Cyber liabilities are increasingly becoming a nightmare for technology companies and entrepreneurs engaging in online businesses. The online dealings and transactions of individuals and companies are governed by the Information Technology Act, 2000 (IT Act, 2000). The IT Act, 2000 is also the sole cyber law of India that prescribes cyber law due diligence requirements (PDF) and Internet intermediary liability for various technology stakeholders.
The Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules 2011 (PDF) have further specified the legal obligations of various intermediaries in India. However, companies and individuals are not following various applicable legal obligations in India. On the contrary, they are actively violating the provisions of the IT Act 2000 and the rules prescribed thereunder.
For instance, the 99Acres.com found itself in a fix for possible violation of cyber law due diligence and Internet intermediary liability of India. Similarly, olx.com/olx.in is also facing internet intermediary liability for selling stolen goods and cyber harassment at its platform. The cyber law trends in India 2013 (PDF) and the cyber security trends in India 2013 (PDF) have also analysed the growing incidences of failure to observe cyber law and cyber security due diligences in India by various stakeholders.
The latest to add to this list is the cyber breach that occurred at Target Corporation. It has still to be ascertained whether target failed to observe cyber law and cyber security due diligence after the cyber attack? As target was very well aware of the cyber security breach, it is quite possible that it may face numerous litigations around the world, including India.
Investigations at the government level are already under progress. Target may also be engaged in private investigations of its own. The card companies and their customers may also be hiring cyber forensics and e-discovery specialists to find the truth and ascertain the culpability of Target, if any.
Prima facie Target seems to have ignored cyber law due diligence and cyber security disclosure norms of India. it is also to be seen whether Target Corporation has complied with the requirements prescribed by the IT Act, 2000 or not, especially the cyber security breach notification requirements. If not, this would be a serious legal trouble for Target as the government and Indian customers would definitely take it to courts.