Professional Documents
Culture Documents
Legal Register
Legal Register
Legal Register
Document No.
Document Classification
Initially Prepared By
Initial Review Date
Initially Reviewed By
Initial Approval Date
Initially Approved By
Version No.
Initial Effective Date
Document Change
Details
Change Date
Change Prepared By
Re reviewed By
Re Review Date
Approved By - post
review/ change
New Version No.
New Effective Date
Shadowfax Technologies Pvt Ltd
Legal Register
Shadowfax/ III/FR-010
Internal
04.01.2022
S,No Word
1 Access
2 Addressee
3 Adjudicating Officer
4 Electronic Signature
6 Certifying Authority
8 Communication Device
9 Computer
10 Computer Network
11 Computer Resource
12 Computer System
13 Controller
17 Data
18 Digital Signature
20 Electronic Form
21 Electronic Gazette
22 Electronic Record
25 Function
27 Information
28 Intermediary
29 Key Pair
30 Law
31 License
32 Originator
33 Prescribed
34 Private Key
35 Public Key
36 Secure System
37 Security Procedure
38 Subscriber
39 Verify
40 Hash function
41 Computer Contaminant
42 Computer Database
43 Computer Virus
44 Damage
52 Capture
53 Private area
54 Publishes
56 Company
57 Director
Inserted Vide Information Technology (Reasonable security practices and procedures and sensitive personal data or in
2011
58 Personal Information
Description
Gaining entry into, instructing or communicating with the logical, arithmetical, or memory
function resources of a computer, computer system or computer network
A person who is intended by the originator to receive the electronic record but does not
include any intermediary
Adjudicating officer appointed under subsection (1) of section 46
Adoption of any methodology or procedure by a person for the purpose of authenticating an
electronic record by means of Electronic Signature
A system of a secure key pair consisting of a private key for creating a digital signature and a
public key to verify the digital signature;
A person who has been granted a license to issue a Electronic Signature Certificate under
section 24
A statement issued by a Certifying Authority to specify the practices that the Certifying
Authority employs in issuing Electronic Signature Certificates
Cell Phones, Personal Digital Assistance (Sic), or combination of both or any other device
used to communicate, send or transmit any text, video, audio, or image. (Inserted Vide ITAA
2008)
Any electronic, magnetic, optical or other high-speed data processing device or system
which performs logical, arithmetic, and memory functions by manipulations of electronic,
magnetic or optical impulses, and includes all input, output, processing, storage, computer
software, or communication facilities which are connected or related to the computer in a
computer system or computer network
Substituted vide ITAA-2008
A device or collection of devices, including input and output support devices and excluding
calculators which are not programmable and capable of being used in conjunction with
external files, which contain computer programmes, electronic instructions, input data, and
output data, that performs logic, arithmetic, data storage and retrieval, communication
control and other functions
The Controller of Certifying Authorities appointed under sub-section (7) of section 17
The Cyber Appellate * Tribunal established under sub-section (1) of section 48 (*
"Regulations" omitted)
Inserted vide ITAA-2008
Any facility from where access to the internet is offered by any person in the ordinary
course of business to the members of the public
Protecting information, equipment, devices, computer, computer resource, communication
device and information stored therein from unauthorized access, use, disclosure, disruption,
modification or destruction
In relation to a computer, includes logic, control, arithmetical process, deletion, storage and
retrieval and communication or telecommunication from or within a computer
Includes data, message, text, images, sound, voice, codes, computer programmes, software
and databases or micro film or computer generated micro fiche; (Amended vide ITAA-2008)
Substituted vide ITAA-2008
Any particular electronic records, means any person who on behalf of another person
receives, stores or transmits that record or provides any service with respect to that record
and includes telecom service providers, network service providers, internet service
providers, web hosting service providers, search engines, online payment sites, online-
auction sites, online market places and cyber cafes
An asymmetric crypto system, means a private key and its mathematically related public
key, which are so related that the public key can verify a digital signature created by the
private key
In relation to a digital signature, electronic record or public key, with its grammatical
variations and cognate expressions means to determine whether (a) the initial electronic
record was affixed with the digital signature by the use of private key corresponding to the
public key of the subscriber
AL SIGNATURE AND ELECTRONIC SIGNATURE (amended vide ITAA 2008)
An algorithm mapping or translation of one sequence of bits into another, generally smaller,
set known as "Hash Result" such that an electronic record yields the same hash result every
time the algorithm is executed with the same electronic record as its input making it
computationally infeasible
Any set of computer instructions that are designed to modify, destroy, record, transmit
data or programme residing within a computer, computer system or computer network
To destroy, alter, delete, add, modify or re-arrange any computer resource by any means
The listing of programmes, computer commands, design and layout and programme analysis
of computer resource in any form
Inserted vide ITAA 2006
Any company and includes a firm, sole proprietorship or other association of individuals
engaged in commercial or professional activities
Security practices and procedures designed to protect such information from unauthorised
access, damage, use, modification, disclosure or impairment, as may be specified in an
agreement between the parties or as may be specified in any law for the time being in force
and in the absence of such agreement or any law, such reasonable security practices and
procedures, as may be prescribed by the Central Government in consultation with such
professional bodies or associations as it may deem fit
Such personal information as may be prescribed by the Central Government in consultation
with such professional bodies or associations as it may deem fit
Substituted vide ITAA 2008
Shall have the meaning assigned to it in section 24 of the Indian Penal Code
Shall have the meaning assigned to it in section 25 of the Indian Penal Code
Inserted Vide ITA 2008
To electronically send a visual image with the intent that it be viewed by a person or persons
With respect to an image, means to videotape, photograph, film or record by any means
The naked or undergarment clad genitals, pubic area, buttocks or female breast
Reproduction in the printed or electronic form and making it available for public
Circumstances in which a person can have a reasonable expectation that he or she could
disrobe in privacy, without being concerned that an image of his private area was being
captured
Any Body Corporate and includes a Firm or other Association of individuals
In relation to a firm, means a partner in the firm
ogy (Reasonable security practices and procedures and sensitive personal data or information) Rules,
2011
means any information that relates to a natural person, which, either directly or indirectly,
in combination with other information available or likely to be available with a body
corporate, is capable of identifying such person.
