REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011
Under
The (Indian) Information Technology Act, 2000
The document discusses data protection laws in India. It provides definitions of data and databases. India does not have specific data protection legislation, but data can be protected through various acts like the Constitution, Information Technology Act 2000, and Copyright Act 1957. The Information Technology Act 2000 defines data and provides some penalties for damaging computers or disclosing private information without consent. However, it does not define what constitutes "reasonable security practices and procedures" or address territorial applicability of these laws. The document also discusses approaches to data protection in the US, UK, and some cases involving data issues in India. It notes that when data is transferred outside India, it receives no legal protection.
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
The document summarizes key aspects of data protection law in India. It outlines the Information Technology Act of 2000 and its amendments in 2008 that introduced provisions for protecting personal data. The Ministry of Communications and Information Technology then promulgated the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules in 2011 under these acts. The rules define sensitive personal data and set forth requirements for companies regarding privacy policies, consent, data access, security practices, and more to protect Indian citizens' personal information.
ARBITRATION AGREEMENT FORMAT
FREE LEGAL AND ACCOUNTANT FORMATS
KANOON KE RAKHWALE INDIA
HIRE LAWYER ONLINE
LAW FIRMS IN DELHI
CA FIRM DELHI
VISIT : https://www.kanoonkerakhwale.com/
VISIT : https://hirelawyeronline.com/
The petitioner union filed a writ petition seeking directions to the Inspector of Factories to take action against a factory for removing the optional lock system from its computerized attendance system. The factory had implemented the system in 2003 with permission. The court dismissed the petition. It noted that the union had previously agreed to the computerized attendance system. Under the Information Technology Act and factory rules, electronic records and exemption from certain rules are allowed. The workers could complain about any violations. [/SUMMARY]
Cyber crime refers to criminal activity involving computers and the internet. It includes activities like fraud, hacking, and distributing obscene content online. There is no universally agreed upon definition of cyber crime due to the broad and evolving nature of crimes committed through electronic means. Cyber crimes can be committed across geographical boundaries and with minimal resources compared to traditional crimes. The Information Technology Act of India defines and punishes various cyber crimes like hacking, privacy breaches, and distributing obscene content electronically. Both the IT Act and Indian Penal Code can apply to cyber crimes depending on the nature of the offense.
Right to privacy on internet and Data Protectionatuljaybhaye
The document discusses the concepts of privacy and data protection on the internet. It defines the right to privacy and explains how privacy is recognized differently across various jurisdictions like the Universal Declaration of Human Rights, European Convention on Human Rights, and the Constitution of India. It also summarizes key privacy laws in the US and UK. The document then discusses various threats to privacy from technologies like cookies, web bugs, and viruses. It provides details about sensitive personal data protection laws in India and the UK. Finally, it discusses the right to privacy versus the right to interception under Indian law.
Plea bargaining and its applicability in the Indian SystemAbsar Aftab Absar
The document summarizes a presentation on plea bargaining and its applicability in the Indian criminal justice system. Some key points:
- Plea bargaining has existed for over 800 years and aims to address problems like delays, difficulty securing convictions, and reducing under-trial prisoners. It was pioneered in the US in the early 1900s.
- India introduced plea bargaining in 2006 for crimes with maximum 7 year sentences. However, its application is more restricted than in the US and it is not fully accepted yet in India.
- The Indian model differs from the US in that the initiative comes from the accused, not prosecutors. It also involves courts more directly in overseeing agreements between accused and prosecutors.
-
The document discusses data protection laws in India. It provides definitions of data and databases. India does not have specific data protection legislation, but data can be protected through various acts like the Constitution, Information Technology Act 2000, and Copyright Act 1957. The Information Technology Act 2000 defines data and provides some penalties for damaging computers or disclosing private information without consent. However, it does not define what constitutes "reasonable security practices and procedures" or address territorial applicability of these laws. The document also discusses approaches to data protection in the US, UK, and some cases involving data issues in India. It notes that when data is transferred outside India, it receives no legal protection.
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
The document summarizes key aspects of data protection law in India. It outlines the Information Technology Act of 2000 and its amendments in 2008 that introduced provisions for protecting personal data. The Ministry of Communications and Information Technology then promulgated the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules in 2011 under these acts. The rules define sensitive personal data and set forth requirements for companies regarding privacy policies, consent, data access, security practices, and more to protect Indian citizens' personal information.
