It is a sad commentary on the Indian legal system that litigation in Courts linger along for decades. In fact it was a surprise to know that the baazee.com case has still not been fully resolved by the judicial system and the proceeding against one of the officials of the company under Section 79 of ITA 2000 is still to be disposed off.
As readers are aware, baazee.com case was a landmark case under ITA 2000. It involved a video containing a sexual act indulged in by two minors being sold through the e-commerce platform.
The person who sold the material was Mr Raviraj, a student of IIT Kharagpur and was charged under Section 67 of ITA 2000. (and also under Section 292 of IPC). Simultaneously the CEO of baazee.com (now ebay.in) Mr Avnish Bajaj was also charged for failing to exercise due diligence under Section 79. Baazee.com defended by stating that the terms and conditions presented was sufficient due diligence which was not accepted by the Court. However, Mr Avnish Bajaj was acquitted because the Police had launched the proceedings against him as the CEO of a company, under Section 79 without first making the company as an accused.
Now it is understood that one of the residual cases attached to the main case in which a manager of Baazee.com Mr Digumarti under Section 292 of IPC is yet to be disposed off though he was discharged of the offence under ITA 2000.
The case would come up for hearing on October 9th where the fact whether Mr Digumarti had exercised due diligence or not and whether he could have prevented the offence being committed or not would be discussed.
We hope the unfortunate manager would be freed from this decade long agony he was made to suffer because of the unfortunate incident.
However, it is sadder to think that even after observing the predicament of this manager on how the law hurts when officials donot exercise “Due Diligence”, the corporate managers managing e-environments today might not implemented what may be termed as “Due diligence” in most cases.
It is important that we all review the “Due Diligence” at our end and protect ourselves from the kind of problems which both Mr Digumarti and Avnish Bajaj faced in this case.
In order to check if a Company has been following “Due Diligence”, the first thing for every executive is to conduct an ITA 2008 compliance audit and document the gaps in compliance. If the executives fail to move even now, then they have no body else to blame if they face civil and criminal liabilities for offences committed by their customers.
The undersigned has been advising companies in this regard of their responsibilities and would closely watch if there is any increase interest in the corporate world for knowing what is ITA 2008 compliance.
One of the challenges that is observed is that most of the corporate executives have been brainwashed into a state where they are unable to understand the importance of ITA2008 compliance even while there is a high awareness of compliance to some technical information security frameworks such as ISO27001 and PCI DSS.
The information security professionals in the organisations are yet to appreciate fully that “Legal compliance” alone can be the primary tool to defend them against liabilities while the “Best Practice compliance” can only be a secondary tool. Hence any amount of investment in ISO27001 or PCI DSS will be inadequate when it comes to seeking protection against the kind of liabilities which Mr Avinash Bajaj or Digumarti faced.
Some of them will realize it the hard way in times to come.
I would therefore once again urge all CEOs and CISOs to start asking yourselves if your company is ITA 2008 compliant? and take steps to comply before your company becomes the next baazee.com. Don’t hesitate to contact the undersigned if you need any clarifications.