Cloud Computing Legal Issues In India

Close up of wooden gavel at the computer keyboardCloud computing is a cost effective method to share computing resources of a large scale that can be accessed from any part of the world. Any individual user or company that has the permission to access the cloud infrastructure can use its processing power to run an application, store data, or perform any other computing task. However, with the cost effectiveness and computing power, the regulatory issues are also attached.

We have no dedicated legal framework for cloud computing in India as on date. Indian cyberspace is not a mature one as it is plagued with multiple problems. In these circumstances when the technology is not fully developed and regulatory issues have created a risk environment and uncertainty, the question arises is cloud computing a viable solution in India?

Regarding the legal and regulatory compliance aspects of cloud computing companies must adhere to local laws of many jurisdictions. These include laws pertaining to privacy, data protection (PDF), taxation, data security, etc. It would be a naïve approach to ignore cloud computing legal risks in India. There are specific virtualisation, cloud computing and encryption related legal issues in India that have to be resolved before launching a cloud computing business venture in India.

In short, the cloud computing legal and regulatory requirements in India for businesses and entrepreneurs must be analysed in advance before launching a project. Cloud computing service providers in India are Internet intermediary within the meaning of IT Act, 2000 and they are also required to comply with cyber law due diligence requirements (PDF).

The legal risks of cloud computing may outweigh its benefits for an entrepreneur of he is booked for a legal violation. The cloud computing legal environment in India is still maturing and most of the cloud computing companies in India are not aware of the legal compliances in this regard. Besides the cyber law due diligence, cloud computing due diligence in India must also be complied with by the entrepreneurs.

Posted in Uncategorized | Comments Off

Maharashtra FDA Urged Central Government To Formulate Policy Regarding Online Pharmacies Operating In India

Maharashtra FDA Urged Central Government To Formulate Policy Regarding Online Pharmacies Operating In IndiaOnline pharmacies in India are violating Indian laws with impunity and Indian regulatory authorities are watching helplessly. Maharashtra FDA has already approached DCGI for regulating illegal online pharmacies operating in India. The online sales of prescribed drugs in India are also under DGCA scanner. However, nothing concrete has happened so far and criminals continue to operate online pharmacies with great disregard to Indian laws.

The position has become so horrible that an urgent intervention by Indian government is need of the hour. International crackdown upon online pharmacies is already under process. Countries like Unites States and United Kingdom have already banned Indian pharmaceutical products and herbal medicines.

Considering the gravity of the situation, FDA officials earlier this week approached the Central government’s Ministry of Commerce, as well as the Drug Controller General of India (DCGI), asking them to investigate such scams and take similar action to crack down on cases of “Internet pharmacy”, as also draft a concrete policy to tackle it. In the action taken around Mumbai and Pune, amongst other spots, in March/April this year, officials seized medicines worth Rs 2 crore from across the state.

Assistant Commissioner (Drugs) at the state FDA Dr Rakesh Tirpude said, “We have written to the Centre so that they can plug loopholes and come up with a policy to curb such activities. We are state-level authorities, so we are not authorised to take action at the national level. However, the issue is not just limited to Maharashtra, and needs to be investigated across India”.

Posted in Uncategorized | Comments Off

Indian Enterprises And Government Set To Increase Spending On Cyber Security Infrastructure

Indian Enterprises And Government Set To Increase Spending On Cyber Security InfrastructureEnterprises around the world are facing threats of sophisticated cyber attacks. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been targeting many institutions and enterprises that are holding sensitive and crucial information and data.

While it is next to impossible to avoid all cyber attacks yet effective cyber security practices and mechanisms must be used by all enterprises handling sensitive data. Similarly, enterprises are under a legal obligation to share details about cyber security breaches that has taken place. An inappropriate action against a cyber security breach and its non reporting in a timely manner can attract both civil and criminal sanctions against the enterprises.

Take the example of Target Corporation that was attacked by cyber criminals and it failed to act in a timely manner. As a result of that Target Corporation is now facing litigation threats around the world. Similarly, EBay was also attacked recently and it has asked its customers to change their passwords. Now it has been reported that three U.S. States are investigating EBay’s cyber security standards and cyber security breach disclosure practices.

Obviously the costs of litigations and compensations are much higher than managing a robust and effective cyber security infrastructure. However, cyber security is not just hardware and software but strict adherence to cyber security best practices. Increasing the cyber security awareness and insulation of employees against social engineering attacks must be undertaken on a regular basis.