ARBITRATION AGREEMENT FORMAT
FREE LEGAL AND ACCOUNTANT FORMATS
KANOON KE RAKHWALE INDIA
HIRE LAWYER ONLINE
LAW FIRMS IN DELHI
CA FIRM DELHI
VISIT : https://www.kanoonkerakhwale.com/
VISIT : https://hirelawyeronline.com/
The petitioner union filed a writ petition seeking directions to the Inspector of Factories to take action against a factory for removing the optional lock system from its computerized attendance system. The factory had implemented the system in 2003 with permission. The court dismissed the petition. It noted that the union had previously agreed to the computerized attendance system. Under the Information Technology Act and factory rules, electronic records and exemption from certain rules are allowed. The workers could complain about any violations. [/SUMMARY]
Cyber crime refers to criminal activity involving computers and the internet. It includes activities like fraud, hacking, and distributing obscene content online. There is no universally agreed upon definition of cyber crime due to the broad and evolving nature of crimes committed through electronic means. Cyber crimes can be committed across geographical boundaries and with minimal resources compared to traditional crimes. The Information Technology Act of India defines and punishes various cyber crimes like hacking, privacy breaches, and distributing obscene content electronically. Both the IT Act and Indian Penal Code can apply to cyber crimes depending on the nature of the offense.
Right to privacy on internet and Data Protectionatuljaybhaye
The document discusses the concepts of privacy and data protection on the internet. It defines the right to privacy and explains how privacy is recognized differently across various jurisdictions like the Universal Declaration of Human Rights, European Convention on Human Rights, and the Constitution of India. It also summarizes key privacy laws in the US and UK. The document then discusses various threats to privacy from technologies like cookies, web bugs, and viruses. It provides details about sensitive personal data protection laws in India and the UK. Finally, it discusses the right to privacy versus the right to interception under Indian law.
Plea bargaining and its applicability in the Indian SystemAbsar Aftab Absar
The document summarizes a presentation on plea bargaining and its applicability in the Indian criminal justice system. Some key points:
- Plea bargaining has existed for over 800 years and aims to address problems like delays, difficulty securing convictions, and reducing under-trial prisoners. It was pioneered in the US in the early 1900s.
- India introduced plea bargaining in 2006 for crimes with maximum 7 year sentences. However, its application is more restricted than in the US and it is not fully accepted yet in India.
- The Indian model differs from the US in that the initiative comes from the accused, not prosecutors. It also involves courts more directly in overseeing agreements between accused and prosecutors.
-
Information Technology Act 2000 - Santosh K PathakDipayan Sarkar
This document provides an overview of cyber crimes and the Information Technology Act 2000 in India. It discusses the types of cyber crimes such as hacking, phishing, spamming, and cyber terrorism. It then outlines the objectives of the IT Act which aims to provide legal recognition for e-commerce transactions and facilitate electronic governance. The document explains the extent of application of the Act and key definitions. Finally, it summarizes the various cybercrime provisions under the IT Act 2000, listing the relevant sections of the Act that penalize offenses such as tampering with computer systems, publishing offensive content, and failure to assist in decrypting data upon request from authorities.
Anton piller order l6 l7-_20 dec20 2013_jeong cp_Nik Nasrun Nazmi
anton piller oder, definition condition function and comparative analysis with UK Canada Intelectual Property Rights, patent Law; Extraordinary relief by court
The respondent argues that:
1) The principle of res judicata does not apply because the issues and reliefs sought in the first and second suits were different.
2) The appellant's claim for arrears is time-barred under the Limitation Act as more than 3 years have passed.
3) The respondent cannot be held liable for the previous owner's electricity dues because there was no agreement or terms to that effect.
