IT Companies... It is Time to Act on Legal Compliance
The President of India has given her assent to the Information Technology
Act amendment bill 2008 on February 5th 2009. With this development the act
is now law in India. What is required is notification of rules that may be
necessary to implement the Act and notification of the date of
effectiveness if required.
Normally, this process requires couple of months. When ITA 2000 was passed,
the Presidential assent was obtained on June 9th 2000 and the Act was
notified on October 17, 2000 after 4 months. Even now the notification of
some of the rules may take another two months.
There is a group of Cyber Law observers in India are trying their best to
spread a rumour that the Act would be withdrawn. Supported by the vested
interests in business who are opposed to the security oriented provisions
of the Act, these observers are undertaking a media campaign which includes
planting of stories in Internet complete with posting of supportive
comments in different names.
This campaign has the effect of misleading the industry that they need not
respond to the proposed amendments.
It is necessary for all stake holders not to place any reliance on the view
that amendments are likely to be aborted and delay their preparedness to
meet the compliance requirements.
I would like the industry representatives to peruse the details of the Act
and particularly its impact on the IT industry by going through the several
articles available at http://www.naavi.org
The new version of the Act will require several security measures to be
taken up by Companies particularly those which come under the category of
"Intermediaries". Instituting such Legal Compliance measures require time
If the industry falls into a state of doubt and does not start taking
security measures, they will be facing huge legal compliance risks when the
act is notified.
If at that time they rush to conduct a Cyber Law Compliance audit, takes
steps to implement compliance steps etc it may take too long a time in
which the company will be exposed to risks which may eventually materialize
and adversely affect the business continuity.
I therefore advise IT companies to start planning for Legal Compliance
drive without any further delay.
February 20, 2009