Indian government and various government departments are also required to ensure adequate cyber security. India has been projecting herself as a champion of e-governance. But the truth is that e-governance in India has miserably failed. The legal framework for e-governance in India is not only inadequate but it is also useless. This is so because we have no mandatory e-governance services in India and in the absence of a compulsion government departments are simply ignoring use of e-governance. Even the cyber security of e-governance services in India is missing as per the cyber security trends and developments of India 2013 (PDF).

However, this would also raise many techno legal compliance requirements and cyber law due diligence on the part of government departments and other stakeholders. Cyber security breaches have significantly increased in India and government departments and enterprises would be required to comply with cyber security breach notification requirements as well.

Posted in Uncategorized | Comments Off

Madhya Pradesh Gives Legal Recognition To E-mail Communications Among Government Departments

Madhya Pradesh Gives Legal Recognition To E-mail Communications Among Government DepartmentsIndia has been projecting herself as a champion of e-governance. But the truth is that e-governance in India has miserably failed. The legal framework for e-governance in India is not only inadequate but it is also useless. This is so because we have no mandatory e-governance services in India and in the absence of a compulsion government departments are simply ignoring use of e-governance. Even the cyber security of e-governance services in India is missing as per the cyber security trends and developments of India 2013 (PDF).

Even after judicial intervention Indian government has failed to take any action in this much needed direction. For instance, the e-mail policy of India has still not been implemented despite strict warnings by Delhi High Court. So bad is the situation that the Delhi High Court has accused central government of sitting over e-mail policy of India. The Delhi High Court has also directed central government to issue notification regarding electronic signature under Information Technology Act 2000. The encryption policy of India (PDF) is also missing till date though it is need of the hour.

In a welcome move, Madhya Pradesh on Wednesday became the first state in the country to pass an e-mail policy to give legal standing to correspondence between government departments via electronic mail and digital messaging. The state cabinet which met on Wednesday morning after a gap of six weeks following the imposition of model code of conduct before the Lok Sabha election endorsed the E-mail Policy 2014 to “expedite government work through use of information technology”. This is a good step and other states must also do the same.

The main objective of this policy is to give legal recognition to e-mail correspondence and dissemination of information and data between the different government departments. The state government argued that this single step would speed-up jobs at government offices which till now was heavily dependent on notifications and movement of red tapism.

Till now e-mail correspondence were not authorised by the state under any policy procedure. Hence, its validity and decisions taken using e-mail are questionable. But with the implementation of the E-mail policy, message exchanged over electronic mail will be included formally in the category of approved documentation and acceptable to all concerned.

By evening, a state government release informed that all departments, offices, affiliated institutions and autonomous bodies which draw funds from the state government’s consolidated fund, will be provided e-mail related facilities free of cost. It will also be compulsory for employees of various state government departments, their affiliated organizations, corporations, boards who use this facility to strictly follow the guidelines of the E-mail Policy.

However, this would also raise many techno legal compliance requirements and cyber law due diligence on the part of government departments and other stakeholders. Cyber security breaches have significantly increased in India and government departments would be required to comply with cyber security breach notification requirements as well.

Posted in Uncategorized | Comments Off

Illegal Online Pharmacies And Healthcare Websites In India Need To Be Curbed

Illegal Online Pharmacies And Healthcare Websites In India Need To Be CurbedPharmaceutical and healthcare industry is fast flourishing in India. However, in the race to establish an e-business as soon as possible, almost all of the online pharmacies, ayurveda and nutraceutical websites in India have failed to comply with the respective laws in this regard. As a result these online pharmacies, ayurveda and nutraceutical websites are operating in an unregulated manner in India.

Regulatory authorities of India have started taking note of this precarious condition. As a result online pharmacy websites have come under regulatory scanner and their prosecution and punishment may also be possible. The Maharashtra FDA has approached DCGI for regulating illegal online pharmacies operating in India. Similarly, the Hyderabad drug authorities are also keen on regulating illegal sale of drugs through online mechanism.

We have specified laws for opening an online pharmacy store in India. Even the Ayurvedic and Nutraceuticals e-businesses are required to comply with the prescribed Indian laws to operate legally.