The document discusses the transfer of cases between courts in India. It defines transfer of suit under Sections 22 and 23 of the Code of Civil Procedure, which allows a civil court to transfer a suit from one civil court to another on a defendant's application. The objective of case transfers is to maintain fairness in trial procedures, protect the reputation of courts, and uphold high moral standards among judiciary members. Conditions for transfer include the suit being pending in a competent court, the transferee court being subordinate to the transferring court, and the transferee court having competency to try or dispose of the suit. Courts have the power to transfer cases between subordinate courts at any stage of proceedings, and can start proceedings from the point of transfer
Enforceability of foreign_judgments_and_foreign_awardsLegalServicesDelhi
With the advent of globalisation and with India poised as a major international and
global player in the world economy, it is apposite to consider the law concerning
enforcement of foreign judgments in India. In law, the enforcement of foreign
judgments is the recognition and enforcement rendered in another ("foreign")
jurisdiction. Foreign judgments may be recognized based on bilateral or multilateral
treaties or understandings, or unilaterally without an express international
agreement. The "recognition" of a foreign judgment occurs when the court of one
country or jurisdiction accepts a judicial decision made by the courts of another
"foreign" country or jurisdiction, and issues a judgment in substantially identical
terms without rehearing the substance of the original lawsuit.
The following presentation tends to explain the concept of Summary proceedings under the Civil Procedure Code in India.It elaborates on the suits to which this order applies and the procedure to be followed therein.
The document discusses the work of UNCITRAL to develop legal frameworks for e-commerce. It summarizes the UNCITRAL Model Law on Electronic Commerce, which establishes the functional equivalence and media neutrality of electronic transactions. The Model Law has been adopted in many countries and states to facilitate e-commerce by validating electronic writings, signatures, and contracts. It aims to build confidence in e-commerce by clarifying the legal validity and recognition of electronic communications and transactions.
The document discusses the offense of extortion under Malaysian law. It begins by defining extortion and outlining its key elements: (1) putting a person in fear of injury, (2) intentionally inducing that person to deliver property through dishonest means. It elaborates on these elements and related concepts like implied threats and unlawful demands. Case law is discussed that examines how courts have interpreted and applied the elements of extortion. General punishment and differences between extortion and offenses like theft, robbery, and corruption are also outlined. Overall, the document provides a comprehensive overview of the legal definition and requirements to prove the crime of extortion in Malaysia.
rights of victim Presentation1 saif 3rdsem.pptxOmGod1
This document discusses the rights of victims in criminal cases. It begins with definitions of a victim as someone who has suffered harm due to a criminal act. It then lists some of the key rights of victims, such as the right to be informed of case progress and hearings. It examines a 1989 case where a victim's right to be protected from the accused was violated. While India has established some victim compensation programs and Supreme Court rulings, problems remain implementing victims' rights and many victims remain dissatisfied with treatment by police. Reforms are needed to better reflect social values and concepts of justice. An effective criminal justice system balances society's need for safety with victims' and offenders' rights.
The issues relating to immovable property in international scenario is dealt in a different way in different case laws. It had changes in principles from time to time.
This document discusses the history and purpose of the Malaysian Evidence Act 1950. It was modeled after the Indian Evidence Act of 1872, which codified English common law rules of evidence. The Act aims to regulate the presentation of facts in court proceedings to ensure justice and fair trials. It defines evidence as oral statements by witnesses and documentary evidence. Evidence must relate to facts in issue or other relevant facts as defined in the Act. Relevant facts are those that are logically connected or probative to matters requiring proof, subject to exclusionary rules like hearsay. The document also discusses types of evidence and the distinction between facts in issue in civil and criminal cases.
This document summarizes the categories of general defense in criminal law. It discusses excuses and justifications as two types of general defense that can exculpate a defendant. It then outlines various excusable defenses including mistake, infancy, insanity, and intoxication. For each defense, it provides details on how they exonerate criminal liability under the law. It discusses the relevant sections from the Muluki Penal Code and also summarizes a court case dealing with an insanity defense.
The document discusses privacy laws in India related to digital data and personally identifiable information. It outlines key concepts around data privacy, categories of private data under Indian law, and relevant sections of the Information Technology Act 2000 regarding unauthorized access to data, compensation for failure to protect sensitive personal data, and criminal offenses for disclosure of private information. It also briefly mentions some global privacy laws like the Gramm–Leach–Bliley Act in the US.
The document discusses jurisdiction in cyberspace. It defines jurisdiction and international law principles related to jurisdiction. It discusses issues like prescriptive jurisdiction, enforcement jurisdiction, and personal jurisdiction in cyberspace. Personal jurisdiction online is complex due to factors like online contracts, forum selection clauses, and location of web servers. Courts examine minimum contacts and due process to determine if they can exercise jurisdiction over foreign online entities. International conventions also guide jurisdiction over cybercrimes.
