IT ACT AMENDMENTS

2008-
WHAT THEY ENTAIL
FOR CORPORATE
INDIA?
 A PRESENTATION
BY
PAVAN DUGGAL,
CHAIRMAN,
ASSOCHAM CYBERLAW
COMMITTEE
ADVOCATE,
SUPREME COURT OF INDIA
HEAD, PAVAN DUGGAL
ASSOCIATES
 22ND JANUARY, 2009

SCAM EMAIL CIRCULATED

EXTREMELY DEFAMATORY AND
DEROGATORY STATEMENTS

EMAILS TRACED

DELHI HIGH COURT RESTRAINT
ORDER
 CYBER LAW IN INDIA

In India the Information Technology Act,

2000 is the Mother Legislation that deals

with issues related to use of computers,

computer systems , computer networks and

the Internet.
 CYBER LAW IN INDIA

Information Technology Amendment Bill, 2006

Referred to Parliamentary Standing Committee on

IT

Standing Committee Report- 2007

Information Technology Amendment Bill, 2006

 IT ACT AMENDMENTS

INFORMATION TECHNOLOGY
AMENDMENT ACT, 2008

PASSED BY BOTH THE HOUSES OF
PARLIAMENT IN END DECEMBER,
2008

HISTORY REPEATS ITSELF.- 2000 /2008
 COMPLIMENTS

GOVERNMENT OF INDIA AND

PARLIAMENTARY STANDING
COMMITTEE ON IT NEEDS TO BE
COMPLIMENTED FOR ALL THEIR
HARD WORK IN MAKING THE NEW
AMENDMENTS A REALITY

LOT OF MAJOR SIGNIFICANT
ADVANCES MADE BY THE NEW
AMENDMENTS
 TECHNOLOGY NEUTRAL LAW

Amendments have made the Information

Technology Act, 2000 as a technology neutral
legislation

instead of, digital signatures, the law has come up
with a more broad generic concept of electronic
signatures

paved the way for removing the implementation of
the IT Act by removing certain undesirable
wordings in some sections
 CYBER TERRORISM

for the first time, defined the concept of cyber

terrorism and has made it a heinous crime.

cyber terrorism as an offence that has been made
punishable with life imprisonment and fine.

This move should do tremendous service to the
cause of the Indian nation as also the sovereignty ,
integrity and security of India.

Highly commendable move after Mumbai 26/11/
attacks
 NEW CYBERCRIMES ADDED

provide far more exhaustive coverage of

cybercrimes in the law.

Various new cybercrimes have been added
like the activities defined in Section 43 of the
IT Act, 2000.

The new amendments have added identity
theft and phishing as cybercrimes .

have also covered breach of privacy, child
pornography as specific offences.
 INTERCEPTION

The new amendments have strengthened

the hands of the nation by increasing the
ambit of the powers of interception of the
Government,

Interception, blocking and monitoring
powers have been more detailed and
elaborately stated.
 IT ACT AMENDMENTS &
CORPORATES

HUGE RAMIFICATIONS OF THE NEW

AMENDMENTS ON CORPORATE
INDIA

LAW HAS BEGUN TO FLEX ITS
MUSCLES

THE CLOCK IS SLOWLY CHURNING
 SECTION 2

(ha)“Communication Device” means cell

phones, personal digital assistance or
combination of both or any other device
used to communicate, send or transmit any
text, video, audio or image;’;

(J)“computer network” means the inter-
connection of one or more computers or
computer systems or communication device
through
 SECTION 2

(i) the use of satellite, microwave, terrestrial

line, wire, wireless or other communication
media; and

(ii) terminals or a complex consisting of two
or more inter-connected computers or
communication device whether or not the
inter-connection is continuously
maintained;’;
HACKING NO LONGER AN OFFENCE

HACKING AS AN OFFENCE HAS BEEN

DELETED FROM THE LAW BOOK.

