Cyber Crimes Prevention Strategy Of India

Cyber Crimes Prevention Strategy Of IndiaTechnology has increased the methods and possibilities of commission of traditional and modern crimes. A person sitting in one part of the world may commit a cyber crime in another part of the world. Conflict of laws in cyberspace has created unique law enforcement related problems as a given act or omission may be illegal in one country and may be legal in another.

The online defamation case of Google has already reached to Indian Supreme Court. Similarly coordinating law enforcement related actions between Indian law enforcement agencies and foreign companies like Google takes lots of time making the entire exercise problematic and redundant. In the absence of a techno legal framework in India, Indian government is finding it really difficult to manage cyberspace related issues, especially tackling cyber crimes.

Indian government has now decided to formulate a cyber crimes prevention strategy for India. This is a good step in the right direction and we at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) welcome this move of Indian government. This has come in the wake of a public interest litigation (PIL) filed at the Supreme Court of India that has asked the centre to frame regulations and guidelines for effective investigation of cyber crimes in India.

The task would essentially require modernisation of police force of India, inculcating cyber crimes investigation skills among Indian law enforcement agencies, enhancing the cyber forensics investigation capabilities of police force, keeping in mind the e-discovery and cyber forensics aspects while making investigations, etc.

Perry4Law and PTLB look forward to a techno legal cyber crimes prevention strategy of India as soon as possible.

Posted in Uncategorized | Comments Off

Cyber Insurance Policies In India

Cyber Insurance Policies In IndiaCyber insurance in India has become an acceptable reality in India these days. Many companies have shown their interests in obtaining cyber insurance and some of them have actually obtained the same.

Before taking up a cyber insurance policy in India, the concerned company or individual must be well aware of the techno legal compliance requirements of India and the potential cyber risks. This alone would help it/him/her to take the most appropriate cyber insurance policy.

Similarly, an improper cyber insurance policy that is not covering the cyber risks in entirety and leaves scope for ambiguity and legal complications while claiming the insured amount should be avoided. A techno legal vetting of cyber insurance polices obtained in India is an absolute must before obtaining the same.

Just like legal due diligence, a techno legal cyber insurance policy due diligence must be conducted before signing any such cyber insurance policy. The terms and conditions of such cyber insurance policy must be thoroughly analysed line by line to avoid any unfavorable and surprise outcome. Merely signing of a cyber insurance policy does not mean that in case of a cyber breach the concerned insurance company would release the insured amount.

Insured companies and individuals who have obtained a cyber insurance policy must also be aware if the issues like privacy, data protection (PDF), data security, e-discovery, cyber forensics, cyber crimes investigation, etc. This does not mean that those insured themselves must be capable of managing the techno legal aspects of these issues and fields.

Similarly, insurance companies must also make it sure that Indian companies and other stakeholders have already introduced and implemented cyber security best practices, cyber forensics best practices, e-discovery best practices, cyber law due diligence (PDF), e-commerce due diligence, etc. This would prevent future disputes between the insurance companies and the insured stakeholders when a cyber breach occurs. Insurance companies can also provide a more comprehensive cyber insurance policy to those companies and individuals who can demonstrate using of a robust cyber security infrastructure and techno legal best practices for their business activities.

We at Perry4Law believe that there is an urgent need to formulate suitable techno legal regulations for various sectors, including cyber insurance in India. In particular, Indian government needs to enact cyber security laws, data security laws, privacy laws, data protection laws, cyber security breach disclosure laws, etc. As on date, all of these laws are missing and this has created a state of uncertainty and chaos in Indian cyberspace. This environment is also not conducive for the growth and adoption of cyber insurance in India.

Posted in Uncategorized | 1 Comment

Gmail And Yahoo Make Telephone Number Mandatory For Opening New Accounts

Gmail And Yahoo Make Telephone Number Mandatory For Opening New AccountsTechnology companies like Google, Yahoo, Facebook, etc are trying to balance their commercial interests and compliance with regulatory requirements of different jurisdictions. However, conflict of laws in cyberspace is not easy to manage and in many cases these companies have found themselves on the wrong side of the law. They have been prosecuted in both United States and India for one reason or other. However, these companies are avoiding compliance with Indian laws and Indian government has realised that these companies need to be regulated appropriately in India.