Socio-Economic Offences- Nature and Extent.pptxGURSEVSINGH5
This document provides an overview of socio-economic offenses. It defines socio-economic offenses as criminal acts intended to illegally earn wealth through individual or organized means. The document outlines three course outcomes related to understanding socio-economic offenses and their related legislation and impact on society. It then introduces socio-economic offenses and their salient features, such as motive and victims. It distinguishes white collar crimes as offenses of the upper classes in the course of occupation. Finally, it discusses criticisms of the term "white collar crime" and impacts of socio-economic offenses, such as inflation, uneven resource distribution, and undermining development efforts.
This document summarizes key aspects of cyber law in India. It discusses how cyber law governs cyber space, including computers, networks, and digital devices. The main areas covered are cyber crimes, electronic signatures, intellectual property, and data protection/privacy. The document also outlines the need for cyber law given characteristics of cyberspace. It provides an overview of India's Information Technology Act of 2000 and its 2008 amendment, highlighting new sections on data security, cyber terrorism, and penalties for various cyber offenses.
The document discusses the rules of evidence in judicial inquiries under Qanun-e-shahdat. It defines Qanun-e-shahdat as the system of rules for determining factual questions in courts. The main objective of the Order is to prevent inconsistent admission of evidence by establishing a uniform practice. It aims to admit only relevant facts that assist in discovering the truth, rather than obscuring it. The key principles are that evidence must be limited to the matter at issue, the best evidence must be provided, and hearsay evidence should be excluded.
This document discusses data privacy and protection laws in India. It provides an overview of the key legislation governing this area, the Information Technology Act 2000 and amendments. It outlines some international privacy laws as examples. The document then details India's Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 which regulate how companies must handle sensitive personal data and ensure security practices. It also discusses data theft issues and related penal provisions under the IT Act and Indian Penal Code.
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
The document discusses India's Information Technology Act and the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules introduced in 2011. The rules aim to protect personal data and information by requiring companies to establish privacy policies, obtain consent for data collection and use, provide access to information, and implement security practices. Companies that do not comply could face penalties including paying compensation for damages under the IT Act.
Log management provides detailed records of system, application, and user activities that are essential for security, troubleshooting, and performance monitoring. Logs record information like login/logout times, file access, passwords changes, network traffic, and system errors. Proper log management is critical as logs can be used to answer questions about who accessed or transferred what data and when, and identify the root cause of issues. Common mistakes include not retaining logs for a sufficient time period, not reviewing logs regularly, and not configuring applications to log appropriately.
Information Technology Act 2000 - Santosh K PathakDipayan Sarkar
This document provides an overview of cyber crimes and the Information Technology Act 2000 in India. It discusses the types of cyber crimes such as hacking, phishing, spamming, and cyber terrorism. It then outlines the objectives of the IT Act which aims to provide legal recognition for e-commerce transactions and facilitate electronic governance. The document explains the extent of application of the Act and key definitions. Finally, it summarizes the various cybercrime provisions under the IT Act 2000, listing the relevant sections of the Act that penalize offenses such as tampering with computer systems, publishing offensive content, and failure to assist in decrypting data upon request from authorities.
Anton piller order l6 l7-_20 dec20 2013_jeong cp_Nik Nasrun Nazmi
anton piller oder, definition condition function and comparative analysis with UK Canada Intelectual Property Rights, patent Law; Extraordinary relief by court
The respondent argues that:
1) The principle of res judicata does not apply because the issues and reliefs sought in the first and second suits were different.
2) The appellant's claim for arrears is time-barred under the Limitation Act as more than 3 years have passed.
3) The respondent cannot be held liable for the previous owner's electricity dues because there was no agreement or terms to that effect.
