, U.K, Japan, European Union, Australia, Germany, Singapore, Belgium, Brazil, Canada, Italy, and France. India has too joined the club and framed laws to curb cyber crime.

Timeline of Events

  1. The ministry of commerce, Govt. of India drafted the guidelines as “Ecommerce Act 1998”, since the ministry of Information Technology was absent at that time.
  2. Later on coming to existence, this was re-drafted as “Information Technology bill 1999”
  3. This draft was placed in the parliament in Dec 1999 and passed in May 2000.
  4. After the Assent of president, the bill finally came to effect from 17th Oct 2000. This came to be known as “IT ACT 2000”
  5. It was amended in 2008.

Why was IT Act 2000 amended in 2008?

  1. The main intent to pass the 2000’s Act was to provide legal recognitions to transactions carried out by means of electronic data interchange and other means of electronic communications, commonly known as electronic commerce, which involved the use of alternatives to paper based methods of communication and storage of information and to facilitate the filing of documents of government agencies.
  2. But Cyber crime was not looked upon in this act. Even after passing the Act, there was still need to address the specific cyber crimes that were taking place along with the technological advancement.
  3. Since the Booming growth of BPO industry and increasing dependence on computers and networks, the incidents of leaking of private data from the BPO’s, Banks, Healthcare sectors, telecommunication industry gave rise to provide for a strict legislation to protect the data privacy of all the customers and corporations.
  4.  Also, the crimes related to privacy breach were rising but as there was no legal framework, specific to the incidents, the IT ACT 2000 seemed ineffective.
  5. With the developing demands, the amendments in the IT ACT 2000 were made and IT ACT 2008(amendment) was passed finally on 23rd December 2008.

Data privacy

As Data privacy remains prime importance to the topic of discussion, I will discuss the section related to Section 43A of the amended Act which covers all the sectors of Indian economy. Section 43A was inserted After Section 43 of the parent Act.
As per the stated Act, in Section 43A of the amended act, stats as follows:

“43A. Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

Definitions

Body CorporateMeans any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;
reasonable security practices and proceduresMeans security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment.
sensitive personal data or informationIt means

  1. Password;
  2. Financial information such as Bank account or credit card or debit card or other payment instrument details;
  3. Physical, physiological and mental health condition;
  4. Sexual orientation;
  5. Medical records and history;
  6. Biometric information;
  7. any detail relating to the above clauses as provided to body corporate for providing service; and
  8. Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.

 (SOURCE: IT ACT 2008 Amendment, Sec 43A)

What are the responsibilities of a company handling personal data?

Now, we try to understand the procedures and practices needed to safeguard the sensitive personal data from being stolen, modified without consent of owner, misused or sold in underground markets.
let’s make it simple to understand this rule. Say for eg.

  1. We have a bank, and as we all know, it deals with sensitive personal data of its customers in its computer networks/servers. Our names, account numbers, passwords, Date of birth, Sex, credit/Debit card details, etc.
  2. Therefore, to make sure the bank complies with Mandate of IT ACT, it needs to either get certify with ISO 27001 (world renowned standard for data protection) or it may develop its own security manual which describes full indepth details of its IT assets, the Life cycle of assets, the physical security measures(viz. CCTVs, Locks, vaults, fire prevention/detection, temperature controls in server rooms, security guard details and so on).
  3. It should also have a detailed Business Continuity plan (In case of any natural/manmade calamity the organization must have a detailed backup process so as to continue its business),
  4. Other applicable procedures of separation of duties of key personals, background checks of employees before employing, etc.
  5. Not only Banks, but the BPOs/KPOs, hospitals, and various other businesses which deals with sensitive personal data, need to comply with this act.

What is the punishment for cyber crimes?

SECTION OF THE ACTOFFENCEPENALTY
Section 65Tampering with computer source documents.Imprisonment up to 3 years or a fine of 2 lakh rupees, or both.
Section 66Hacking & Breach of confidentiality of personal information as per sec.43 & 43AImprisonment up to 3 years or a fine up to 5 lakh rupees or both.
(For Hacking, fine is 2 lakh rupees, imprisonment is 3 years)
Section 66ASending offensive messages through communication service, etc.Imprisonment of 3 years & fine.
Section 66BDishonestly receiving stolen resource or communication device.Imprisonment of 3 years & fine.
Section 66C & DIdentity theftImprisonment up to 3 years & fine up to 1 lakh rupees.
Section 66EViolation of personal PrivacyImprisonment up to 3 years or fine not exceeding 2 lakh rupees or with both.
Section 66FCyber terrorismImprisonment for life.
Section 67, 67A & BPublishing or transmitting obscene material in electronic form./pornography/child pornographyImprisonment term up to 5/7 years and fine up to 10 lakh rupees.
Section 67CFailure to preserve and retain information by intermediariesImprisonment for 3 years and fine.