Even in foreign jurisdictions, Indian online pharmacies are under scrutiny. For instance, United States shut down 1677 illegal online pharmacies websites that were not in compliance with US laws. Illegal online pharmacies are also on hit list of Google and federal authorities of US.

More such actions would be there in the near future and in order to escape criminal prosecution and exorbitant fines, Indian online pharmacies must comply with laws of India as well as foreign jurisdictions. Similar requirement applies to Indian Ayurvedic and Nutraceutical websites as well.

Posted in Uncategorized | Comments Off

Cyber Law Obligations Of Directors Of Indian Companies Under Indian Companies Act, 2013

Cyber Law Obligations Of Directors Of Indian Companies Under Indian Companies Act, 2013Cyber law of India is incorporated in the form of Information Technology Act, 2000 (IT Act 2000). The cyber law of India is a young and evolving law as it has been in force for almost one and half decade only. As a result the stakeholders of this field are still not well versed with the rights, obligations and liabilities arising out of the same. Nevertheless, the IT Act 2000 provides regulatory framework regarding cyber law, cyber crimes, e-governance, e-commerce and cyber law and cyber security due diligence.

The Indian Companies Act, 1956 remained in force for almost 58 years though it was required to be changed much earlier. The Ministry of Corporate Affairs (MCA) has recently notified many provisions of the Indian Companies Act, 2013 (PDF) and corresponding rules under the same. Thus, a new regulatory regime for corporate law of India has substituted the old company law of India.

The new framework has also prescribed many techno legal compliance requirements that are not only novel but also complicated to manage by the companies and their directors. As a result the directors’ liabilities under the Indian Companies Act 2013 of have significantly increased. These include the cyber law and cyber security regulatory obligations as well.

The directors should particularly keep in mind the legal mandates of cyber law due diligence requirements (PDF), cyber security due diligence, e-discovery compliances, cyber forensics compliances, etc. The cyber litigations against Indian and foreign companies and websites is going to increase in future. For instance, Target Corporations facing litigations in numerous jurisdictions due to cyber security breach that it failed to address properly. Naturally, cyber due diligence cannot be ignored by Indian companies and their directors anymore.

The new company law regulatory framework prescribes management and inspection of documents in electronic form, electronic voting, electronic notices, etc that require a techno legal compliance on the part of Indian companies. The Companies Act 2013 also specifically made applicable many provisions of the IT Act 2000 and thereby expanding the scope of regulatory compliances under the 2013 Act.

Stakeholders like Banks, Insurance Companies, Electricity Companies, Companies incorporated under Special Acts, Companies notified by Central Government, etc are required to comply with the techno legal requirements as prescribed under the Companies Act 2013, Information Technology Act, 2000 and other applicable laws of India.

The cyber security trends and development in India 2013 (PDF), provided by Perry4Law’s Techno Legal Base (PTLB), have also indicated that various corporate stakeholders would be required to comply with cyber law and cyber security related obligations in the near future. As on date, companies and directors are not complying with the cyber law and cyber security obligations as prescribed by Indian laws and regulations. Indian companies and their directors have for long ignored the compliance requirements of Indian laws, especially laws pertaining to cyber obligations and cyber security compliances. Previously, these violations were required to be prosecuted independent of the Companies Act, 2013. Now these techno legal compliance requirements have been specifically incorporated into the Companies Act, 2013 itself.

Directors are also officer in default for which they can be not only held liable but prosecuted as well. The prosecution of directors for cyber violations would increase manifolds if suitable techno legal policies are not formulated and implemented at the top levels. Perry4Law strongly recommends that suitable techno legal policies must be implemented by Banks, Insurance Companies, Electricity Companies, Companies incorporated under Special Acts, Companies notified by Central Government, etc as soon as possible.

Posted in Uncategorized | Comments Off

Target Corporation Facing Numerous Litigations In Different Jurisdictions Due To Cyber Breach

Target Corporation Facing Numerous Litigations In Different Jurisdictions Due To Cyber BreachCyber liabilities are increasingly becoming a nightmare for technology companies and entrepreneurs engaging in online businesses. The online dealings and transactions of individuals and companies are governed by the Information Technology Act, 2000 (IT Act, 2000). The IT Act, 2000 is also the sole cyber law of India that prescribes cyber law due diligence requirements (PDF) and Internet intermediary liability for various technology stakeholders.

The Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules 2011 (PDF) have further specified the legal obligations of various intermediaries in India. However, companies and individuals are not following various applicable legal obligations in India. On the contrary, they are actively violating the provisions of the IT Act 2000 and the rules prescribed thereunder.

For instance, the 99Acres.com found itself in a fix for possible violation of cyber law due diligence and Internet intermediary liability of India. Similarly, olx.com/olx.in is also facing internet intermediary liability for selling stolen goods and cyber harassment at its platform. The cyber law trends in India 2013 (PDF) and the cyber security trends in India 2013 (PDF) have also analysed the growing incidences of failure to observe cyber law and cyber security due diligences in India by various stakeholders.

The latest to add to this list is the cyber breach that occurred at Target Corporation. It has still to be ascertained whether target failed to observe cyber law and cyber security due diligence after the cyber attack? As target was very well aware of the cyber security breach, it is quite possible that it may face numerous litigations around the world, including India.

Investigations at the government level are already under progress. Target may also be engaged in private investigations of its own. The card companies and their customers may also be hiring cyber forensics and e-discovery specialists to find the truth and ascertain the culpability of Target, if any.

Prima facie Target seems to have ignored cyber law due diligence and cyber security disclosure norms of India. it is also to be seen whether Target Corporation has complied with the requirements prescribed by the IT Act, 2000 or not, especially the cyber security breach notification requirements. If not, this would be a serious legal trouble for Target as the government and Indian customers would definitely take it to courts.

Posted in Uncategorized | 1 Comment

Healthcare Technology Laws And Regulatory Compliances In India

Healthcare Technology Laws And Regulatory Compliances In IndiaTechnology vendors and entrepreneurs are eying upon Indian healthcare market as the same is booming and has great commercial significance for the coming decades. However, along with benefits there are liabilities and obligations as well.  For instance, e-health, m-health, telemedicine, etc are subject to techno legal compliances. Presently the healthcare industry and healthcare entrepreneurs of India are acting more on the side of violation than compliances.

The legal risks for developer and owners of healthcare websites cannot be ignored. Further, mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related compliances of India.

For instance, AIIMS Bhubaneswar has recently launched electronic health card system and other hospitals and clinics may also adopt this practice. However, issues of privacy rights, data protection (PDF), cyber security, data security, cyber security breach reporting, biometric collection compliances, etc have still not been addressed and complied with by hospitals, clinics and Indian government. Even the Parliamentary Committee slammed Indian government for poor privacy laws and privacy protection in India.

Similarly, there are very complicated sets of legal requirements for establishing online pharmacies in India and for online sale of prescribed medicines in India. We have no dedicated laws for opening of online pharmacy stores in India but different laws of India govern different legal aspects of the same. There are numerous legal risks associated with online selling of medicines in India and all online pharmacies that intend to operate in India mist strictly follow various regulatory provision related to this field. As on date online pharmacies in India are violating various applicable laws of this field.

In the Indian context, regulatory compliances are frequently ignored and violated. Whether it is online pharmacies, e-health, m-health, telemedicine, mobile medical devices and applications, etc, medicine field related stakeholders are openly flouting the applicable norms and regulations.

Although we have no law on the lines of United State’s Health Insurance Portability and Accountability Act of 1996 yet there are numerous statutory provisions that must be complied with. These include privacy law compliances, data protection requirements, cloud computing compliances, encryption related compliances, cyber law due diligence (PDF), etc.

Clinical establishments operating in India are also required to comply with the requirements of the Clinical Establishments (Registration and Regulation) Act 2010 (PDF) and the Clinical Establishments (Central Government) Rules 2012 (PDF). Further, Recommendations on Electronic Medical Records Standards in India (PDF) have also been prescribed that have to be followed and complied with by Indian clinics and healthcare professionals of India. Perry4Law strongly recommends that both national and international healthcare stakeholders must ensure techno legal compliances of this field. Non compliance would bring not only bad publicity for them but may also result in civil and criminal prosecutions.

Posted in Uncategorized | Comments Off

Online Poker Laws In India Must Be Followed By Poker Websites

Online Poker Laws In India Must Be Followed By Poker WebsitesPoker is a famous game in India that has been in existence for long. As information technology became widely available, the traditional poker game was also transformed into online poker game. Now poker players play the game of poker on their respective computers and at a common online poker website.