The document discusses the transfer of cases between courts in India. It defines transfer of suit under Sections 22 and 23 of the Code of Civil Procedure, which allows a civil court to transfer a suit from one civil court to another on a defendant's application. The objective of case transfers is to maintain fairness in trial procedures, protect the reputation of courts, and uphold high moral standards among judiciary members. Conditions for transfer include the suit being pending in a competent court, the transferee court being subordinate to the transferring court, and the transferee court having competency to try or dispose of the suit. Courts have the power to transfer cases between subordinate courts at any stage of proceedings, and can start proceedings from the point of transfer
Enforceability of foreign_judgments_and_foreign_awardsLegalServicesDelhi
With the advent of globalisation and with India poised as a major international and
global player in the world economy, it is apposite to consider the law concerning
enforcement of foreign judgments in India. In law, the enforcement of foreign
judgments is the recognition and enforcement rendered in another ("foreign")
jurisdiction. Foreign judgments may be recognized based on bilateral or multilateral
treaties or understandings, or unilaterally without an express international
agreement. The "recognition" of a foreign judgment occurs when the court of one
country or jurisdiction accepts a judicial decision made by the courts of another
"foreign" country or jurisdiction, and issues a judgment in substantially identical
terms without rehearing the substance of the original lawsuit.
The following presentation tends to explain the concept of Summary proceedings under the Civil Procedure Code in India.It elaborates on the suits to which this order applies and the procedure to be followed therein.
The document discusses the work of UNCITRAL to develop legal frameworks for e-commerce. It summarizes the UNCITRAL Model Law on Electronic Commerce, which establishes the functional equivalence and media neutrality of electronic transactions. The Model Law has been adopted in many countries and states to facilitate e-commerce by validating electronic writings, signatures, and contracts. It aims to build confidence in e-commerce by clarifying the legal validity and recognition of electronic communications and transactions.
The document discusses the offense of extortion under Malaysian law. It begins by defining extortion and outlining its key elements: (1) putting a person in fear of injury, (2) intentionally inducing that person to deliver property through dishonest means. It elaborates on these elements and related concepts like implied threats and unlawful demands. Case law is discussed that examines how courts have interpreted and applied the elements of extortion. General punishment and differences between extortion and offenses like theft, robbery, and corruption are also outlined. Overall, the document provides a comprehensive overview of the legal definition and requirements to prove the crime of extortion in Malaysia.
rights of victim Presentation1 saif 3rdsem.pptxOmGod1
This document discusses the rights of victims in criminal cases. It begins with definitions of a victim as someone who has suffered harm due to a criminal act. It then lists some of the key rights of victims, such as the right to be informed of case progress and hearings. It examines a 1989 case where a victim's right to be protected from the accused was violated. While India has established some victim compensation programs and Supreme Court rulings, problems remain implementing victims' rights and many victims remain dissatisfied with treatment by police. Reforms are needed to better reflect social values and concepts of justice. An effective criminal justice system balances society's need for safety with victims' and offenders' rights.
The issues relating to immovable property in international scenario is dealt in a different way in different case laws. It had changes in principles from time to time.
This document discusses the history and purpose of the Malaysian Evidence Act 1950. It was modeled after the Indian Evidence Act of 1872, which codified English common law rules of evidence. The Act aims to regulate the presentation of facts in court proceedings to ensure justice and fair trials. It defines evidence as oral statements by witnesses and documentary evidence. Evidence must relate to facts in issue or other relevant facts as defined in the Act. Relevant facts are those that are logically connected or probative to matters requiring proof, subject to exclusionary rules like hearsay. The document also discusses types of evidence and the distinction between facts in issue in civil and criminal cases.
This document summarizes the categories of general defense in criminal law. It discusses excuses and justifications as two types of general defense that can exculpate a defendant. It then outlines various excusable defenses including mistake, infancy, insanity, and intoxication. For each defense, it provides details on how they exonerate criminal liability under the law. It discusses the relevant sections from the Muluki Penal Code and also summarizes a court case dealing with an insanity defense.
The document discusses privacy laws in India related to digital data and personally identifiable information. It outlines key concepts around data privacy, categories of private data under Indian law, and relevant sections of the Information Technology Act 2000 regarding unauthorized access to data, compensation for failure to protect sensitive personal data, and criminal offenses for disclosure of private information. It also briefly mentions some global privacy laws like the Gramm–Leach–Bliley Act in the US.
The document discusses jurisdiction in cyberspace. It defines jurisdiction and international law principles related to jurisdiction. It discusses issues like prescriptive jurisdiction, enforcement jurisdiction, and personal jurisdiction in cyberspace. Personal jurisdiction online is complex due to factors like online contracts, forum selection clauses, and location of web servers. Courts examine minimum contacts and due process to determine if they can exercise jurisdiction over foreign online entities. International conventions also guide jurisdiction over cybercrimes.
