Jayantha Fernando LLM – IT


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Jayantha Fernando LLM – IT

  1. 1. Jayantha Fernando LLM – IT & Telecom Law (Lond.) Director & Legal Advisor, ICTA Business Governance of Information Technology The CXO Perspective LEGAL FRAMEWORK (c) Jayantha Fernando
  2. 2. What are the Legal requirements <ul><li>Several legal safeguards having an </li></ul><ul><li>impact on governance of IT assets and </li></ul><ul><li>Information management </li></ul><ul><li>Conformity with IP Laws </li></ul><ul><li>Controls needed to prevent misuse –Computer Crimes </li></ul><ul><li>Electronic Transactions – ensuring secure transactions and safeguards to retention of information </li></ul><ul><li>Legal challenge --- “ Legal systems are based on human interface and manual processes. Transition to IT based processes poses challenges which can be overcome” </li></ul>(c) Jayantha Fernando
  3. 3. Key Legal Provisions <ul><li>Intellectual Property Act No. 36 of 2003 </li></ul><ul><ul><li>Legal guidelines to safeguard intellectual creations, including compliance obligations for Software and Information systems </li></ul></ul><ul><li>Computer Crime Act 24 of 2007 </li></ul><ul><ul><li>Framework to prevent misuse of IT Systems </li></ul></ul><ul><li>Electronic Transactions Act No. 19 of 2006 </li></ul><ul><ul><li>Legitimizes electronic ways of doing business, including guidelines on secure transactions storage </li></ul></ul>(c) Jayantha Fernando
  4. 4. Intellectual Property Act No. 36 of 2003 <ul><li>Safeguards Intellectual Creations </li></ul><ul><ul><li>Copyrights, Patents, Trademarks etc. </li></ul></ul><ul><li>Based on WTO/ TRIPS </li></ul><ul><li>Key Provisions relevant to IT Systems </li></ul><ul><ul><li>Copyright Protection for Software Sec 6(1) </li></ul></ul><ul><ul><li>Exclusive Rights (right to copy, translate, adapt and distribute) reserved for Owners– Sec 9 </li></ul></ul><ul><ul><li>Scope of copying “fair-use” defined - Sec 12(7) </li></ul></ul><ul><ul><li>Licensing rights recognised - Sec 16(1) </li></ul></ul><ul><ul><li>Information safeguards – Sec 160 (6) </li></ul></ul>(c) Jayantha Fernando
  5. 5. Compliance Obligations under IP Act <ul><li>Respect software ownership rights </li></ul><ul><li>Ensure Compliance with License obligations </li></ul><ul><ul><li>Applicable to both proprietary and open source software </li></ul></ul><ul><ul><li>Open Source / Free Software embody license conditions with freedoms (rights to modify, customise and freely distribute) but ownership retained by creators </li></ul></ul>(c) Jayantha Fernando
  6. 6. Scope of Copying of Software IP Act – Section 12(7) <ul><li>Making a Single Copy and Adaptation by the lawful owner of a copy of software is permitted, only if such copy is necessary for :- </li></ul><ul><ul><li>The purpose for which it was obtained (as per license) </li></ul></ul><ul><ul><li>For Archival purposes and for replacement of lawfully owned copy (if it is destroyed or rendered unusable) </li></ul></ul>(c) Jayantha Fernando
  7. 7. Software Protection Intervention by Courts <ul><li>SOFTSYSTEM (Pvt) Ltd vs Visual Tech </li></ul><ul><li>Alleged misuse of Source Code belonging to Indian Software Company </li></ul><ul><li>Enjoining Order granted by Commercial High Court of Colombo </li></ul><ul><li>Out of Court Settlement </li></ul>(c) Jayantha Fernando
  8. 8. Protection of Information as an Asset Law of Confidentiality <ul><li>Disclosure and acquisition of undisclosed information without the consent of “rightful holder” would constitute an act of “ unfair competition ” </li></ul><ul><li>Section 160(6)(b) - Disclosure and acquisition may result from Breach of contract, industrial espionage etc </li></ul><ul><li>Protection for NDAs under the IP Act </li></ul><ul><li>Sri Lanka has followed English Common law principles relating to Law of Confidence </li></ul>(c) Jayantha Fernando
  9. 9. <ul><li>Computer Crime Act 24 of 2007 </li></ul><ul><ul><li>Framework to prevent misuse of IT Systems </li></ul></ul><ul><li>Three Broad Categories of Computer Crimes </li></ul><ul><ul><li>Computer Related crimes – Computers used as a tool for criminal activity such as theft, fraud etc </li></ul></ul><ul><ul><li>Hacking – affects integrity, availability and confidentiality of a computer system or network (also includes Viruses, worms etc) </li></ul></ul><ul><ul><li>Content related Cyber Crime – Computers with internet used to distribute illegal data. Eg;- Internet based pornography, Criminal copyright infringement </li></ul></ul>Computer Crimes (c) Jayantha Fernando
  10. 10. <ul><li>Criminal liability - Unauthorised access to (a) Computer, and (b) any information held in any computer – Section 3 & 4 </li></ul><ul><ul><li>Mere turning on of a computer sufficient </li></ul></ul><ul><li>Intentionally and without lawful authority carries out a function which has effect of modification or damage to any computer or computer system or computer program – Section 5 </li></ul>Computer Crimes - Provisions Relevant for IT Governance (c) Jayantha Fernando
