Target Corporation Facing Numerous Litigations In Different Jurisdictions Due To Cyber Breach

Target Corporation Facing Numerous Litigations In Different Jurisdictions Due To Cyber BreachCyber liabilities are increasingly becoming a nightmare for technology companies and entrepreneurs engaging in online businesses. The online dealings and transactions of individuals and companies are governed by the Information Technology Act, 2000 (IT Act, 2000). The IT Act, 2000 is also the sole cyber law of India that prescribes cyber law due diligence requirements (PDF) and Internet intermediary liability for various technology stakeholders.

The Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules 2011 (PDF) have further specified the legal obligations of various intermediaries in India. However, companies and individuals are not following various applicable legal obligations in India. On the contrary, they are actively violating the provisions of the IT Act 2000 and the rules prescribed thereunder.

For instance, the 99Acres.com found itself in a fix for possible violation of cyber law due diligence and Internet intermediary liability of India. Similarly, olx.com/olx.in is also facing internet intermediary liability for selling stolen goods and cyber harassment at its platform. The cyber law trends in India 2013 (PDF) and the cyber security trends in India 2013 (PDF) have also analysed the growing incidences of failure to observe cyber law and cyber security due diligences in India by various stakeholders.

The latest to add to this list is the cyber breach that occurred at Target Corporation. It has still to be ascertained whether target failed to observe cyber law and cyber security due diligence after the cyber attack? As target was very well aware of the cyber security breach, it is quite possible that it may face numerous litigations around the world, including India.

Investigations at the government level are already under progress. Target may also be engaged in private investigations of its own. The card companies and their customers may also be hiring cyber forensics and e-discovery specialists to find the truth and ascertain the culpability of Target, if any.

Prima facie Target seems to have ignored cyber law due diligence and cyber security disclosure norms of India. it is also to be seen whether Target Corporation has complied with the requirements prescribed by the IT Act, 2000 or not, especially the cyber security breach notification requirements. If not, this would be a serious legal trouble for Target as the government and Indian customers would definitely take it to courts.

Posted in Uncategorized | 1 Comment

Healthcare Technology Laws And Regulatory Compliances In India

Healthcare Technology Laws And Regulatory Compliances In IndiaTechnology vendors and entrepreneurs are eying upon Indian healthcare market as the same is booming and has great commercial significance for the coming decades. However, along with benefits there are liabilities and obligations as well.  For instance, e-health, m-health, telemedicine, etc are subject to techno legal compliances. Presently the healthcare industry and healthcare entrepreneurs of India are acting more on the side of violation than compliances.

The legal risks for developer and owners of healthcare websites cannot be ignored. Further, mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related compliances of India.

For instance, AIIMS Bhubaneswar has recently launched electronic health card system and other hospitals and clinics may also adopt this practice. However, issues of privacy rights, data protection (PDF), cyber security, data security, cyber security breach reporting, biometric collection compliances, etc have still not been addressed and complied with by hospitals, clinics and Indian government. Even the Parliamentary Committee slammed Indian government for poor privacy laws and privacy protection in India.

Similarly, there are very complicated sets of legal requirements for establishing online pharmacies in India and for online sale of prescribed medicines in India. We have no dedicated laws for opening of online pharmacy stores in India but different laws of India govern different legal aspects of the same. There are numerous legal risks associated with online selling of medicines in India and all online pharmacies that intend to operate in India mist strictly follow various regulatory provision related to this field. As on date online pharmacies in India are violating various applicable laws of this field.

In the Indian context, regulatory compliances are frequently ignored and violated. Whether it is online pharmacies, e-health, m-health, telemedicine, mobile medical devices and applications, etc, medicine field related stakeholders are openly flouting the applicable norms and regulations.

Although we have no law on the lines of United State’s Health Insurance Portability and Accountability Act of 1996 yet there are numerous statutory provisions that must be complied with. These include privacy law compliances, data protection requirements, cloud computing compliances, encryption related compliances, cyber law due diligence (PDF), etc.

Clinical establishments operating in India are also required to comply with the requirements of the Clinical Establishments (Registration and Regulation) Act 2010 (PDF) and the Clinical Establishments (Central Government) Rules 2012 (PDF). Further, Recommendations on Electronic Medical Records Standards in India (PDF) have also been prescribed that have to be followed and complied with by Indian clinics and healthcare professionals of India. Perry4Law strongly recommends that both national and international healthcare stakeholders must ensure techno legal compliances of this field. Non compliance would bring not only bad publicity for them but may also result in civil and criminal prosecutions.