This transformation has created many unique techno legal challenges before the poker players, poker websites and the law enforcement agencies of India. As this transformation into the digital world is a recent development, been the Indian judiciary is struggling to understand the same.

While these developments are taking place at very fast paces yet the online gaming industry and laws in India are still far behind these developments. In the absence of clear cut regulatory framework, the online poker laws and regulations in India are still susceptible to diverse interpretation. Thus, online poker in India is both legal and illegal depending upon the manner it is been projected, displayed to public and played in India.  If the online poker websites of India fail to adhere to and comply with the requirements of Internet intermediary obligations and cyber law due diligence (PDF), these websites can be prosecuted and blocked in India.

We have very specific and unique online poker laws and regulations in India. Whether by design or ignorance, online poker websites in India are violating these laws of India. Many online poker players in India also play the same in active violation of the laws of India in this regard. Most of them are not even aware whether playing online poker in India is legal or illegal. Further, taxability of online poker websites of India is another crucial issue that is frequently ignored by poker entrepreneurs.

Perry4Law strongly recommends that the laws and regulations for online gambling and online gaming in India in general and online poker in particular must be religiously followed by all the stakeholders in their own interest.

Posted in Uncategorized | Comments Off

Laws For Opening Of Online Pharmacy Store In India

Laws For Opening Of Online Pharmacy Store In IndiaOnline pharmacy is a complicated and legally risky field. This is so because the online pharmacy stores must comply with the legal issues in e-commerce in India besides complying with laws pertaining to online pharmacies in India. Perry4Law has already mentioned the legal risks of online medicine sales in India. We have also discussed the legal requirements to open online pharmacies in India. The Ayurvedic e-commerce legal issues in India are also evolving.

Online sale of prescribed drugs and medicines in India is a very controversial area. Most of the online pharmacy stores in India are unable to comply with the requirements of Indian laws. There are many techno legal requirements pertaining to privacy, data protection (PDF), encryption, cyber law due diligence (PDF), Internet intermediary obligations, cloud computing, etc that are required to be complied with by online pharmacy stores operating in India.

Mobile health related laws and regulations in India have added another dimension to these complicated legal norms. If a medical device is also sold by these online pharmacies that intend to serve a health/medical purpose, the mobile health and telemedicine related legal issues would also arise.

The conflict of laws in Indian cyberspace has also complicated the scene. Many times foreign online pharmacy websites target Indian citizens and supply even prohibited and banned drugs to Indian citizens. Most of these stores are located outside India and it becomes difficult to regulate their activities. The regulatory and legislative measures to check online pharmacies trading in banned drugs in India are also in pipeline. The digital communication channels for drugs and healthcare products in India are also subject to numerous regulatory compliances. All these issues require implementation of techno legal measures on the part of Indian government.

Indian government is considering the proposal that Internet telephony and VOIP service providers must establish servers in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility. We at Perry4Law believe that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. Similarly, online pharmacy store websites whose servers are located in foreign jurisdictions and that are violating Indian laws must be blocked in India on the lines of multi level marketing (MLM) websites.

Online sales of prescribed medicines in India are by and large unregulated and open for abuses. The illegal and unregulated online sales of prescribed medicines in India are flourishing like a plague. In fact, the fast growing and uncontrollable number of online pharmacies, mostly based abroad, has posed a serious challenge to State drug control authorities. They are simply not in a position to regulate the affairs of these online pharmacies that are openly violating the laws of India.

Now concerned over the risks involved in purchasing medicines, especially Schedule H drugs, from online pharmacies, authorities are working on ways to curb online pharmacies of India. While buying drugs without prescriptions is in itself a dangerous trend, online pharmacies present a greater risk, say doctors and pharmacists.

The Drugs and Cosmetics Act, 1940, and the Drugs and Cosmetics Rules, 1945, have clear guidelines on the sale of Schedule H and Schedule X drugs. These can be sold only on prescription and there are specific rules, including for labelling. Even bar-coding of primary level packaging of export consignment of pharmaceuticals and drugs have been prescribed by India.

It is not the case that regulatory authorities of India are not aware of this dangerous trend. In fact, an official at the Directorate of Drugs Control has said that they have taken some steps and are working to curb online pharmacies. They are holding deliberations with the drugs consultative committee and very soon the illegal online pharmacies operating in India may be civilly and criminally prosecuted in India.

Posted in Uncategorized | Comments Off