Socio-Economic Offences- Nature and Extent.pptxGURSEVSINGH5
This document provides an overview of socio-economic offenses. It defines socio-economic offenses as criminal acts intended to illegally earn wealth through individual or organized means. The document outlines three course outcomes related to understanding socio-economic offenses and their related legislation and impact on society. It then introduces socio-economic offenses and their salient features, such as motive and victims. It distinguishes white collar crimes as offenses of the upper classes in the course of occupation. Finally, it discusses criticisms of the term "white collar crime" and impacts of socio-economic offenses, such as inflation, uneven resource distribution, and undermining development efforts.
This document summarizes key aspects of cyber law in India. It discusses how cyber law governs cyber space, including computers, networks, and digital devices. The main areas covered are cyber crimes, electronic signatures, intellectual property, and data protection/privacy. The document also outlines the need for cyber law given characteristics of cyberspace. It provides an overview of India's Information Technology Act of 2000 and its 2008 amendment, highlighting new sections on data security, cyber terrorism, and penalties for various cyber offenses.
The document discusses the rules of evidence in judicial inquiries under Qanun-e-shahdat. It defines Qanun-e-shahdat as the system of rules for determining factual questions in courts. The main objective of the Order is to prevent inconsistent admission of evidence by establishing a uniform practice. It aims to admit only relevant facts that assist in discovering the truth, rather than obscuring it. The key principles are that evidence must be limited to the matter at issue, the best evidence must be provided, and hearsay evidence should be excluded.
This document discusses data privacy and protection laws in India. It provides an overview of the key legislation governing this area, the Information Technology Act 2000 and amendments. It outlines some international privacy laws as examples. The document then details India's Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 which regulate how companies must handle sensitive personal data and ensure security practices. It also discusses data theft issues and related penal provisions under the IT Act and Indian Penal Code.
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
The document discusses India's Information Technology Act and the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules introduced in 2011. The rules aim to protect personal data and information by requiring companies to establish privacy policies, obtain consent for data collection and use, provide access to information, and implement security practices. Companies that do not comply could face penalties including paying compensation for damages under the IT Act.
Log management provides detailed records of system, application, and user activities that are essential for security, troubleshooting, and performance monitoring. Logs record information like login/logout times, file access, passwords changes, network traffic, and system errors. Proper log management is critical as logs can be used to answer questions about who accessed or transferred what data and when, and identify the root cause of issues. Common mistakes include not retaining logs for a sufficient time period, not reviewing logs regularly, and not configuring applications to log appropriately.
The document discusses approaches for ensuring IT security for NGOs with global presences and limited resources. It emphasizes managing security through the lens of people, procedures, and tools. The presentation outlines key premises of information security, such as treating it as a lifestyle rather than an event. It provides suggestions for dealing with challenges like maintaining security on a limited budget and in a global setting. It stresses the importance of having the right people, clear and simple procedures, and tools used to implement security policies.
This document provides an overview of key information security concepts. It defines information security as the protection of information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document outlines goals of information security like confidentiality, integrity and availability. It also discusses security models, balancing security and access, threats like malware, social engineering and denial-of-service attacks.
An intrusion prevention system (IPS) stops attacks against systems and networks by blocking unwanted actions, serving as an inline alarm system beyond firewall perimeter defenses. An IPS is not a replacement for other security measures and requires ongoing maintenance. A host-based IPS (HIPS) can stop common and unknown attacks by learning system behaviors and trapping dangerous system calls, providing defense for workstations. A network-based IPS (NIPS) is deployed at the network perimeter in front of and behind firewalls, able to block attacks inline but potentially causing bottlenecks. Both NIDS and NIPS are needed for comprehensive protection, with NIPS blocking threats and NIDS providing passive detection.
Desktop computers are designed to sit comfortably on a desk with the monitor on top, while laptops are small and portable computers that can sit on your lap. Personal digital assistants (PDAs) fit in your hand and store contact information and allow basic word processing. Tablet PCs are portable touchscreen computers smaller than laptops but larger than smartphones. iPads are compact tablet computers developed by Apple that function similarly to smartphones.
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
With the fast changing regulatory and threat landscape, organizations need to gain quick knowledge of how log management and SIEM solutions help them meet their compliance and security needs. The 2010 Data Breach Investigations Report highlights this issue, revealing that 86 percent of organizations breached had evidence of the breach in their logs. Had they found this evidence in a timely manner, they likely could have prevented much of the damage associated with a breach from occurring.