Posted in Uncategorized | Comments Off

Online Poker Laws In India Must Be Followed By Poker Websites

Online Poker Laws In India Must Be Followed By Poker WebsitesPoker is a famous game in India that has been in existence for long. As information technology became widely available, the traditional poker game was also transformed into online poker game. Now poker players play the game of poker on their respective computers and at a common online poker website.

This transformation has created many unique techno legal challenges before the poker players, poker websites and the law enforcement agencies of India. As this transformation into the digital world is a recent development, been the Indian judiciary is struggling to understand the same.

While these developments are taking place at very fast paces yet the online gaming industry and laws in India are still far behind these developments. In the absence of clear cut regulatory framework, the online poker laws and regulations in India are still susceptible to diverse interpretation. Thus, online poker in India is both legal and illegal depending upon the manner it is been projected, displayed to public and played in India.  If the online poker websites of India fail to adhere to and comply with the requirements of Internet intermediary obligations and cyber law due diligence (PDF), these websites can be prosecuted and blocked in India.

We have very specific and unique online poker laws and regulations in India. Whether by design or ignorance, online poker websites in India are violating these laws of India. Many online poker players in India also play the same in active violation of the laws of India in this regard. Most of them are not even aware whether playing online poker in India is legal or illegal. Further, taxability of online poker websites of India is another crucial issue that is frequently ignored by poker entrepreneurs.

Perry4Law strongly recommends that the laws and regulations for online gambling and online gaming in India in general and online poker in particular must be religiously followed by all the stakeholders in their own interest.

Posted in Uncategorized | Comments Off

Laws For Opening Of Online Pharmacy Store In India

Laws For Opening Of Online Pharmacy Store In IndiaOnline pharmacy is a complicated and legally risky field. This is so because the online pharmacy stores must comply with the legal issues in e-commerce in India besides complying with laws pertaining to online pharmacies in India. Perry4Law has already mentioned the legal risks of online medicine sales in India. We have also discussed the legal requirements to open online pharmacies in India. The Ayurvedic e-commerce legal issues in India are also evolving.

Online sale of prescribed drugs and medicines in India is a very controversial area. Most of the online pharmacy stores in India are unable to comply with the requirements of Indian laws. There are many techno legal requirements pertaining to privacy, data protection (PDF), encryption, cyber law due diligence (PDF), Internet intermediary obligations, cloud computing, etc that are required to be complied with by online pharmacy stores operating in India.

Mobile health related laws and regulations in India have added another dimension to these complicated legal norms. If a medical device is also sold by these online pharmacies that intend to serve a health/medical purpose, the mobile health and telemedicine related legal issues would also arise.

The conflict of laws in Indian cyberspace has also complicated the scene. Many times foreign online pharmacy websites target Indian citizens and supply even prohibited and banned drugs to Indian citizens. Most of these stores are located outside India and it becomes difficult to regulate their activities. The regulatory and legislative measures to check online pharmacies trading in banned drugs in India are also in pipeline. The digital communication channels for drugs and healthcare products in India are also subject to numerous regulatory compliances. All these issues require implementation of techno legal measures on the part of Indian government.

Indian government is considering the proposal that Internet telephony and VOIP service providers must establish servers in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility. We at Perry4Law believe that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. Similarly, online pharmacy store websites whose servers are located in foreign jurisdictions and that are violating Indian laws must be blocked in India on the lines of multi level marketing (MLM) websites.

Online sales of prescribed medicines in India are by and large unregulated and open for abuses. The illegal and unregulated online sales of prescribed medicines in India are flourishing like a plague. In fact, the fast growing and uncontrollable number of online pharmacies, mostly based abroad, has posed a serious challenge to State drug control authorities. They are simply not in a position to regulate the affairs of these online pharmacies that are openly violating the laws of India.

Now concerned over the risks involved in purchasing medicines, especially Schedule H drugs, from online pharmacies, authorities are working on ways to curb online pharmacies of India. While buying drugs without prescriptions is in itself a dangerous trend, online pharmacies present a greater risk, say doctors and pharmacists.

The Drugs and Cosmetics Act, 1940, and the Drugs and Cosmetics Rules, 1945, have clear guidelines on the sale of Schedule H and Schedule X drugs. These can be sold only on prescription and there are specific rules, including for labelling. Even bar-coding of primary level packaging of export consignment of pharmaceuticals and drugs have been prescribed by India.

It is not the case that regulatory authorities of India are not aware of this dangerous trend. In fact, an official at the Directorate of Drugs Control has said that they have taken some steps and are working to curb online pharmacies. They are holding deliberations with the drugs consultative committee and very soon the illegal online pharmacies operating in India may be civilly and criminally prosecuted in India.