Sensitive personal data or information of a person means such personal information which
consists of information relating to;
password
financial information such as Bank account or credit card or debit card orother payment
instrument details
physical, physiological and mental health condition
sexual orientation
medical records and history
Biometric information
any detail relating to the above clauses as provided to body corporate for providing service
any of the information received under above clauses by body corporate for processing,
stored or processed under lawful contract or otherwise
Item No. Act/ rule Date of effectiveness Clause Type* Relevant
of act/ rule Government
Department
OFFENCES
2 Information Technology 11.4.2011 Legal Requirement Ministry of
(Reasonable security practices Communications &
and procedures and sensitive Inofrmation
personal data or information) Technology
Rules, 2011
(Reasonable security practices Communications &
and procedures and sensitive Inofrmation
personal data or information) Technology
Rules, 2011
3 Pls provide other compliances like 26.7.1988 Legal Ministry of Labour
shops and establishment act etc
LEGAL REGISTER
Section/ Rule Requirement Applicability
No.
Chapter 11, Breach of confidentiality and privacy-any person has secured Yes
Section 72 access to any electronic record, book, register, correspondence,
information, document or other material without the consent of
the person concerned discloses information shall be punished
with imprisonment for a term which may extend to two years,
or with fine which may extend to one lakh rupees, or with both.
Chapter 11, Penalty for publishing electronic Signature Certificate false in Yes
Section 73 certain particulars No person shall publish a Electronic Signature
Certificate or otherwise make it available to any other person
Section 4 Body corporate to provide policy for privacy and disclosure of Yes
information
The body corporate or any person who on behalf of body Yes
corporate collects, receives, possess, stores, deals or handle
information of provider of information, shall provide a
privacy policy for handling of or dealing in personal information
including sensitive personal data or information and ensure that
the same are available for view by such providers of information
who has provided such information under lawful contract.
Clear and easily accessible statements of its practices and policies Yes
(2) Body corporate or any person on its behalf shall not collect Yes
sensitive personal data or information unless —
(a) the information is collected for a lawful purpose connected with a Yes
function or activity of the body corporate or any person on its behalf;
the name and address of the agency that is collecting the information, Yes
the agency that will retain the information.
(4) Body corporate or any person on its behalf holding sensitive Yes
personal data or information shall not retain that information for
longer than is required for the purposes for which the information
may lawfully be used or is otherwise required under any other law for
the time being in force..
(5) The information collected shall be used for the purpose for which Yes
it has been collected.
(6) Body corporate or any person on its behalf permit the providers of Yes
information, as and when requested by them, to review the
information they had provided and ensure that any personal
information or sensitive personal data or information found to be
inaccurate or deficient shall be corrected or amended as feasible:
(7) Body corporate or any person on its behalf shall, prior to the Yes
collection of information including sensitive personal data or
information, provide an option to the provider of the information to
not to provide the data or information sought to be collected.
(8) Body corporate or any person on its behalf shall keep the Yes
information secure as provided in rule 8.
(9) Body corporate shall address any discrepancies and grievances of Yes
their provider of the information with respect to processing of
information in a time bound manner. For this purpose, the body
corporate shall designate a Grievance Officer and publish his name
and contact details on its website. The Grievance Officer shall redress
the grievances or provider of information expeditiously but within one
month ' from the date of receipt of grievance.
The body corporate or any person on its behalf shall not publish the
sensitive personal data or information.
NA Fulfilled Electronic NA NA
signatures are
within the close
custody of the
top mgmt
NA Fulfilled Electronic NA NA
signatures are
within the close
custody of the
top mgmt
Privacy policy
documented on
web site
NA NA Policies & NA NA
procedures
documenetd
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA
NA NA