Let's Build a Responsible Cyber Society




IT Companies... It is Time to Act on Legal Compliance

The President of India has given her assent to the Information Technology Act amendment bill 2008 on February 5th 2009. With this development the act is now law in India. What is required is notification of rules that may be necessary to implement the Act and notification of the date of effectiveness if required.

Normally, this process requires couple of months. When ITA 2000 was passed, the Presidential assent was obtained on June 9th 2000 and the Act was notified on October 17, 2000 after 4 months. Even now the notification of some of the rules may take another two months.

There is a group of Cyber Law observers in India are trying their best to spread a rumour that the Act would be withdrawn. Supported by the vested interests in business who are opposed to the security oriented provisions of the Act, these observers are undertaking a media campaign which includes planting of stories in Internet complete with posting of supportive comments in different names.

This campaign has the effect of misleading the industry that they need not respond to the proposed amendments.

It is necessary for all stake holders not to place any reliance on the view that amendments are likely to be aborted and delay their preparedness to meet the compliance requirements.

I would like the industry representatives to peruse the details of the Act and particularly its impact on the IT industry by going through the several articles available at http://www.naavi.org

The new version of the Act will require several security measures to be taken up by Companies particularly those which come under the category of "Intermediaries". Instituting such Legal Compliance measures require time and efforts.

If the industry falls into a state of doubt and does not start taking security measures, they will be facing huge legal compliance risks when the act is notified.

If at that time they rush to conduct a Cyber Law Compliance audit, takes steps to implement compliance steps etc it may take too long a time in which the company will be exposed to risks which may eventually materialize and adversely affect the business continuity.

I therefore advise IT companies to start planning for Legal Compliance drive without any further delay.


February 20, 2009