Posted in Uncategorized | Comments Off

Encryption Laws In India

Encryption Laws In IndiaThe present world of information technology cannot be visualised without the element and use of encryption and encryption related services. Still India has been able to achieve this task though this is no achievement. This is a regressive policy that has found favour with Indian government for reasons best known to it.

Almost two years back the Standing Committee on Information Technology pulled Department of Telecommunication (DOT) over encryption issues. Further absence of strong and robust privacy and data protection laws is another case of concern. All these deliberate or unintentional lacunas are pointing towards e-surveillance oriented approach of Indian government that also without any e-surveillance policy of India (PDF).

There are many techno legal encryption related regulatory compliances in India that various websites and their owners must comply with. However, different levels and different standards of encryption have really created confusion among various stakeholders. For instance, cloud computing, m-health, e-commerce, e-mail service providers, online payment service providers, mobile payment, online pharmacies, etc have different sets of regulatory requirements regarding encryption usage in India.

Indian government, especially the security agencies, is stressing that Internet telephony and VOIP service providers must establish servers in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility. We at Perry4Law believe that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India.

The encryption laws and regulations in India need clarity. Legal risks for websites development companies in India would also increase due to improper use of encryption for such websites. Payment gateway and POS terminal service providers would also required compliance with encryption related compliances, including cyber law due diligence compliances (PDF). The proposed e-mail policy of India would add another dimension to encryption usages in India. A dedicated encryption policy of India (PDF) and techno legal encryption law in India is need of the hour.

Posted in Uncategorized | Comments Off

Payment Gateway And POS Terminal Services Cyber Law Due Diligence In India

Payment Gateway And POS Terminal Services Cyber Law Due Diligence In IndiaPayment gateways and point of sales (POS) terminal service providers have to comply with very peculiar and complicated set of laws in India. Perry4Law has been receiving consultancy and regulatory compliance support related service requests in these fields. In the larger interest of payment gateways and POS terminal service providers that wish to operate in a lawful manner in India, Perry4Law has been releasing this research paper so that regulatory compliances are not ignored.

The online payment system of India and e-commerce and online business legal compliances would create many legal challenges for payment gateways and POS terminal service providers in India. For instance, although the mobile payment market in India booming yet legal compliances are still missing. This is despite the fact that cyber due diligence for PayPal and online payment transferors in India has been discussed by us well in advance.  The Bitcoin exchanges operating in India must also comply with Indian laws to be legal. This is the reason why Indian corporates are lobbying for regulating digital currency in India.

Indian banking regulatory environment is changing but much still has to be achieved. Even the Reserve Bank of India (RBI) is trying to streamline mobile banking services in India. A Code of Bank’s Commitment to Customers by Banking Codes and Standards Board of India (BCSBI) has also been issued. Securities and Exchange Board of India (SEBI) would also release corporate governance rules for the listed entities in India.

Perry4Law has provided Cyber Law Trends and Development in India 2013 (PDF), Cyber Security Trends and Developments in India 2013 (PDF) and Cyber Forensics Trends and Developments in India 2013 (PDF) that have covered the cyber security and techno legal issues of online payment related issues in India. These trends are also relevant for payment gateways and POS terminal service providers of India. Further, the payment gateways and POS terminal service providers of India are also required to be well aware of Internet intermediary liability in India and cyber law due diligence in India (PDF).

Cyber security has become a big challenge for payment gateways and POS terminal service providers of India. As the Indian government itself has failed to implement the cyber security policy and initiatives declared from time to time, others have also taken Indian cyber security casually. The fact is that Indian cyber security is in a bad condition. Banking industry of India is also facing a variety of financial and banking frauds in India. For instance, Internet banking frauds, ATM frauds, RTGS frauds, etc are on rise in India. Even IT and cyber frauds in Indian companies are increasing. The payment gateways and POS terminal service providers of India must keep these aspects in mind while doing commercial business in India.

The Vskimmer Trojan capable of stealing credit card information from Windows systems is already in circulation. Similarly, the Malware Dump Memory Grabber is also targeting POS systems and ATMs of major U.S. banks. These malware are creating havoc in India and international levels. Recently, the RAKBANK and Bank of Muscat Oman became victims of international ATM heist. The Computer Emergency Response Team (CERT) of India has even started investigation in this international ATM heist case as it has Indian connections as well.

The payment gateways and POS terminal service providers of India must also keep in mind the legal issues of e-commerce in India. As the investment and funding environment of India is fast changing, the cyber law due diligence has become necessary for foreign investors in e-commerce and technology ventures of India. If the payment gateways and POS terminal service providers of India fail to comply with Indian laws, this would affect the chances of getting good fiancé, investment and private equity in the long run.