The cyber litigation against foreign companies in India is going to increase tremendously in India. This is more so as these companies are not complying with cyber law due diligence requirements (PDF) as applicable in India. Google’s Online Defamation Case is a crucial case that can seal the fate of these companies in India. Further, foreign companies and e-commerce portals would now be required to register in India and comply with Indian laws.

India may also scrap the compulsory transfer pricing audit based on monetary threshold limits to avoid tax evasion by various foreign companies. The liability of director under the Indian Companies Act 2013 has also increased significantly and this includes cyber law, cyber security, data security, data protection (PDF) and privacy protection obligations as well.

The Delhi High Court is currently is analysing e-mail policy of India and complaint mechanism to Facebook. Similarly, the Supreme Court if India is also seized with a matter pertaining to interpretation of the Public Records Act 1993 vis-à-vis foreign e-mail service providers like Gmail, Yahoo, etc. When the e-mail users provide their sensitive and personal details to these e-mail service providers, they are stored and processed in a foreign jurisdiction. This violates the provisions of the Public Records Act 1993.

It has been reported that Gmail and Yahoo have made telephone number mandatory for creation of new email addresses in a bid to check spam and abuses. Google has also limited number of accounts that a person using one telephone number can create but the website did not specify the maximum number of email account it will allow. While for Gmail a person can give either telephone or mobile number, for a new Yahoo it is now mandatory to have a mobile number.

However, this step of Gmail and Yahoo may violate the provisions of various Indian laws. This is more so when the Indian government and Delhi High Court are in the process of formulating an e-mail policy of India.

Posted in Uncategorized | Comments Off

Cloud Computing Legal Issues In India

Close up of wooden gavel at the computer keyboardCloud computing is a cost effective method to share computing resources of a large scale that can be accessed from any part of the world. Any individual user or company that has the permission to access the cloud infrastructure can use its processing power to run an application, store data, or perform any other computing task. However, with the cost effectiveness and computing power, the regulatory issues are also attached.

We have no dedicated legal framework for cloud computing in India as on date. Indian cyberspace is not a mature one as it is plagued with multiple problems. In these circumstances when the technology is not fully developed and regulatory issues have created a risk environment and uncertainty, the question arises is cloud computing a viable solution in India?

Regarding the legal and regulatory compliance aspects of cloud computing companies must adhere to local laws of many jurisdictions. These include laws pertaining to privacy, data protection (PDF), taxation, data security, etc. It would be a naïve approach to ignore cloud computing legal risks in India. There are specific virtualisation, cloud computing and encryption related legal issues in India that have to be resolved before launching a cloud computing business venture in India.

In short, the cloud computing legal and regulatory requirements in India for businesses and entrepreneurs must be analysed in advance before launching a project. Cloud computing service providers in India are Internet intermediary within the meaning of IT Act, 2000 and they are also required to comply with cyber law due diligence requirements (PDF).

The legal risks of cloud computing may outweigh its benefits for an entrepreneur of he is booked for a legal violation. The cloud computing legal environment in India is still maturing and most of the cloud computing companies in India are not aware of the legal compliances in this regard. Besides the cyber law due diligence, cloud computing due diligence in India must also be complied with by the entrepreneurs.

Posted in Uncategorized | Comments Off

Maharashtra FDA Urged Central Government To Formulate Policy Regarding Online Pharmacies Operating In India

Maharashtra FDA Urged Central Government To Formulate Policy Regarding Online Pharmacies Operating In IndiaOnline pharmacies in India are violating Indian laws with impunity and Indian regulatory authorities are watching helplessly. Maharashtra FDA has already approached DCGI for regulating illegal online pharmacies operating in India. The online sales of prescribed drugs in India are also under DGCA scanner. However, nothing concrete has happened so far and criminals continue to operate online pharmacies with great disregard to Indian laws.

