Suman Basu, President IT & CIO, Viraj Profiles Ltd | Monday, 17 September 2018, 11:35 IST

Suman Basu, President IT & CIO, Viraj Profiles LtdInformation Technology Act 2000, Copyright Act and other laws are often neglect­ed in most of the manufac­turing sector and cause of great concern. I have studied above acts and thought of sharing some of my find­ings with fellow CIOs.

Case 1:

A. Provision of Internet access to Busi­ness users (same clauses applicable to “as Intermediary”): CIOs provide internet access and hence falls in this category of Intermediary.

B. Section 67C: Intermediary shall pre­serve such information as may be speci­fied for a specific duration mentioned by different acts and in the format of Central Govt. They shall also preserve user detail with authentication and collect and pre­serve logs of internet activities done and produce to authorities and when needed.

a. Any intermediary who intentionally or knowingly contravenes the provision of Section 67 shall be punished with an im­prisonment for a term of three years and shall be liable to Fine.

C. It is needed for us to create an IT Se­curity framework and invest in appropri­ate network topology so that we can claim to retain all the logs as required and also identify the user with more certainty in the event of any fraud /breach of trust. It is also a good idea to get the user signed a back to back agreement document as appropriate.


“It is needed for us to create an IT Security framework and invest in appropriate network topology so that we can claim to retain all the logs as required”



Case 2:

Handling of Customer /Vendor/ Employee personal and business information

Post GST implementation, in­troduction of UIDAI scenario we collect lot information about ven­dors/customers and employees in­cluding Aadhar /PAN data/Age cer­tificate and because of mediclaim we collect employees medical data also so we are more vulnerable to data frauds and legal is expected that we take care of this information and safely keep them.

Section 43 A of IT Act 2000 & corresponding rules modified there under establishes a legal frame­work for data privacy protection.It mandates Corporate to implement reasonable Security practice, frame­work for the mode of collection, transfer, and discharge of Sensitive personal data or information. Fur­ther Section 66C,72A provides for punishment and penalty for identity theft and breach of confidentiality & privacy respectively.

• Punishment Varies from different sections and clubbed with relevant clauses of IPC imprisonment from 7 days to 7 years with fine.

• The rule requires the Corporate body to provide a policy for privacy & disclosure of information Sec43( Rule 4) obtain the consent of user for the collection of information (Rule 5) prior permission required from the provider of information before disclosure of sensitive per­sonal information.

Case 3:

A. CCTV & Surveillances management

B. Under section 67A: transmission and publish of sensitive informa­tion which can harm others and so­ciety at large

• Under section 67B transmitting /publishing of material containing sexually explicit act in the electronic form

• 67C: Prevention and retention of information in electronic form

C. CIO & CEO will be liable for punishment for 3 years imprison­ment and fine 25 L

D. Need to frame a policy of Video Surveillance and data backup policy with access control

Case 4:

A. Whasup, Yammer, Email or IP Mesanger etc used using company network or in company-provided devices

B. Section 66A: sending offensive messages through communication service.. the subsection includes the double meaning word, false infor­mation with the intent of annoying, morphed images to create terrorism, Riots, Mislead user on the source of information

• 66B: dishonestly receiving storage computer and information and pass it to others

• 66C: punishment for identity theft

• 66D: cheating by the computer resource

• 66E: violation of privacy: inten­tionally or otherwise capture an im­age of the private part and send on electronic media

C. Fiduciary Head & CIO will be liable for punishment3 years impris­onment and fine

D. Creation of awareness to all users and monitoring the message stream once in a while using intelligent content-based software

Case 5:

A. Shipping Bill filing, other e-com­merce application, and bank data transmission

B. Misutilising the Digital signature /Private Key or misrepresenting facts

C. Sec 43, Sec 66A, Sec 72 provides for punishment.

D. Need to take charge of Digital Key and ensure that the same is not misutilised

Case 6:

Violation of EULA & usage of li­cense more than Contracted: as per Sec43, 66A, 72 these are criminal offences and can be treated in ap­propriate clause of IPC as well.

There may be some more cases but I felt these are some critical is­sues which we must take care of. Any suggestion for improvement is welcome.

Don't Miss ( 1-5 of 25 )