Suman Basu, President IT & CIO, Viraj Profiles Ltd
Information Technology Act 2000, Copyright Act and other laws are often neglected in most of the manufacturing sector and cause of great concern. I have studied above acts and thought of sharing some of my findings with fellow CIOs.
Case 1:
A. Provision of Internet access to Business users (same clauses applicable to “as Intermediary”): CIOs provide internet access and hence falls in this category of Intermediary.
B. Section 67C: Intermediary shall preserve such information as may be specified for a specific duration mentioned by different acts and in the format of Central Govt. They shall also preserve user detail with authentication and collect and preserve logs of internet activities done and produce to authorities and when needed.
a. Any intermediary who intentionally or knowingly contravenes the provision of Section 67 shall be punished with an imprisonment for a term of three years and shall be liable to Fine.
C. It is needed for us to create an IT Security framework and invest in appropriate network topology so that we can claim to retain all the logs as required and also identify the user with more certainty in the event of any fraud /breach of trust. It is also a good idea to get the user signed a back to back agreement document as appropriate.
“It is needed for us to create an IT Security framework and invest in appropriate network topology so that we can claim to retain all the logs as required”
Case 2:
Handling of Customer /Vendor/ Employee personal and business information
Post GST implementation, introduction of UIDAI scenario we collect lot information about vendors/customers and employees including Aadhar /PAN data/Age certificate and because of mediclaim we collect employees medical data also so we are more vulnerable to data frauds and legal cases..it is expected that we take care of this information and safely keep them.
Section 43 A of IT Act 2000 & corresponding rules modified there under establishes a legal framework for data privacy protection.It mandates Corporate to implement reasonable Security practice, framework for the mode of collection, transfer, and discharge of Sensitive personal data or information. Further Section 66C,72A provides for punishment and penalty for identity theft and breach of confidentiality & privacy respectively.
• Punishment Varies from different sections and clubbed with relevant clauses of IPC imprisonment from 7 days to 7 years with fine.
• The rule requires the Corporate body to provide a policy for privacy & disclosure of information Sec43( Rule 4) obtain the consent of user for the collection of information (Rule 5) prior permission required from the provider of information before disclosure of sensitive personal information.
Case 3:
A. CCTV & Surveillances management
B. Under section 67A: transmission and publish of sensitive information which can harm others and society at large
• Under section 67B transmitting /publishing of material containing sexually explicit act in the electronic form
• 67C: Prevention and retention of information in electronic form
C. CIO & CEO will be liable for punishment for 3 years imprisonment and fine 25 L
D. Need to frame a policy of Video Surveillance and data backup policy with access control
Case 4:
A. Whasup, Yammer, Email or IP Mesanger etc used using company network or in company-provided devices
B. Section 66A: sending offensive messages through communication service.. the subsection includes the double meaning word, false information with the intent of annoying, morphed images to create terrorism, Riots, Mislead user on the source of information
• 66B: dishonestly receiving storage computer and information and pass it to others
• 66C: punishment for identity theft
• 66D: cheating by the computer resource
• 66E: violation of privacy: intentionally or otherwise capture an image of the private part and send on electronic media
C. Fiduciary Head & CIO will be liable for punishment3 years imprisonment and fine
D. Creation of awareness to all users and monitoring the message stream once in a while using intelligent content-based software
Case 5:
A. Shipping Bill filing, other e-commerce application, and bank data transmission
B. Misutilising the Digital signature /Private Key or misrepresenting facts
C. Sec 43, Sec 66A, Sec 72 provides for punishment.
D. Need to take charge of Digital Key and ensure that the same is not misutilised
Case 6:
Violation of EULA & usage of license more than Contracted: as per Sec43, 66A, 72 these are criminal offences and can be treated in appropriate clause of IPC as well.
There may be some more cases but I felt these are some critical issues which we must take care of. Any suggestion for improvement is welcome.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