Who can conduct RAIDS AND INVESTIGATION for Cybercrimes?

  • As per the act, previously, a police officer not less than a rank of DySP can investigate or conduct a raid at a public place without a warrant, but as per the amendment, the rank of Police Inspector can investigate the offences and conduct raids. (Section 78-amended)
  • Also, As per the provisions in the act, and according to section 46(amended), adjudicating officer shall exercise jurisdiction to adjudicate matters in which claim for injury or damage does not exceed 5 crore. If this claim exceeds above 5 crore, then the matter is looked upon by the competent court.

NOTE:

This article is made to provide firsthand information to the readers regarding Information technology act, and spread awareness for IT ACT among masses. In case more detailed information is needed, then it is recommended to refer the gazette published by the ministry of information technology.
Website: http://www.mit.gov.in/

ABOUT THE AUTHOR OF ARTICLE:

This article is prepared by EVOLUTION INFO SECURE SERVICES; we are Cyber Security Company which offers techno-legal consulting in the line of IT ACT. More information about the company can be found at our website: www.evolutioninfosecure.in
you can contact us at

  1. email: [email protected]
  2. twitter: @EVOLUTIONSEC

Readers can post their feedback, comments, compliments, suggestions, doubts on the email address given. I will be more than happy to respond to them, as I firmly believe that knowledge increases by sharing rather than keeping stagnant in minds.

Mrunal recommends

  1. (free) NCERT, NIOS, TN-Books
  2. Environment by ShankarIAS
  3. Indian Polity M.Laxmikanth (Hindi | English)
  4. Art & Culture by Nitin Singhania (Hindi | English)
  5. Spectrum: Modern History (Hindi | English)
  6. Bipin Chandra: Post Independence
  7. Fast-track to Arithmetic Rajesh Verma
  8. MK Pandey’s Analytical Reasoning
  9. Disha’s Topicwise Paperset (Hindi | English)
  10. School Atlas
  11. Mains: Language papers
  1. (free) NCERT, NIOS, TN-Books 4 History,Geo,Sci
  2. Indian Polity M.Laxmikanth (Hindi | English)
  3. Spectrum: Modern History (Hindi | English)
  4. Maths: Quantam CAT Sarvesh Kumar
  5. Objective General English SP Bakshi
  6. Word Power made Easy -Norman Lowe
  7. Topic wise Solved Paperset by Disha


So far 18 Comments posted

  1. mayur

    please give the study plan for gujrati literature
    for upsc it is very useful to us.

  2. shashwat

    hi mrunal. i have asked you already. have you compiled previous years PRELIMS gs papers. please say yes or no. i will look all 80 pages myself. please reply

  3. asheesh

    framework is very good. very useful for ias mains. such question often asked. i want advice to mrunal, please provide modal ans writing, pointwise…. thanks.

  4. princeaniket

    I have been following this blog for 10-12 days and found it very useful. The way Mrunal awakes us by his eye opening alarming articles about the level of preparation is quite interesting. Hats off to you dear.
    I have to inform/ask you.. today I used the PRINT button and took the printout. It was not ok. right hand portion of the article were missing (cut) by some 2-3 words. i just want to ask whether its the case for me or others too.
    Thank you and keep updating the post.

  5. sameer

    thank you both Mr Bhatt & Mrunal for such good explanation

  6. Nima

    Hi Mrunal,

    Just want to request u to place all these yearbuk articles in the yearbuk stuff drop down box so that it will be easier for us to search and study quickly..

  7. god

    hello Nilam,

    My mother in law, who is also an IAS named Nilam also gave it with economics as her primary optional back in the 70s(? i think), i’ll ask her the best way and let you know.

  8. nilam

    i have economics a an optional for mains. any suggestions for better prep for paper 2

  9. Nilam

    Oh thanks a lot.. Awaiting for suggestions

  10. vipul

    it is nice article, i am not concerned to this field but it is really helpful to other…

  11. vipul

    it is nice article, i am not concerned to this field but it would be really helpful to other…

  12. Sandeep Kumar

    Nice article Mrunal. Government recently came out with national cyber security policy. I am finding it bit difficult to understand. Can you please elaborate?

  13. jany

    Hi all,
    My internet comments is manufacture merchandise and provider just in case of we would like my merchandise click here…

    DTH Button Bits Exporters

Write your message!