In their own interest, the payment gateways and POS terminal service providers of India must ensure that they are following the laws of India and ensuring proper cyber law due diligence in India and other jurisdictions like European Union.

Posted in Uncategorized | Comments Off

Encryption Laws And Regulations In India Need Clarity

Encryption Laws And Regulations In India Need ClarityAnybody serious about his civil liberties in cyberspace would be using encryption and encryption related services to maintain integrity and confidentiality of his data and communications. World over countries are facing tough challenges to maintain a balance between civil liberties and national security requirements. India also has to maintain equilibrium between civil liberties and national security needs. At the same time, self defence measures must also be encouraged to protect privacy and confidentiality of user’s communications and details.

Use of encryption and encrypted services in India is still a grey area. In many cases use of encryption beyond a specified limit is violation of Indian laws and punishment can also be met out in such cases. Most of the website developers are not at all aware that using an encryption level beyond the sector specified requirements would make them and the website owner liable to be prosecuted.

There are numerous encryption related regulatory compliances in India that various websites and their owners must comply with. However, different levels and different standards of encryption have really created confusion among various stakeholders. For instance, cloud computing, m-health, e-commerce, e-mail service providers, online payment service providers, mobile payment, online pharmacies, etc have different sets of regulatory requirements regarding encryption usage in India.

Sector specific regulators have also prescribed different encryption rules through their own regulations. For instance, Securities and Exchange Board of India (SEBI), Department of Telecommunication (DOT), Reserve Bank of India (RBI), etc have prescribed encryption standards that in many cases conflicts with each other.

The Information Technology Act, 2000 has incorporated few provisions regarding encryption usage and its legality. However, till now rules and regulation under those provisions have not been prescribed by Indian government.

India is planning to embrace virtualisation and cloud computing technologies. Anybody who would be submitting his data with a cloud infrastructure would be taking both legal and cyber security risks. The cyber security trends of India (PDF) well reflect these techno legal risks. Even the most basic e-mail policy of India is missing. An Encryption Policy of India is needed (PDF) and Indian government must formulate the same as soon as possible.

Now RBI has once again encouraged use of mobile banking services in India. After proper deliberations, RBI may also come out with mobile banking related regulations and encryption related issue may also be covered by it. However, nothing is better than formulating a techno legal encryption policy of India that is not only holistic but covers various aspects of the same.

Posted in Uncategorized | 1 Comment

Mobile Payment Market In India Booming But Legal Compliances Still Missing

Mobile Payment Market In India Booming But Legal Compliances Still MissingForeign investors are increasingly investing in technology startups in India. Many of these startups are e-commerce ventures with very good idea that have been successfully implemented. Foreign investors keep in mind the accounts of these e-commerce and technology ventures to determine the nature and extent of investments in such ventures. While this is a good and commercial criterion yet they are missing a very crucial criterion while investing in these startups.

Most of the technology startups and e-commerce website sin India are not complying with Indian laws. The traditional due diligence exercise fails to catch the techno legal lapses and the foreign investors invest in these startups with all their fallacies and illegalities. As a result both the Indian partner and the foreign partner can be prosecuted under Indian laws.

Perry4Law recommends that while starting an online payment portal or e-commerce website in India, the entrepreneurs must keep in mind the requirements of Internet intermediary liability in India and cyber law due diligence in India (PDF). There are many legal issues of e-commerce in India that various online payment service providers of India must comply with. Perry4Law has already specified the cyber law due diligence requirements for Paypal and online payment transferors in India. Similarly, we have also outlined the e-commerce and online business legal compliances for online payment market of India.

Many foreign companies are exploring Indian market for online and mobile payment segment. For instance, Apple plans to launch mobile payment service through Touch ID and it is most likely targeting India as well. Similarly, Japanese investors have shown their interest in the technology ventures of India especially the mobile payments solutions provider of India. While this is a good decision yet investing without proper cyber law due diligence would be counter productive in the long run.

Posted in Uncategorized | 3 Comments

Apple Removes Blockchain Application From Its App Store Due To Bitcoins And Other Legal Concerns

Apple Removes Blockchain Application From Its App Store Due To Bitcoins And Other Legal ConcernsThe legality of Bitcoins is in severe doubt in many countries of the world. Even in India the Reserve Bank of India (RBI) has clarified that the use of Bitcoins in India is legally risky. Thus, the Bitcoin exchanges operating in India must comply with Indian laws to be legal. As per the Information Technology Act, 2000 of India these Bitcoin exchanges operating in India are Internet intermediaries and they are required to comply with cyber law due diligence requirements (PDF) as well.