EXISTING SECTION 66 OF THE IT ACT,
2000

THE SAID SECTION HAS BEEN
SUBSTITUTED BY NEW LANGUAGE

EXISTING LANGUAGE OF THE
OFFENCE OF HACKING DOES NOT
FIND MENTION IN THE CURRENT
MANNER
 YOUR FRIENDLY
CYBERCRIME LEGISLATION

AMENDMENTS SEEK TO MAKE INDIAN

CYBERLAW FRIENDLY CYBER CRIME
LEGISLATION:
- A LEGISLATION THAT GOES
EXTREMELY SOFT ON CYBER
CRIMINALS, WITH A SOFT HEART
 CYBERCRIME FRIENDLY

A LEGISLATION THAT CHOOSES TO

ENCOURAGE CYBER CRIMINALS BY
LESSENING THE QUANTUM OF
PUNISHMENT ACCORDED TO THEM
IN THE EXISTING LAWS
 CYBERCRIMES BALIABLE

DISTINCT ABSENCE OF LOGIC AND

RATIONALE IN REDUCING OF THE
QUANTUM OF PUNISHMENTS FOR
VARIOUS OFFENCES

NOW CYBERCRIMES TO BE
INVESTIGATED NOT BY A DSP BUT BY
AN INSPECTOR
 SECTION 6 A

Delivery of Services by Service Provider
(Inserted vide ITAA-2008)

The appropriate Government may, for the
purposes of this Chapter and for efficient
delivery of services to the public through
electronic means authorize, by order, any
service provider to set up, maintain and
upgrade the computerized facilities and
perform such other services as it may
specify, by notification in the Official
Gazette.
 SECTION 6 A (Contd.)

Explanation: For the purposes of this

section, service provider so authorized
includes any individual, private agency,
private company, partnership firm, sole
proprietor form or any such other body or
agency which has been granted
permission by the appropriate
Government to offer services through
electronic means in accordance with the
policy governing such service sector.
 SECTION 6 A (Contd.)

The appropriate Government may also

authorize any service provider authorized
under sub-section (1) to collect, retain and
appropriate service charges, as may be
prescribed by the appropriate Government
for the purpose of providing such services,
from the person availing such service.
 SECTION 6 A (Contd.)

Subject to the provisions of sub-section (2),

the appropriate Government may authorize
the service providers to collect, retain and
appropriate service charges under this
section notwithstanding the fact that there is
no express provision under the Act, rule,
regulation or notification under which the
service is provided to collect, retain and
appropriate e-service charges by the service
providers.
 SECTION 6 A (Contd.)

The appropriate Government shall, by

notification in the Official Gazette, specify
the scale of service charges which may be
charged and collected by the service
providers under this section: Provided that
the appropriate Government may specify
different scale of service charges for different
types of services.
 SECTION 43 A

Where a body corporate, possessing, dealing
or handling any sensitive personal data or
information in a computer resource which it
owns, controls or operates, is negligent in
implementing and maintaining reasonable
security practices and procedures and
thereby causes wrongful loss or wrongful
gain to any person, such body corporate
shall be liable to pay damages by way of
compensation, to the person so affected.
 SECTION 43 A (contd.)

Explanation: For the purposes of this

section

"body corporate" means any company and
includes a firm, sole proprietorship or other
association of individuals engaged in
commercial or professional activities
 SECTION 43 A (contd.)

"reasonable security practices and procedures"

means security practices and procedures designed to
protect such information from unauthorised access,
damage, use, modification, disclosure or
impairment, as may be specified in an agreement
between the parties or as may be specified in any law
for the time being in force and in the absence of such
agreement or any law, such reasonable security
practices and procedures, as may be prescribed by
the Central Government in consultation with such
professional bodies or associations as it may deem
fit.
 SECTION 43 A (contd.)

"Sensitive personal data or information"

means such personal information as may be
prescribed by the Central Government in
consultation with such professional bodies
or associations as it may deem fit.
 SECTION 79

Exemption from liability of intermediary in

certain cases . Notwithstanding anything
contained in any law for the time being in
force but subject to the provisions of sub-
sections (2) and (3), an intermediary shall
not be liable for any third party information,
data, or communication link made hosted by
him.
 SECTION 79 (contd.)

The provisions of sub-section (1) shall apply

if-

(a) the function of the intermediary is
limited to providing access to a
communication system over which
information made available by third
parties is transmitted or temporarily stored;
or
 SECTION 79 (contd.)

(b) the intermediary does not-

(i) initiate the transmission,

(ii) select the receiver of the transmission,
and

(iii) select or modify the information
contained in the transmission
 SECTION 79 (contd.)

