Should IRCTC obtain Cyber Insurance?

Naavi.org has in the past discussed the information security issues from the consumer perspective in the IRCTC website and demanded suitable security audits. It is good to note that it has now been reported that STQC is conducting an information security audit on the new reservation system. We welcome the move.

Related Article

In this context, we can also draw attention to another aspect. IRCTC has seen many cyber crimes being committed on the platform. One kind of crime is stealing of consumer data including financial information which is “Sensitive Personal Information” under Section 43A of ITA 2008 and booking of tickets using stolen credit card purchased elsewhere.

In such cases, the issue to be settled is “Is IRCTC an intermediary?” ” Is IRCTC a Body Corporate”?

If IRCTC is a corporation having rights to sue and be sued in its own name, it is a “Body Corporate” having obligations under Section 43A ITA 2008. It is also an intermediary which exposes it to liabilities under Section 79 to follow the “Due Diligence” responsibilities.

At the same time, since we are discussing the topic of Cyber Insurance, one can also ask a question if IRCTC should cover itself with Cyber Insurance to avoid liabilities that may arise under Section 43A or Sec 79.

india_insurance_logo_2

STQC which would be conducting information security audit,need to recommend if part of the risk needs to be transferred to a Cyber Insurance company.

Another collateral question that arises is that there are several e-initiatives of the Government both at the center and states where liabilities could arise on account of cyber crimes. One legal view is that any organization like a Government department that can enter into contracts in its own name should be considered as a “Person” under law and therefore is also exposed to the liabilities under ITA 2008.

If so, can the Government department which is doing some kind of E-Business obtain Cyber Insurance? Or Should Cyber Insurance be limited to private sector companies? or to only Individuals? or to all of them?

This is a question on which India Cyber Insurance survey is tying to capture the perception of the market.

If you have not yet participated in the survey and recorded your view, please do so now.

You can access the survey here.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.