Guidelines regarding Due Diligence Requirement of Intermediaries
After ITA 2008 was notified on October 27, 2009, and more than 15 months of
deliberations, a draft regulation has been released by MCIT on the
responsibilities of "Intermediaries" such as portal owners under Section
79 with a request for public comments to be sent to
grai@mit.gov.in before 28th
February 2011.
Salient features of this notification is provided below:
There are 14 different clauses of "Due Diligence" indicated in the proposed
notification.
1: Disclosures:
Apart from the requirement to publish terms and conditions and privacy
policy for the use of the site, the intermediary is expected to notify
the users not to commit contraventions of different kinds mentioned in
ITA 2008. It also includes a provision regarding "not using data that
belongs to another person" which loosely refers to IPR protected
information.
2. Action on Receipt of Notice
On receipt of knowledge about any contravention (including through a
digital signature affixed e-mail ) about any objectionable content, the
intermediary shall take expeditious steps to remove access to such
information and also inform the police of such information and preserve
the records for 90 days.
3.Security Obligations
Apart from taking steps to secure the information in its custody, the
intermediary shall report Cyber Security incidents (to Police?) and to
CERT-IN
4. Assigned Responsibility:
The Intermediary shall designate a person and provide his contacts on the
website for the purpose of receiving notices.
The guidelines are on expected lines and along with
the privacy related guideline under Section 43 A, provides a good
starting point for the use of Intermediaries.
Naavi
February 20, 2011
Any Comments on this article can be sent to
naavi@vsnl.com
Reference:
Draft Guideline-Intermediaries
Comments are Welcome at
naavi@vsnl.com