The position has become so horrible that an urgent intervention by Indian government is need of the hour. International crackdown upon online pharmacies is already under process. Countries like Unites States and United Kingdom have already banned Indian pharmaceutical products and herbal medicines.

Considering the gravity of the situation, FDA officials earlier this week approached the Central government’s Ministry of Commerce, as well as the Drug Controller General of India (DCGI), asking them to investigate such scams and take similar action to crack down on cases of “Internet pharmacy”, as also draft a concrete policy to tackle it. In the action taken around Mumbai and Pune, amongst other spots, in March/April this year, officials seized medicines worth Rs 2 crore from across the state.

Assistant Commissioner (Drugs) at the state FDA Dr Rakesh Tirpude said, “We have written to the Centre so that they can plug loopholes and come up with a policy to curb such activities. We are state-level authorities, so we are not authorised to take action at the national level. However, the issue is not just limited to Maharashtra, and needs to be investigated across India”.

Posted in Uncategorized | Comments Off

Indian Enterprises And Government Set To Increase Spending On Cyber Security Infrastructure

Indian Enterprises And Government Set To Increase Spending On Cyber Security InfrastructureEnterprises around the world are facing threats of sophisticated cyber attacks. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been targeting many institutions and enterprises that are holding sensitive and crucial information and data.

While it is next to impossible to avoid all cyber attacks yet effective cyber security practices and mechanisms must be used by all enterprises handling sensitive data. Similarly, enterprises are under a legal obligation to share details about cyber security breaches that has taken place. An inappropriate action against a cyber security breach and its non reporting in a timely manner can attract both civil and criminal sanctions against the enterprises.

Take the example of Target Corporation that was attacked by cyber criminals and it failed to act in a timely manner. As a result of that Target Corporation is now facing litigation threats around the world. Similarly, EBay was also attacked recently and it has asked its customers to change their passwords. Now it has been reported that three U.S. States are investigating EBay’s cyber security standards and cyber security breach disclosure practices.

Obviously the costs of litigations and compensations are much higher than managing a robust and effective cyber security infrastructure. However, cyber security is not just hardware and software but strict adherence to cyber security best practices. Increasing the cyber security awareness and insulation of employees against social engineering attacks must be undertaken on a regular basis.

Indian government and various government departments are also required to ensure adequate cyber security. India has been projecting herself as a champion of e-governance. But the truth is that e-governance in India has miserably failed. The legal framework for e-governance in India is not only inadequate but it is also useless. This is so because we have no mandatory e-governance services in India and in the absence of a compulsion government departments are simply ignoring use of e-governance. Even the cyber security of e-governance services in India is missing as per the cyber security trends and developments of India 2013 (PDF).

However, this would also raise many techno legal compliance requirements and cyber law due diligence on the part of government departments and other stakeholders. Cyber security breaches have significantly increased in India and government departments and enterprises would be required to comply with cyber security breach notification requirements as well.

Posted in Uncategorized | Comments Off

Madhya Pradesh Gives Legal Recognition To E-mail Communications Among Government Departments

Madhya Pradesh Gives Legal Recognition To E-mail Communications Among Government DepartmentsIndia has been projecting herself as a champion of e-governance. But the truth is that e-governance in India has miserably failed. The legal framework for e-governance in India is not only inadequate but it is also useless. This is so because we have no mandatory e-governance services in India and in the absence of a compulsion government departments are simply ignoring use of e-governance. Even the cyber security of e-governance services in India is missing as per the cyber security trends and developments of India 2013 (PDF).

Even after judicial intervention Indian government has failed to take any action in this much needed direction. For instance, the e-mail policy of India has still not been implemented despite strict warnings by Delhi High Court. So bad is the situation that the Delhi High Court has accused central government of sitting over e-mail policy of India. The Delhi High Court has also directed central government to issue notification regarding electronic signature under Information Technology Act 2000. The encryption policy of India (PDF) is also missing till date though it is need of the hour.