In this webcast, security and compliance expert Anton Chuvakin and Tripwire's Cindy Valladares offer practical strategies organizations can apply to meet their compliance needs and improve security with log management and SIEM solutions.
The difference between log management and SIEM solutions and why you need both.
How defining the problem you are trying to solve helps you choose the right solution.
A pragmatic approach to SIEM that ensures a successful compliance audit, but also improves security.
How SIEM and log management requirements tie in to various regulations and standards like PCI, HIPAA and NERC.
Additional steps organizations can take to improve security through the solutions they use for compliance.
Mistakes organizations make that undermine the organization's security.
Learn how solutions in the Tripwire VIA suite are a perfect fit for this pragmatic approach.
The document discusses different types of personal computers. It describes the four generations of computers from the first generation in the 1940s-1950s which used vacuum tubes and were large, to the current fourth generation starting in 1971 which uses microprocessors on a single chip. It also discusses different models of computers including tower, hand-held, desktop, notebook, laptop, netbook, and tablet PC models. For each type or generation it provides brief details about important features and innovations.
This document discusses various aspects of software development processes. It begins with an overview of traditional waterfall software development processes versus more modern agile processes. It then covers source code management tools and how they have evolved from centralized version control to distributed version control. Next, it discusses important software development processes such as determining origin of code, export controls, licensing, and copyright. Finally, it briefly outlines different levels of software support and how client self-assist is evolving to provide more automated support capabilities.
This document provides instructions and commands for booting, backing up, restoring, and upgrading Cisco IOS, managing the Cisco file system, backing up and restoring the router configuration, using Cisco Discovery Protocol to gather neighbor and interface information, using Telnet to connect to remote devices, troubleshooting network connectivity issues, and using debugging commands. It also discusses using host tables or DNS to resolve hostnames when connecting to devices.
Culture, Economy, Community: A Cultural Plan for Chatham-KentEmily Robson
Presentation delivered by Anne Gilbert, Councilor, Municipality of Chatham-Kent at November 27 2008 "Economies in Transition" forum in Chatham, Ontario.
Veselin Nikolov shared lessons he learned from working on WordPress.com. He discussed stories about adding a new ID which led to legacy code issues and no unit tests. Another story involved sending millions of emails and coupons that broke things due to large queries and offsets. An A/B test story highlighted keeping code simple. Simple queries, atomic commits, testing, and avoiding large launches on Fridays were some of the key lessons learned.
This Photoshop tutorial document covers techniques for creating special text effects including horizontal and vertical text, text with horizontal and vertical masks, and special effects. It concludes with a lesson on rasterizing text.
Presentation delivered by Rebecca Cann, Cultural Planning Supervisor, City of St. Catharines at The Ontario Rural Council's municipal cultural planning forum, "Economies in Transition" on November 17, 2008 in Brockville.
Intellectual property rights in sports in indiaVijay Dalmia
Intellectual property rights in sports are becoming increasingly important as the sports industry has become highly commercialized globally. Trademarks, copyrights, personality rights, and other IP protections are utilized to brand and market sporting events, teams, leagues, and individual athletes. As money plays a larger role in sports, protecting the various intellectual property assets associated with sports is crucial. Examples like football clubs and the Indian Premier League demonstrate how sports IP can be leveraged and monetized for significant financial gain. Emerging issues around domains names, ambush marketing, and licensing further emphasize the growing relevance of intellectual property rights protection in professional sports.
The Medical Council of India regulates uniform standards of higher qualifications in medicine and recognition of medical qualifications in India and abroad. Official registration of doctors with recognized medical qualifications is controlled by the council, and procedures have been laid out under the Indian Medical Council Act 1956 and Indian Medical Degree Act 1916. Although there are no legal constraints specifically dealing with methodology of executing or dispensing medical services in India, various laws including the Drugs and Cosmetics Act, 1940 define negligence; criminal intent; sale, manufacture and distribution of drugs etc., while judicial precedent and case laws determine medical negligence on a case by case basis. The healthcare service provider adopting telemedicine methods of medical practice must ensure that medical consultation, prescriptions, treatment and drugs are dispensed only in accordance with legal provisions and guidelines regulating the medical and healthcare sector in India.
