Thursday, 10 March 2011

Cyber Due Diligence Requirements In India

Cyber due diligence in India has emerged as an essential regulatory requirement. The information technology act 2000 (IT Act 2000) originally carried provisions regarding cyber due diligence but they were not as stringent as they are now.

With the passing of the information technology amendment act 2008 (IT Act 2008) things have changed dramatically. Now the cyber law of India has made cyber due diligence even more stringent.

Further, the ministry of communication and information technology (MCIT) has also framed certain rules that go even further in mandating extreme cyber due diligence requirements by intermediaries in India.

Under the IT Act 2000 “Intermediary” are required to observe “Due Diligence” to escape liabilities arising out of third party acts or omissions, informs Praveen Dalal, a Supreme Court lawyers and leading techno legal expert of India. The scope, definition and ambit of Due Diligence is very wide under the IT Act, 2000 and stakeholders must be wary of the requirements of Indian Cyber Law, suggests Dalal.

Another aspect that is closely related to cyber due diligence pertains to e-discovery. For instance, e-discovery for due diligence by banks is imperative in today’s banking environment in India.

In fact, to ensure proper cyber security of banking transactions and to comply with the IT Act 2000cyber due diligence requirements, all banks now would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

Since the cyber due diligence is new in India, there is no ready made reference material available for it. Perry4Law Techno Legal Base (PTLB) and Perry4Law are in the process of writing the first and exclusive techno legal cyber crime investigation manual of India. The manual is in the final phase of preparation and it may be available to governmental departments and general public after few months. The manual also cover cyber due diligence requirements to be followed by stakeholders in India, especially by intermediaries.

Cyber due diligence must be perceived as an essential business requirement than a regulatory requirement. Many frauds and crimes can be prevented if proper cyber due diligence is at place.