The matter does not end here. There are platforms that facilitate trading and exchange of Bitcoins across the world, including India. These platforms and the mechanisms through which they are facilitating such dealings are also covered by the IT Act, 2000 and other laws of various jurisdictions. Legal risks of both websites owners and the Internet intermediaries like Bitcoin facilitating platforms in now well established in India.

At Perry4Law we believe that cyber litigations against foreign websites would increase in India in the near future. This is more so when the e-commerce legal compliances in India are not followed by foreign players in true letter and spirit. Even other countries have started stressing upon cyber law due diligence requirements for business houses. For instance, cyber law due diligence for European business would be the new trend in near future.

Many foreign companies are planning to explore Indian markers in various online business fields, including e-commerce. For instance, companies like Facebook, Twitter, etc have already started exploring using their platforms for online businesses. This has raised a host of Indian legal issues that these companies are not following as on date. The Indian income tax liability of companies like Google, Facebook, Twitter, etc would also be questioned before the Indian courts in the near future.

Software and application developers are also under scrutiny of Indian income tax authorities. The forensics analysis of Nokia’s computer used to download software in India indicates the direction in which Indian regulatory regime is moving. Companies like Apple Incorporation have taken clue from this change of regulatory regime across different parts of the world.

It has been reported that Apple has removed Blockchain, an application for iPhones used to send and receive Bitcoins, from its App Store. The developer of the application has informed the media in this regard. Apple sent an e-mail to the developer and intimated that it has withdrawn the application “due to an unresolved issue”. This stand of apple seems to be correct due to legal uncertainty and risks associated with use of Bitcoins in India and other jurisdictions.

Posted in Uncategorized | Comments Off

Legal Risks For Websites Companies Developing E-Commerce And Online Gaming Websites In India

Close up of wooden gavel at the computer keyboardWe at Perry4Law have been receiving numerous legal consultancy requests regarding e-commerce and online gaming industries and their related fields. We are also helping domestic and international e-commerce and online gaming companies in establishing their e-commerce and online gaming websites in India.

While this is a usual phenomenon as e-commerce and online gaming and gambling industry in India is fast maturing. What is unusual is the growing interest among the online gaming and e-commerce websites developers in India to remain on the right side of Indian laws. We have been receiving ever increasing legal consultancy requests from e-commerce and online gaming website developers whether their acts or omissions while building and launching such websites violate any Indian laws or not?

Indian laws prescribe many techno legal requirements that e-commerce and online gaming website developers must comply with before they launch respective websites in India. The legal requirements to start an e-commerce website in India are well known. Still most of the e-commerce websites in India are not following Indian laws. The responsibility of making and launching such websites in a legal manner is collectively shared by both the website developing company as well as the owner of such e-commerce and online gaming website and both of them can be held liable for violating Indian laws.

For instance, the website companies that are building an online poker website in India must keep in mind the online poker laws and regulations in India in general and online gambling laws and regulations in India in particular. Similar rules apply to other online gaming websites that wish to enter into Indian markets. This is not happening presently and the online poker websites in India are heading towards legal troubles.

Even foreign companies are planning to explore Indian markers in various online business fields, including e-commerce. For instance, companies like Facebook, Twitter, etc have already started exploring using their platforms for online businesses. This has raised a host of Indian legal issues that these companies are not following as on date. The Indian income tax liability of companies like Google, Facebook, Twitter, etc would also be questioned before the Indian courts in the near future.

Foreign companies like Google, Facebook, Twitter, etc are Internet intermediaries within the meaning of Information Technology Act, 2000 and they are also required to comply with cyber law due diligence requirements (PDF) in India for having strong virtual and physical contacts in India. Even advertisement revenue is also earned by these companies from Indian activities and targeting Indian residents. Google’s online defamation case and Google’s tax liability case would bring some clarity in these fields.

Even the Indian companies are not very good at meeting the laws of India. Many have poorly implemented the domain name protection strategy and are not very good online brand protection and management in India. Some are even indulging in illegal activities in the name of intellectual property rights and brand protection of entertainment and media industry of India. Similarly, the fields like Bitcoins exchanges, online pharmacies, m-health projects, cloud computing companies, virtualisation service companies, telemedicine, etc are not complying with Indian laws and they may be in legal troubles in the near future.

It would be a fatal mistake on the part of e-commerce and online gaming website developers to ignore Indian laws as they may be equally liable to be prosecuted in many cases for developing and managing such websites. We hope these website developers would fall in line before any of them is prosecuted in India and an example is set for others.

Posted in Uncategorized | 2 Comments