The current cyber security and data protection laws
Cybersecurity is as important in the current world as the virtual place that an individual occupies. However, even though the common individual lives and transact as effortlessly online as they do offline, they are not controlled or held accountable in the same way. As more and more of our daily lives shift online, aided in large part by the recent COVID-19 pandemic and quickly evolving technology, we must ask what safeguards we have in cyberspace.
There is a case to be made that such protection is required on two fronts. First and foremost, there is a need for preventive measures. For example, a vast digital footprint is left in the wake of an individual’s Internet activities, which has a large impact.
Such data must be secured, anonymized, and protected. At the same time, from a legal standpoint, internet and cybercrime navigation remain unexplored territory in India. In India, there is a lack of regulation and rigorous cyber security regulations, which limits the possibility of penalization for online offenses. As a result, there is an urgent need for existing laws to detect, control, and allow for the quick prosecution of internet criminals.
An Overview of India’s Regulatory Environment
Each jurisdiction has established its own security and data protection regime and procedures in an interconnected world. Despite its rapidly growing internet population, which has been aided by various telecom industry operators, India has yet to enact comprehensive legislation on the subject. In the absence of such, we must look at the existing system of court pronouncements, data protection, and cyber security regulations in India.
The Importance of the Information Technology Act of 2000 and its Rules
The Information Technology Laws 2000 (“IT Act”), along with the rules issued thereunder, is the fundamental act in India governing the internet activity.
The IT Act’s application is not limited to India. It has extraterritorial application in respect of an online offense or contravention committed outside India by any person, according to Section 1(2) read with Section 75 of the IT Act.
When the IT Act was first established, there were no explicit rules regarding data protection. Data security breaches, such as those conducted by individuals hacking into computer systems, may result in prosecution under Sections 43 and 66 of the IT Act; however, the IT Act does not allow a remedy against the business responsible for a data breach. Sections 43-A and 72-A were retroactively inserted to the IT Act for this reason in 2008 as part of an amendment. The former states that a body corporate is liable to pay damages as compensation to a person who has been harmed by a breach of data protection as a result of such body corporate’s actions, whereas the latter states that a body corporate is not liable to pay damages as compensation to a person who has been harmed by a breach of data protection as a result of such body corporate’s actions.
Act of 2000 on Information Technology
The Information Technology Act, 2000 (hereinafter referred to as the “IT Act”) is an act that provides legal recognition for transactions carried out through electronic data interchange and other forms of electronic communication, commonly referred to as “electronic commerce,” which involve the use of alternative to paper-based methods of communication and information storage to facilitate electronic filing of documents with Government agencies.