With the expansion of the IT Industry, the world has shrunk into a local microcosm where data privacy and security breaches have become norms. This vulnerability is a thing of concern when we talk about outsourcing of companies. If the confidential information lands up in wrong hands, the outcome could be disastrous. With the need and the availability to use network at public places such as café or airports, more stringent data security compliance is needed.
The IT Act of 2000 has set in a framework for electronic transactions by creating provisions for checking crimes such as computer hacking. Fast Track Civil Courts and Appellate Tribunals are there to hear the disputes under the act. But a stricter measure is required to protect data and a more rigorous legal environment providing measure against data leaking and cyber crime is needed.
Previously, the original act called for penalty for damaging computer and computer systems under Section 43, but with the amendment compensation can be claimed for stealing computer source codes too. Clause 43A has made data protection more explicit. If a company uses a person’s data and sensitive personal data is leaked – the person can claim for damage. This forces the companies to protect data by maintaining and implementing reasonable security priorities. And if a Company fails to provide such a measure the Central Government will prescribe some practices and procedures in consultation with the professional bodies and association.
The amended Act of 2000 imposes imprisonment of three years and a fine of rupees five lakh for any person or intermediary who discloses the personal information of an individual or a firm without his consent. This to some extent ensures a smooth business flow against international borders. Also, the original act had been updated for crime specific subsections related to hacking and obscene material. Traffic data, logs and information is maintained by intermediaries for Cyber security with respect to guidelines provided by Central Government. This ensures availability of Cyber Forensic Data needed in the investigation and prosecution of cyber crimes.
The Government has updated and included new definitions for communication devices, cyber cafes, cyber security and electronic signatures and the Indian Computer Emergency Response Team (ICERT). Intermediaries too need to provide assistance to ICERT in doing its job. The nodal agency provides procedure for the same. The ICERT will perform all functions related to the Cyber Security: Service providers, intermediaries, companies, and others will have to provide information to the agency when required and in accordance with procedures that shall be prescribed by the Nodal Agency.
What is next needed are the Right Tools that are able to dynamically classify content and identify the scope of information in real time as much needs to be done in incorporating accountability of the data shared.
Source: Whitepaper
Sonam Sharma
MBA-IT
IIIT Allahabad