In a welcome move, Madhya Pradesh on Wednesday became the first state in the country to pass an e-mail policy to give legal standing to correspondence between government departments via electronic mail and digital messaging. The state cabinet which met on Wednesday morning after a gap of six weeks following the imposition of model code of conduct before the Lok Sabha election endorsed the E-mail Policy 2014 to “expedite government work through use of information technology”. This is a good step and other states must also do the same.

The main objective of this policy is to give legal recognition to e-mail correspondence and dissemination of information and data between the different government departments. The state government argued that this single step would speed-up jobs at government offices which till now was heavily dependent on notifications and movement of red tapism.

Till now e-mail correspondence were not authorised by the state under any policy procedure. Hence, its validity and decisions taken using e-mail are questionable. But with the implementation of the E-mail policy, message exchanged over electronic mail will be included formally in the category of approved documentation and acceptable to all concerned.

By evening, a state government release informed that all departments, offices, affiliated institutions and autonomous bodies which draw funds from the state government’s consolidated fund, will be provided e-mail related facilities free of cost. It will also be compulsory for employees of various state government departments, their affiliated organizations, corporations, boards who use this facility to strictly follow the guidelines of the E-mail Policy.

However, this would also raise many techno legal compliance requirements and cyber law due diligence on the part of government departments and other stakeholders. Cyber security breaches have significantly increased in India and government departments would be required to comply with cyber security breach notification requirements as well.

Posted in Uncategorized | Comments Off

Illegal Online Pharmacies And Healthcare Websites In India Need To Be Curbed

Illegal Online Pharmacies And Healthcare Websites In India Need To Be CurbedPharmaceutical and healthcare industry is fast flourishing in India. However, in the race to establish an e-business as soon as possible, almost all of the online pharmacies, ayurveda and nutraceutical websites in India have failed to comply with the respective laws in this regard. As a result these online pharmacies, ayurveda and nutraceutical websites are operating in an unregulated manner in India.

Regulatory authorities of India have started taking note of this precarious condition. As a result online pharmacy websites have come under regulatory scanner and their prosecution and punishment may also be possible. The Maharashtra FDA has approached DCGI for regulating illegal online pharmacies operating in India. Similarly, the Hyderabad drug authorities are also keen on regulating illegal sale of drugs through online mechanism.

We have specified laws for opening an online pharmacy store in India. Even the Ayurvedic and Nutraceuticals e-businesses are required to comply with the prescribed Indian laws to operate legally.

Even in foreign jurisdictions, Indian online pharmacies are under scrutiny. For instance, United States shut down 1677 illegal online pharmacies websites that were not in compliance with US laws. Illegal online pharmacies are also on hit list of Google and federal authorities of US.

More such actions would be there in the near future and in order to escape criminal prosecution and exorbitant fines, Indian online pharmacies must comply with laws of India as well as foreign jurisdictions. Similar requirement applies to Indian Ayurvedic and Nutraceutical websites as well.

Posted in Uncategorized | Comments Off

Cyber Law Obligations Of Directors Of Indian Companies Under Indian Companies Act, 2013

Cyber Law Obligations Of Directors Of Indian Companies Under Indian Companies Act, 2013Cyber law of India is incorporated in the form of Information Technology Act, 2000 (IT Act 2000). The cyber law of India is a young and evolving law as it has been in force for almost one and half decade only. As a result the stakeholders of this field are still not well versed with the rights, obligations and liabilities arising out of the same. Nevertheless, the IT Act 2000 provides regulatory framework regarding cyber law, cyber crimes, e-governance, e-commerce and cyber law and cyber security due diligence.

The Indian Companies Act, 1956 remained in force for almost 58 years though it was required to be changed much earlier. The Ministry of Corporate Affairs (MCA) has recently notified many provisions of the Indian Companies Act, 2013 (PDF) and corresponding rules under the same. Thus, a new regulatory regime for corporate law of India has substituted the old company law of India.

The new framework has also prescribed many techno legal compliance requirements that are not only novel but also complicated to manage by the companies and their directors. As a result the directors’ liabilities under the Indian Companies Act 2013 of have significantly increased. These include the cyber law and cyber security regulatory obligations as well.

