Compliance [ as per IT ACT,2000 ]
Every Organisation's CEO/CRO/CIO in India needs to think of getting IT Act,2000 Compliant.
Non compliance of IT Act, 2000 can bring in financial liabilities to your company and may even land the CEO or a Director in jail [ refer S(85) of IT Act,2000].
IT Act, 2000 areas of Compliance :
Any company which receives, stores or transmits data on behalf of another person has an obligation to excercise "Due Diligence" which interalia includes
a) Identifying which of the information is "Sensitive Personal Information" and
b) Follow reasonable security practices to protect them (under Section 43-A of IT Act,2000)
c) Understand the data retention requirements and implement systems to comply with them
d) Understand that the GOI has the powers to block, intercept or ask for data decryption keys, information on data traffic etc (under Section 69,69-A of IT Act,2000)
e) Expect you to conduct e-audit of all the documents you maintain in the e-form
f) Adhere to the encryption policies as may be announced etc
g) Ensure that without the permission of the owner of an information does not even provide access to the information to others [ refer Section 72-A]
h) Ensure that any security obligations agreed to in a contractual agreement are not breached
Failure to comply with the above may result in damages payable for which there is no specified upper limit, besides possible imprisonment from 3 years to 7 years.
It is also necessary for Companies to understand that even if any of their employees contravene the provisions of the Act including committing of such personal offences such as searching for child pornography using the corporate network,
then there could be vicarious liabilities on the organization and its Directors and Executives.
Prevention of these liabilities requires a Cyber Law Compliance (IT Act,2000 Compliance) Programme with special focus on ITA 2008.
Even if the organization is ISO 27001 certified, it is recommended that the organization should review its security policy and examine ITA 2008 compliance.
Cyber Law Consulting can help you to
1. Conduct due diligence 2. Conduct Audit 3. Draft Best Security Practices 4. Check Compliance
5.Achieve IT ACT, 2000 Compliance 6.Certify 7.IT Act Compliance after ISO 27001 8.SEBI Compliance