  11. 11. <ul><li>What constitutes modification or damage to any computer or computer system or computer program (Vide illustration to Section 5) </li></ul><ul><ul><li>impairing the operation of any computer, or the reliability of any data or information held in any computer </li></ul></ul><ul><ul><li>destroying, deleting or corrupting or adding, moving or altering any information held in any computer </li></ul></ul><ul><ul><li>introduces a computer program which will have the effect of malfunctioning of a computer or falsifies the data </li></ul></ul>Computer Crimes - Provisions Relevant for IT Governance (c) Jayantha Fernando
  12. 12. <ul><li>Obtaining information from a computer or a storage medium without authority- Section 7 </li></ul><ul><ul><li>Including buying, selling, uploading and downloading, copies or acquires the substance or meaning of such information </li></ul></ul><ul><li>Illegal interception of Data – Section 8 </li></ul><ul><li>Use of Illegal devices – Section 9 </li></ul><ul><li>Unauthorised disclosure of Information – Section 10 </li></ul>Computer Crimes - Provisions Relevant for IT Governance (c) Jayantha Fernando
  13. 13. Electronic Transactions Act No. 19 of 2006 <ul><li>Framework for electronic business and sets guidelines on secure e-transactions & storage </li></ul><ul><li>Substantive Legal Issues </li></ul><ul><ul><li>Formation and validity of online Contracts </li></ul></ul><ul><ul><li>Statutory limitations relating to enforcement (writing and signature requirements, i.e Prevention of Frauds Ordinance of 1840) </li></ul></ul><ul><ul><li>Proof – Evidentiary issues </li></ul></ul><ul><li>Regulation of Service Providers (Facilitate the use of electronic signatures) </li></ul>(c) Jayantha Fernando
  14. 14. Electronic Transactions Act <ul><li>No Definition of “Electronic Transactions” </li></ul><ul><li>Covers all commercial transactions carried out in the electronic form </li></ul><ul><li>Areas Not covered </li></ul><ul><ul><li>Last wills, Property related transactions (Section 23) </li></ul></ul><ul><ul><li>Consumer protection issues (Consumer Affairs Authority Act No. 9 of 2003) </li></ul></ul>(c) Jayantha Fernando
  15. 15. Electronic Transactions Act Objectives (what it covers)– Section 2 <ul><li>to facilitate domestic and international electronic commerce by eliminating legal barriers </li></ul><ul><li>to encourage the use of reliable forms of electronic commerce </li></ul><ul><li>to facilitate electronic filing of documents with Government and to promote efficient delivery of Government services by means of reliable forms of electronic communications; and </li></ul><ul><li>to promote public confidence in the authenticity, integrity and reliability of data messages and electronic communications </li></ul>(c) Jayantha Fernando
  16. 16. Electronic Transactions Act <ul><li>Section 3 – Broad Principles </li></ul><ul><ul><li>recognition to Data Messages, electronic documents, electronic records and other communications should not be denied legal effect </li></ul></ul><ul><li>The term “Data Messages”, “electronic documents”, “electronic records” and “Communications” have been defined to give a wide connotation to all forms of electronic transactions </li></ul><ul><li>Based on UNCITRAL templates </li></ul>(c) Jayantha Fernando
  17. 17. Electronic Transactions Act Chapter II <ul><li>Section 6 </li></ul><ul><ul><li>Legal Standards for Retention of Information originally NOT generated in electronic form </li></ul></ul><ul><li>Section 7 </li></ul><ul><ul><li>Legal Recognition of Electronic Signatures for secure transactions </li></ul></ul><ul><li>“ Writing” and “Signing” a paper document provides reliability , traceability and un-alterability </li></ul><ul><ul><li>Satisfied by Electronic Signatures (digital certificates) </li></ul></ul>(c) Jayantha Fernando
  18. 18. Electronic Transactions Act Chapter V <ul><li>Rules Governing Evidence </li></ul><ul><li>New admissibility framework based on regularity of business records principles– Section 21 (2) </li></ul><ul><ul><li>Information contained in electronic documents compiled, received and obtained during the course of business, trade of profession or other regularly conducted activity are per se admissible </li></ul></ul><ul><li>Presumption on the accuracy of contents of electronic documents and records– Section 21 (3) </li></ul><ul><li>Burden shifted to party seeking to DENY admissibility </li></ul>(c) Jayantha Fernando
  19. 19. Electronic Transactions Recent Developments <ul><li>All Sections except Section 18 and 20(1) brought into operation w.e.f 1 st October 2007 - Gazette dated 27 Sept 2007 </li></ul><ul><li>UN Convention on the Use of Electronic Communications in International Contracts </li></ul><ul><ul><li>UN e-Contracting Convention </li></ul></ul><ul><li>Sri Lanka first in South Asia to sign it with China and Singapore </li></ul><ul><li>Act needs few Amendments </li></ul>(c) Jayantha Fernando
  20. 20. Conclusions <ul><li>Adequate legislative provisions for IT Governance </li></ul><ul><li>Enforcement challenges and consider business impact </li></ul><ul><li>Availability of Technology solutions for better legal compliance </li></ul>(c) Jayantha Fernando