Information Technology Act 2000 (ITA 2000) came into effect on 17th October 2000. Apart from the legal recognition of electronic documents provided under the Act, certain offences and contraventions were defined in the Act. One important aspect of the ITA 2000 was the introduction of the concept of “Due Diligence” failure of which could land a Company and its executives in trouble.
Under sections 79, intermediaries could be held liable for offences attributable to the third party information handled by them and under Section 85, Companies could be held liable for offences attributable to the Company. In either case the liability could be both civil and criminal. Because of section 85 the liability on a Company could also be extended to its officials.
This meant that Companies having the risk exposure to the commission of contraventions under the Act either by its employees or by others who use their information assets. Hence it became critical for companies to protect their and their executives interest by adequately following due diligence.
Though there was an attempt to get these provisions diluted through the “Expert Committee” constituted by the Government in the aftermath of the baazee.com developments, the final outcome in the form of ITA 2008 (ITA 2000 with amendments under Information Technology Amendment Act 2008) was perhaps more stringent than ITA 2000. It retained the provisions of Section 85 and 79 along with an expansion of the contraventions and crimes recognized by the Act.
The need for companies to be ever more vigilant about “Due Diligence” increased with the introduction of the ITA 2008 with effect from 27th October 2009.
It is now 5 years since ITA 2008 came into being and ITA 2008 mandated several security measures cumulatively requiring an ITA 2008 compliance audit and compliance program for every IT User.
We hope all corporate managers have taken note of this requirement which is also a pre requisite for Clause 49 compliance under SEBI listing norms for listed companies.
Naavi.org requests every company to self introspect and ask a question to themselves, “Am I compliant with ITA 2008?”
If not it is necessary to take suitable steps to implement such a compliance program at the earliest. If any company has completed an ITA 2008 compliance implementation program, Naavi.org thinks that such companies deserve to be placed in the “Hall of Fame” for ITA Compliant Organizations.
Naavi has therefore launched a new website www.ita2008.co to represent the rare companies which deserve to be called an “ITA Compliant Organization” and request Cyber Law Consultants and Techno Legal Information Security consultants to report the names of organizations who have completed a proper ITA 2008 compliance audit along with the date of such completion and the consent of the company to place their names in the list.
Simultaneously another website, www.ita2008.in has also been launched and is dedicated to carrying a copy of the Act and rules for immediate reference.
While Naavi or Naavi.org or ita2008.co does not take the responsibility to independently verify the claim, it would like to provide an opportunity for companies and consultants who have taken steps to reach certain satisfactory levels of compliance. We do grant that at this point of time there may not be a standardization of evaluation and different auditors may have different evaluation standards.
Naavi invites leading Techno Legal consultants of India to come together and form an informal forum so that we can try to develop some standard practices that would be acceptable to all. This would be an attempt at developing a “Standard” for “ITA 2008 Compliance Audit and Implementation”. As some of the observers of this site are aware, Naavi.org has suggested a framework called IISF-209 v-5 which is an attempt to provide some road map for such standardization. . Naavi has also developed some thoughts on how to measure the progress of ITA 2008 compliance over a period of time to establish the maturity levels reached by an organization.
There can be scope for further development of this concept if the leading ITA 2008 compliance consultants in India can come together.
I look forward to comments and suggestions in this regard so that we can take this effort beyond launching of a website and declaring an intention to create a “Hall of Fame” for ITA 2008 compliant organizations.
1st November 2014