2009-The Golden Year for Cyber Laws in India
(This is part I
of the Two Part Article. Part II is available here)
The year 2000 was the launch of the Digital Society in India since Cyber
Laws were first put in place in the form of Information Technology Act
2000. (ITA 2000), Now the year 2009 has turned out to be a landmark
year in the history of Cyber Laws in India with the notification of the
Information Technology Amendment Act 2008 (ITAA 2008). The current version
of ITA 2000 which is referred to as ITA 2008 was actually notified for
effect from October 27, 2009. While October 17, 2000 became the "Digital
Society Day" of India, October 27, 2009 has now become a "Cyber Security
Day" of India. Naavi.org has been in the forefront of following on the
amendments from 2005 onwards when the process started. The developments
have already been well documented on the site at
http://www.naavi.org/naavi_comments_itaa/index.htm.
We can however briefly chart the transformation which ITA 2000 has
undergone and why Naavi.org would like to refer to 2009 as the Golden Year
of Cyber Laws in India.
ITA 2000 was drafted at a time when there was no recognition for electronic
transaction in law and hence the objective of the legislation was to enable
the commercial world to accept electronic documents as legally equivalent
to paper document. As a necessary extension, ITA 2000 introduced Digital
Signatures, the process of Adjudication, Section 66 penalizing "Diminishing
of the value of information residing inside the computer", the concept
of "Due Diligence" and Section 65B of Indian Evidence Act regarding
admissibility of electronic evidence in paper form.
Each one of these
concepts were innovative and made the law stronger than what it otherwise
appeared to be. However the deceptive strength of the legislation largely
went unnoticed by the industry which largely ignored the existence of the
law. Hence we saw Banks and Governments continue critical electronic
transactions without adopting the recommended authentication system in the
form of "Digital Signatures", Companies refused to believe that "Due
Diligence" is a Corporate Governance responsibility.
It was this refusal to
understand and comply with the provisions of ITA 2000 that led to the
Baazee.com conflict.The episode which created a big divide in the Cyber Law world in India when the Government went about an amendment
based on the recommendations of an "Expert Committee" in 2005 which was
seen as a motivated report meant to bend the laws to suit the business and
protect baazee.com prospectively. It also took Naavi to the side of
the divide critical of the moves of the Government and the recommendations
of the Expert Committee followed by the Information Technology Amendment
Bill 2006 (ITAA 2006) . The fight continued for more than two years in
which Naavi.org had to also take on many in the media who were being used
by the vested interests to manipulate public opinion in favour of the
proposed amendments.
There was however a savior in the form of the Parliamentary Committee
headed by Mr Nikhil Kumar whose damning report transformed the Intermediary
friendly ITAA 2006 to
Security friendly ITAA 2008 which finally got approved in the Parliament on December 23/24
2008. It is necessary for us to remember the contribution of this
Parliamentary Committee and pay it the due respects for the creation of the
current version of ITA 2008 which is strongly oriented to Cyber Security.
ITA 2008 not only defined "Cyber Security" as a part of the legislation, it
also introduced the concepts of "Reasonable Security Practices" to be
followed by the industry to protect "Data". It also expanded the list of Cyber
Crimes covered, strengthened the institution of the Cyber Regulations
Appellate Authority (Now called Cyber Appellate Authority), introduced the
concept of "Electronic Signatures" and e-auditing.. It expanded the powers of the
adjudicators and at the same time also brought the judiciary into the
system of civil suits involving Cyber crimes. The rules under sections
69,69A and 69B have provided enormous powers to the executive for Privacy
invasion but have also made the issue of "Cyber Law Compliance" a critical
issue in the industry.
In view of these developments, ITA 2008 has become a key regulatory issue
in Indian industry and creeps into Corporate Governance requirements such
as compliance of Clause 49 of the SEBI listing requirements. Every company
signing their annual reports for the year ending March 31, 2010, which
incorporates the CEO certification on compliance is deemed to have
undertaken an ITA 2008 compliance audit and initiated the necessary
compliance processes. This will bring a sea change in the Indian Corporate
sector and make Information Security a key corporate policy in the coming
years.The concept of Techno Legal Information Security which was hitherto
remained a distant vision has now become the need of the hour.
It is for this reason that Naavi.org considers 2009 as the Golden Year for
Cyber Laws in India..(.....to be continued)
Naavi
December 29, 2009
Comments are Welcome at
naavi@vsnl.com