education
Sr. No. |
Advantages of Cyber Law |
Memory Hints(For self) |
1 |
IT
Act gave validity to e-mail and now e-mail would be legal form of
communication in India and can be duly produced and approved in a court of law. |
e-mail-
valid and legal |
2 |
Companies
shall now be able to carry out electronic commerce
using the legal infrastructure provided by the Act. |
Legal
infrastructure for e-commerce |
3 |
Digital signatures have been
given legal validity and sanction in the Act. |
Digital
signature-valid |
4 |
The Act throws open the doors for the entry of
corporate companies in the business of being
Certifying Authorities for issuing Digital
Signatures Certificates. |
Certificate
authority |
5 |
The Act now allows Government
to issue notification on the web thus heralding e-governance. |
Web
notification, e-governance |
6 |
The Act enables the companies to file any form,
application or any other document with any office,
authority, body or agency owned
or controlled by the
appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.
|
e-filing |
7 |
Under the IT Act, 2000, it shall now be possible
for corporate to have a statutory remedy in case if anyone breaks into their
computer systems or network and causes damages or copies data. The remedy
provided by the Act is in the form of monetary damages, not exceeding 1
crore.
|
Statutory
remedy to damages, not exceeding 1 cr. |
IIIII Computer Related
Offences
Common Cyber-crime scenarios;
Sr. No. |
Computer related offences |
Meaning |
APPLICABLE |
1 |
Harassment via fake public
profile on social networking site
|
A fake profile of a person is created on a social networking site
with the correct address, residential information or contact details but
he/she is labeled as 'prostitute’ or a person of 'loose
character’. This
leads to harassment of the victim.
|
Section 67 |
2 |
Email Account Hacking
|
If victim’s email account is hacked and obscene emails are sent to
people in victims address book. |
SECTIONS 43,66,66A,66C,67,67A & 67B |
3 |
Credit Card Fraud
|
Unsuspecting victims would use
infected computers to make online transactions. |
SECTIONS 43,66,66C, 66D |
4 |
Web Defacement
|
The homepage of a website
is replaced with a pornographic or defamatory page. Government sites generally face
the wrath of hackers on symbolic
days. |
SECTIONS 43,66 IN SOME CASES SECTIONS 66F & 67 |
5 |
Introducing Viruses, Worms,
Backdoors, Rootkits, Trojans, Bugs
|
All of the above are some sort of
malicious programs which are used to destroy or gain access to some
electronic information. |
Section 43 & 66 |
6 |
Cyber Terrorism
|
Many terrorists use virtual (Drive, FTP sites) and physical storage
media (USB’s, hard drives) for hiding
information and records of their illicit business.
|
Sections 43, 66, 66A |
7 |
Online sale of illegal Articles
|
Where sale of
narcotics, drugs weapons and wildlife is facilitated by the Internet.
|
Generally
Conventional Laws are applicable |
8 |
Cyber Pornography |
Among the largest businesses on Internet, pornography may not be
illegal in many countries, but child pornography is. |
Sections 67,67A & 67B |
9 |
Phishing and Email Scams |
Phishing involves fraudulently acquiring sensitive information
through masquerading a site as a trusted entity (e.g. Passwords, credit card information). |
Section 66, 66C & 66D |
10 |
Theft of Confidential Information |
Many business organizations store their
confidential information in computer systems. This information is targeted by
rivals, criminals and disgruntled employees. |
Sections 43, 66 & 66B |
11 |
Source Code Theft
|
A Source code generally is the most
coveted and important ‘crown jewel’ asset of a company. |
Sections 43, 65, 66 & 66B |
I.
Privacy of online data
The main principles on data protection and privacy enumerated under the IT Act, 2000 are;
a)
Defining data, computer database, information,
electronic form, originator, addressee etc.
b)
Creating civil liability if any person accesses or
secures access to computer, computer
system or computer network
c)
Creating criminal liability if any person accesses
or secures access to computer, computer
system or computer network
d)
Declaring any computer,
computer system or computer network as a protected system
e)
Imposing penalty for breach of confidentiality and privacy
f) Setting up of hierarchy of regulatory authorities, namely adjudicating officers, the Cyber Regulations Appellate Tribunal etc.
II. Sensitive Personal Data Information (SPDI)
SPDI |
To
define data protection framework for the processing of digital data by body
corporate Reasonable security practices and procedures and sensitive data or information rule
was formed in 2011 under section 43A of IT Act 2000. |
r The rules apply to
Body corporate and digital data.
r The rules wouldn’t
apply to government bodies or individuals collecting and using big data.
Definition
of BODY CORPORATE(As per IT Act): “Any
company and includes a firm, sole proprietorship or other association of
individuals engaged in commercial or professional activities.” -------------------------------------------------------------------------------------------------------------------------------- Definition
of Personal and sensitive personal data Rule
2(i) defines personal information as: “Information that relates to a
natural person which either directly or indirectly, in combination with
other information available or likely to be available with a body corporate, is capable of identifying such person.”
Rule3 defines sensitive personal
information as:
Ø
Passwords Ø
Financial information Ø
Physical/physiological/mental health
condition Ø
Sexual
orientation Ø
Medical records and history; and Ø
Biometric information The present definition of personal data
hinges on the
factor of identification (data that is capable
of identifying a person). Yet this definition does not encompass information that is associated to an already
identified individual - such as habits, location, or activity.
The definition of personal data also addresses only the
identification of 'such person’ and does not address data that is related to
a particular person but that also reveals identifying information about
another person - either directly - or when combined with other data points. |
Consent to collect Rule
5(1): Requires that Body Corporate should, prior to collection, obtain
consent in writing through letter
or fax or email from the provider of sensitive personal data regarding the use of that
data.
Consent to disclosure
Rule 6: Rule 6 provides
that prior permission from provider of sensitive personal data is essential
for body corporate for it’s disclosure to any third party.
Information
can’t be disclosed to any third party unless there is some contractual
arrangement for doing so exists between body corporate and provider of such
information or it can be disclosed where it is essential to comply a legal
requirement. |