Laws on Network Security in India: Lawyers Advice
In 2020, India has turned out to become the country with second largest internet user base with over 506 million users. Also, in the coming years, these number are said to increase up to 600 million. However, with the constant growth in digitization, safeguarding network security system with necessary resources becomes imperative. For, this we need to understand the current legal framework of network security in India. Also, whether these laws are robust enough to meet the demands for network security in India.
Information Technology Act has brought positive changes across the legal sphere in India: –
India was the twelfth country in the world to legitimise network security laws in India after the United Nations Commission on International Trade came up with the model of e-commerce law to spearhead uniformity in legal sphere across the glove in 1966. In the year 2000, Information technology Act, 2000 came into being which intricately traced every trivial transaction on the network-space and further every minute action & reactions were severely implicated with huge penalties. This act was the one which soon amended the traditional Indian Penal Code, the Banker’s Book Evidence Act and also the RBI Act, 1934. These changes were necessary to the meet the demands of the electronic age where transactions and communication are slowly being digitised.
Provisions of Information Technology Act to deal with the issue of Network Security: –
It may be noted that there are predominantly five legislations on Network security in India, namely, Information Technology Act, 2000, Indian Penal Code, 1860, Companies Act, 2013, The Companies (Management and Administration) Rules, 2014 and National Institute of Standard and Technology Compliance. Starting with the Information Technology Act, which is regarded the main legislation governing network security laws in India. It is the salient legislation offering reliable inclusiveness legally to the eCommerce and further facilitating filing of records with the government. But, with the development in the cyber-world, misuse of technology became rampant, as a result, the act underwent a series of amendments. In the given act, we have Section 43 which has been made applicable to individuals who without permission from the owner damage the computer system. In such cases, the owner has entitled to wholly claim the damage. Likewise, we have, Section 66 defining the punishment for fraudulently committing any act under Section 43. The punishment in such cases can be up to three years or a fine extending to Rupees 5 Lakhs. Under the act, we have yet another provision, Section 66C which scrutinises thefts related to digital signatures, hacking passwords, or any other distinct identification feature. Lastly, we have Section 66D which was added to focus on implicating and punishing cheaters indulging in cheating and impersonating computer resources.
Provisions of Indian Penal Code to deal with identity thefts and linked network frauds: –
Under the Indian Penal Code, we have provisions dealing with identity thefts and linked network frauds which were invoked along with the introduction of Information Technology Act, 2000. Following are the primary relevant provisions of the Indian Penal Code covering network frauds: –
a. Section 464 of the Indian Penal Code deals with the offense of making false document.
b. Section 468 of the Indian Penal Code covers the penal laws for pre-planned forgery for cheating.
c. Section 465 of the Indian Penal Code prescribes punishment for false documentation.
d. Section 471 of the Indian Penal Code defines the offense of using a forged document as genuine.
e. Section 469 of the Indian Penal Code deals with punishment for harming someone’s reputation.
Working of Serious Fraud Investigation Office (SFIO) under Companies Act, 2013: –
The Companies Act, 2013 is referred by the Corporate stakeholders as a legal obligation necessary for the refinement of everyday operations. The act cements all the necessary techno-legal compliances in order to put the less complying corporates in a fix. Further, this act vests the power in the hands of the Serious Fraud Investigation Office to prosecute India based corporates and their directors. Under the new Companies Inspection, Investment, and Inquiry Rules, 2014, the Serious Fraud Investigation has become sterner in this regard. It has been ensured by the legislature that every regulatory compliance, including cyber forensics and network security are well-covered.
We have yet another set of legislation under the Companies (Management and Administration), Rules 2014 to safeguard network security demanding strict compliance from the corporates and their directors.
Legal framework for network security supervised by the National Institute of Standard and Technology (NIST): –
Lastly, we have the legal framework for network security supervised by the National Institute of Standard and Technology (NIST) proposing a cooperative approach to network security. It has been regarded as the most reliable certifying body globally. Its legal framework encompasses all the necessary guidelines, and standards to manage and control network related dangers in a responsible manner. Promoting resilience and security, it is cost-effective and flexible allowing reduction of network security related dangers by mitigating data loss, data misuse, and further reinstatement cost. Also, it determines the significant activities and operations in order to focus on protecting them. It has also addressed several contractual obligations and further endorsed broader information security programs. Not only this, it has also demonstrated the trustworthiness of organizations who protect critical assets.
With the increasing dependence of human beings on technology, network related laws in India and also across the world need constant amendments in the form of upgradation. The wave of pandemic across the globe has pushed much of the workforce into a distant work module increasing the need for overall network security. Our law-makers now have to move extra mile to keep an eye on the impostor in order to restrict them at their initial point. It is possible to manage network security related risks but it needs overall effort from the lawmakers, the internet and also the network providers. Also, with the prudent effort of moderators like banks and market site like complying with the laws of the cyber world can mitigate issues related network security.
Authored By: Adv. Anant Sharma & Aniket Pandey