Legal Framework and Policies in India
a. Information Technology (IT) Act, 2000
- First comprehensive legislation in India dealing with cyber-crimes and electronic commerce.
- Recognizes electronic records and digital signatures as legally valid.
- Provides a legal framework for online transactions.
- Penalizes cyber offenses such as hacking, identity theft, publishing obscene material online, and cyber fraud.
- Amendment in 2008:
- Added provisions for cyber terrorism (Sec. 66F), phishing, identity theft, and child pornography.
- Made companies responsible for protecting sensitive personal data.
b. Indian Penal Code (IPC) Provisions for Cyber Crimes
- Though not originally designed for cyber crimes, IPC applies to many online offenses:
- Section 420: Cheating and online fraud.
- Section 463 & 468: Forgery and digital document manipulation.
- Section 354D:
- Section 499 & 500: Online defamation.
- These provisions work alongside the IT Act to ensure wider coverage of cyber offenses.
c. Personal Data Protection Bill (Now Digital Personal Data Protection Act, 2023)
- Introduced in 2019, replaced by DPDP Act, 2023.
- Objective: To protect personal digital data of individuals and regulate its processing by companies and government bodies.
- Key Provisions:
- Consent-based data collection.
- Right to correction and erasure of personal data.
- Data Protection Board of India as regulatory authority.
- Penalties up to ₹250 crore for data breaches.
d. National Cyber Security Policy, 2013
Introduction
- Launched by the Ministry of Electronics and Information Technology (MeitY) in July 2013.
- Aimed at securing cyberspace, strengthening IT infrastructure, and protecting data.
Vision and Mission
- Vision: To build a secure and resilient cyberspace for citizens, businesses, and government.
- Mission: To protect information, infrastructure, and reduce vulnerabilities by promoting awareness, research, and partnerships.
Objectives
- Create a secure cyber ecosystem in India.
- Protect critical information infrastructure.
- Develop a workforce of 500,000 cyber security professionals in 5 years.
- Encourage public-private partnerships (PPP) in cyber security.
- Promote international cooperation in cyber defense.
e. Cyber Surakshit Bharat Initiative
- Launched in 2018 by MeitY in collaboration with NASSCOM & Data Security Council of India (DSCI).
- Objective: To strengthen the cyber security ecosystem in India.
- Focus Areas:
- Training Chief Information Security Officers (CISOs).
- Spreading awareness among government officials.
- Capacity building in cyber hygiene and cyber safety.
f. CERT-In (Indian Computer Emergency Response Team)
- Nodal agency for handling cyber security incidents in India, established in 2004 under IT Act, 2000.
- Works under MeitY.
- Functions:
- Issue alerts and advisories on cyber threats.
- Coordinate incident response during cyberattacks.
- Conduct cyber security audits and training.
- Collaborate internationally on cyber threat intelligence.
g. Data Protection and Privacy Regulations
- Right to Privacy recognized as a Fundamental Right by Supreme Court in Justice K.S. Puttaswamy vs Union of India (2017).
- Organizations handling personal data must adopt reasonable security practices under IT Act, 2000 (Sec. 43A).
- Sectoral guidelines (RBI for banking, IRDAI for insurance, TRAI for telecom) ensure sector-specific data protection.
- The DPDP Act, 2023 consolidates privacy rights and ensures stronger penalties for misuse of personal data.