The directors should particularly keep in mind the legal mandates of cyber law due diligence requirements (PDF), cyber security due diligence, e-discovery compliances, cyber forensics compliances, etc. The cyber litigations against Indian and foreign companies and websites is going to increase in future. For instance, Target Corporations facing litigations in numerous jurisdictions due to cyber security breach that it failed to address properly. Naturally, cyber due diligence cannot be ignored by Indian companies and their directors anymore.

The new company law regulatory framework prescribes management and inspection of documents in electronic form, electronic voting, electronic notices, etc that require a techno legal compliance on the part of Indian companies. The Companies Act 2013 also specifically made applicable many provisions of the IT Act 2000 and thereby expanding the scope of regulatory compliances under the 2013 Act.

Stakeholders like Banks, Insurance Companies, Electricity Companies, Companies incorporated under Special Acts, Companies notified by Central Government, etc are required to comply with the techno legal requirements as prescribed under the Companies Act 2013, Information Technology Act, 2000 and other applicable laws of India.

The cyber security trends and development in India 2013 (PDF), provided by Perry4Law’s Techno Legal Base (PTLB), have also indicated that various corporate stakeholders would be required to comply with cyber law and cyber security related obligations in the near future. As on date, companies and directors are not complying with the cyber law and cyber security obligations as prescribed by Indian laws and regulations. Indian companies and their directors have for long ignored the compliance requirements of Indian laws, especially laws pertaining to cyber obligations and cyber security compliances. Previously, these violations were required to be prosecuted independent of the Companies Act, 2013. Now these techno legal compliance requirements have been specifically incorporated into the Companies Act, 2013 itself.

Directors are also officer in default for which they can be not only held liable but prosecuted as well. The prosecution of directors for cyber violations would increase manifolds if suitable techno legal policies are not formulated and implemented at the top levels. Perry4Law strongly recommends that suitable techno legal policies must be implemented by Banks, Insurance Companies, Electricity Companies, Companies incorporated under Special Acts, Companies notified by Central Government, etc as soon as possible.

Posted in Uncategorized | Comments Off

Target Corporation Facing Numerous Litigations In Different Jurisdictions Due To Cyber Breach

Target Corporation Facing Numerous Litigations In Different Jurisdictions Due To Cyber BreachCyber liabilities are increasingly becoming a nightmare for technology companies and entrepreneurs engaging in online businesses. The online dealings and transactions of individuals and companies are governed by the Information Technology Act, 2000 (IT Act, 2000). The IT Act, 2000 is also the sole cyber law of India that prescribes cyber law due diligence requirements (PDF) and Internet intermediary liability for various technology stakeholders.

The Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules 2011 (PDF) have further specified the legal obligations of various intermediaries in India. However, companies and individuals are not following various applicable legal obligations in India. On the contrary, they are actively violating the provisions of the IT Act 2000 and the rules prescribed thereunder.

For instance, the 99Acres.com found itself in a fix for possible violation of cyber law due diligence and Internet intermediary liability of India. Similarly, olx.com/olx.in is also facing internet intermediary liability for selling stolen goods and cyber harassment at its platform. The cyber law trends in India 2013 (PDF) and the cyber security trends in India 2013 (PDF) have also analysed the growing incidences of failure to observe cyber law and cyber security due diligences in India by various stakeholders.

The latest to add to this list is the cyber breach that occurred at Target Corporation. It has still to be ascertained whether target failed to observe cyber law and cyber security due diligence after the cyber attack? As target was very well aware of the cyber security breach, it is quite possible that it may face numerous litigations around the world, including India.

Investigations at the government level are already under progress. Target may also be engaged in private investigations of its own. The card companies and their customers may also be hiring cyber forensics and e-discovery specialists to find the truth and ascertain the culpability of Target, if any.

Prima facie Target seems to have ignored cyber law due diligence and cyber security disclosure norms of India. it is also to be seen whether Target Corporation has complied with the requirements prescribed by the IT Act, 2000 or not, especially the cyber security breach notification requirements. If not, this would be a serious legal trouble for Target as the government and Indian customers would definitely take it to courts.

Posted in Uncategorized | 1 Comment