(c) The intermediary observes due diligence

while discharging his duties under this Act
and also observes such other guidelines as
the Central Government may prescribe in
this behalf
 SECTION 79 (contd.)

The provisions of sub-section (1) shall not

apply if- (a) the intermediary has conspired
or abetted or aided or induced whether by
threats or promise or otherwise in the
commission of the unlawful act.
 SECTION 79 (contd.)

(b) upon receiving actual knowledge, or on

being notified by the appropriate
Government or its agency that any
information, data or communication link
residing in or connected to a computer
resource controlled by the intermediary is
being used to commit the unlawful act, the
intermediary fails to expeditiously remove or
disable access to that material on that
resource without vitiating the evidence in
any manner.
 SECTION 79 (contd.)

Explanation:- For the purpose of this

section, the expression "third party
information" means any information dealt
with by an intermediary in his capacity as an
intermediary.
E-HAFTA AND CORPORATE INDIA

INSPECTOR RAJ IN CYBERCRIME

SCENARIO

CONCEPT OF E-HAFTA WILL TAKE
CONCRETE FEET

CONCERNS OF CORPORATE INDIA
REGARDING THEIR CONFIDENTIAL
DATA AND INFORMATION NOT
ADDRESSED
 NEED OF THE HOUR

NEED TO PROTECT YOURSELF

TRY TO ADOPT CYBER SECURITY
PRACTICES

PREVENTION IS BETTER THAN CURE

FOCUS ON PROACTIVE ACTION
 NEW CHALLENGES

SOCIAL NETWORKING

P2P

USER GENERATED CONTENT

SPYWARE AND MALWARE

E-DISCOVERY
INTERMEDIARIES & DUE DILIGENCE

ALL COMPANIES COMING WITHIN

THE DEFINITION OF
INTERMEDIARIES NEED TO DO DUE
DILIGENCE

DUE DILIGENCE CRITICAL FOR
LIMITATION OF LIABILITY

DUE DILIGENCE NEEDS TO BE
DOCUMENTED AND BE READILY
AVAILABLE
PAVAN DUGGAL DUE DILIGENCE
PROGRAMME, 2009

PAVANDUGGAL DUE DILIGENCE
PROGRAMME VERSION 2009

CONDUCTED BY PAVAN DUGGAL

ASSOCIATES, INDIA’S NICHE
TECHNOLOGY LAW FIRM

AN ASBOLUTE MUST FOR ALL

INTERMEDIARIES AND COMPANIES
PAVAN DUGGAL DUE DILIGENCE
PROGRAMME, 2009

EXHAUSTIVE DUE DILIGENCE DONE

FOR ALL STAKEHOLDERS

NO REINEVENTION OF THE WHEEL

PROACTIVE PROTECTION KEEING IN
THE MIND THE CUSTOMIZED
REQUIREMENTS OF THE RELEVANT
LEGAL ENTITY
PAVAN DUGGAL DUE DILIGENCE
PROGRAMME, 2009

CRITICAL FOR COMPANIES AND

THEIR TOP MANAGEMENT TO GET
THE SAID DUE DILGENCE DONE

NEED TO LIMIT POTENTIAL LEGAL

EXPOSURE , BOTH CIVIL AND
CRIMINAL, FOR THE COMPANIES
AND THEIR TOP MANAGEMENTS
 CYBERLAWS.NET SURVEY ON E-
COMPLIANCE

Generate awareness & orientation about the
compliance requirements of Indian Cyber
Law
Sensitize people about :
 The level of compliances of their
respective organizations pertaining to
Indian Cyber Law.
Possibility of exposures to potential risks.
CYBERLAWS.NET SURVEY ON
E-COMPLIANCE
CYBERLAWS.NET SURVEY ON
E-COMPLIANCE ( contd)
CYBERLAWS.NET SURVEY ON
E-COMPLIANCE( contd)

To take the survey & know your present

compliance situation visit the following web
address :

http://cyberlaws.net/ecompliance
IT Act Amendments, December 2008
 IT Act Amendments, 2008
For details visit:

www.cyberlaws.net/itamendments

Or

www.cyberlawindia.com
 A PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME
COURT OF INDIA
PAVAN DUGGAL
ASSOCIATES

EMAIL : pduggal@vsnl.com
pduggal@gmail.com