Legal Aspects in IT Security Is Your Organisation Up-to-Date?? (Ref : IT Act, 2008 & IT Rules 2011) Adv Prashant Mali [BSc(Phy),MSc(Comp. Sci.),CNA, 27001.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.
Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.
Payment Systems Risk of Loss in the Checking System: Special Rules.
Inquiry, Inspection & investigation, Compounding
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
CAn For the aspiring Chartered Accountants. COMPANIES ACT, 2013 Sections relevant to Board of Directors.
INTERNET and CODE OF CONDUCT
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
Minimum Wages Act History of Minimum Wages ILO Convention no26 in1928 Recommended Machinery for Fixation of minimum wages The Standing Labour Committee.
Corporate Governance & Role of Cost and Management Accountants in the backdrop of Companies Bill, 2012 CS. Bilu Balakrishnan 6 th April, ICAI Cochin.
INFORMATION RETRIEVAL, INFORMATION ACCESS & BIG DATA- LEGAL PERSPECTIVES.
Peer Information Security Policies: A Sampling Summer 2015.
Stamp duties. Stamp duties are taxed on instruments and not on transactions or persons. For the purposes of stamp duty, an instrument is defined as any.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
The Payment Of Bonus Act, 1965
Protecting Sensitive Information PA Turnpike Commission.
Payment Systems Debit Cards. Basic Concepts Cross between checking system and credit card system –No extension of credit; money must be in account at.
HIPAA PRIVACY AND SECURITY AWARENESS.
An Educational Computer Based Training Program CBTCBT.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
1 POLICY AND DECISION MAKING PROCESS. By the Secretariat.
Florida Information Protection Act of 2014 (FIPA).
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
The law on Intermediary Liability in India
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
EQUAL REMUNERATATION ACT INTRODUCTION The principle of equal work to men and women worker has been gaining increasing acceptance all over the world.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
Minimum Wages Act 1948.
Key Managerial Personnel (KMP) - Concept Old ActNew Bill Director Sec 2(13) Manager Sec 2(24) Managing Director Sec 2(26) Secretary - Sec 2(45) Secretary.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Meaning Stock exchange is an organised and regulated market for trading in various securities issued by companies and other institutions.
Workshop 4 Tutor: William Yeoh School of Computer and Information Science Secure and High Integrity System (INFT 3002)
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
1. Object and Usefulness of Secretarial Audit “Secretarial Audit of a company conducted by a Practising Company Secretary on the same lines as financial.
India Data Privacy Law – Its impact on Business Ecosystem Shivaji Rao, Regional General Counsel, Asia PAC and Sub-Saharan Africa, John Deere.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Data protection—training materials [Name and details of speaker]
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Information Security and Privacy in HRIS
Overview of Standards on Cost Auditing By: CMA Pradip H.Desai.
Privacy and the Law.
Florida Information Protection Act of 2014 (FIPA)
INTERCONNECTION GUIDELINES
Florida Information Protection Act of 2014 (FIPA)
Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies
Move this to online module slides 11-56
Employee Privacy and Privacy of Employee Information
European actions.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
RIGHTS, DUTIES AND LIABILITIES OF AUDITOR
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

Legal Aspects in IT Security Is Your Organisation Up-to-Date?? (Ref : IT Act, 2008 & IT Rules 2011) Adv Prashant Mali [BSc(Phy),MSc(Comp. Sci.),CNA, LA,LLB] President – Cyber Law Consulting (Advocates & Attorneys) Founder – Cyber Law Foundation

COMPENSATION FOR FAILURE TO PROTECT DATA S43-A: Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation (limit not defined) to the person so affected.

What is a Body Corporate ? Under Section 43-A of IT Act,2008 Explanation: For the purposes of this section (i) "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities....Contd Exception: Government Organisations

(ii) “Personal Information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. Personal Information Under Section(2)(1)(i) of IT Rules 2011

Sensitive personal data or information of a person means such personal information which consists of information relating to;― (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; Exception: Info available under The Right to Information Act Sensitive Personal Data or Information Under Section(3) of IT Rules

Appointment of Grievance Officer Under Section(5)(9) of IT Rules 2011 Body corporate shall address any discrepancies and grievances of their provider of the information with respect to processing of information in a time bound manner. For this purpose, the body corporate shall designate a Grievance Officer and publish his name and contact details on its website. The Grievance Officer shall redress the grievances of provider of information expeditiously but within one month from the date of receipt of grievance.

Websites Should Have Legal Notices Under Section(3) of The IT Rules, 2011 The intermediary shall observe following due diligence while discharging his duties, namely : The intermediary shall publish the rules and regulations, privacy policy and user agreement for access or usage of the intermediary’s computer resource by any person.

Your Organisations Server gets infected by a worm implanted by Chinese hacker hired by an angry investor /Customer any Competitors S(43)(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; shall be liable to pay damages of ? (limit not defined) CEO/CIO/CTO S(66) he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both. Vicarious liability of an Organisation (If Reasonable Security Practices are not followed)

GOVERNMENT CAN PEEP IN YOUR DATA S(69-B) Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security (2) The Intermediary or any person in-charge of the Computer resource shall when called upon by the agency which has been authorized under sub-section (1), provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information.

Government’s power to intercept Under Section(69) of The IT Act, 2008 Punishment for refusing to hand over passwords to an authorized official of the Central or State Government Penalty – Imprisonment up to 7 years and fine

Investigation Powers Under Section(78) of The IT Act, 2008 As per the IT Act, 2008 Cyber crime cases can be investigated by the “Inspector” rank police officers. Means IT executives, can be called to police station, in the pretext of inquiry

THANK YOU prashant. Mobile :

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.