Guide for de mystifying law of trade mark litigation in IndiaVijay Dalmia
The document provides an overview of trademark law in India. It discusses that trademark registration is not required for protection, and that rights can be acquired through registration, first use, or assignment. It also outlines threats like cancellation, opposition, and litigation for infringement or passing off. Key principles of Indian trademark law include first adoption taking priority over registration, and volume of business not being a relevant consideration in litigation. Defences for infringement or passing off include delay, acquiescence, and differences in goods/sales channels.
New Data Privacy Rules By Amit Khandelwalamitkhand
The document outlines new rules in India for handling personal information and sensitive personal data according to the Information Technology Act, defining these terms and requiring reasonable security practices, consent for collecting sensitive data, and allowing individuals to review and withdraw their information. Companies must appoint grievance officers, and can transfer sensitive data outside India only with consent and if an equal level of protection exists in other countries. Violations of these rules for protecting personal data could result in fines of up to 500 million rupees.
The Personal Information Protection Law (PIPL) was passed in China on August 20, 2021 and will take effect on November 1, 2021. This law establishes China's first comprehensive framework for regulating the processing and transfer of personal information of Chinese natural persons. It introduces strict rules for protecting personal information rights, processing personal information, and promoting its reasonable use. Key provisions include detailed rules for processing personal and sensitive personal information, obligations for personal information handlers, restrictions on transferring personal data, and penalties for non-compliance. With the law taking effect soon, organizations that handle personal data will need to ensure they comply with its regulations.
This document summarizes regulatory compliance under the Information Technology Act, 2000 regarding data protection in India. It discusses key cases related to data protection, the liability of companies under Section 85 of the act, and compensation for failure to protect data under Section 43A. It also examines what constitutes sensitive personal data, reasonable security practices and procedures, roles of adjudicating officers and courts, and guidelines around collection, use and transfer of personal information. Overall, the document provides an overview of the IT Act's provisions for data protection in India.
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
The document discusses data privacy under the Information Technology Act, 2000 in India. It outlines key cases, issues, and provisions around organizational liability for failing to protect sensitive personal data, what constitutes reasonable security practices and procedures, and the role of the IT Act and IT Rules of 2011 in establishing India's data privacy framework. It also compares India's laws with data privacy regulations in other jurisdictions like the EU and US.
Examples of international privacy legislationUlf Mattsson
The document discusses various US and Indian legislation related to privacy and data protection.
In the US, laws discussed include HIPAA/HITECH which regulate health data privacy and security. Other laws mentioned are GLBA, state privacy breach notification laws, and FTC regulations. The document also discusses best practices for encryption of sensitive data from standards like NIST.
In India, the key laws discussed are the Information Technology Act of 2000/2008 which introduced data privacy rules. Sensitive personal data is defined and consent requirements are outlined. Implications for multinationals and outsourcing companies operating in India are also summarized. Security measures from the IT Act and ISO 27001 standard are highlighted. A proposed comprehensive privacy
The document summarizes the key requirements for complying with the Philippines' Data Privacy Act of 2012. It outlines the structure and objectives of the law, as well as the obligations and penalties for personal information controllers and processors. The main compliance obligations include appointing a data protection officer, adhering to privacy principles when processing data, maintaining security of data, reporting breaches within 72 hours, and registering with the National Privacy Commission. Non-compliance could result in penalties such as fines and imprisonment.
The document summarizes Malaysia's Personal Data Protection Act of 2010, which regulates the processing of personal data related to commercial transactions. It defines key terms, outlines 7 data protection principles, and discusses the rights of data subjects, offenses/penalties, and requirements for data users and sensitive personal data. It proposes a two-stage action plan for organizations to comply with the new law.
The document discusses how the Philippine government has passed several laws and policies aimed at protecting the rights and welfare of Persons with Disabilities (PWDs), such as establishing Persons with Disability Affairs Offices and expanding various benefits and services for PWDs. However, advocates note that accessibility to basic services remains out of reach for most PWDs due to insufficient funding and gaps in implementing these programs and laws. The National Council on Disability Affairs is the lead government agency tasked with coordinating policies and programs for PWDs.
The document summarizes key aspects of India's Personal Data Protection Bill, 2018. It discusses the bill's objectives to protect individual privacy and regulate how personal data is collected and processed. It outlines important definitions like personal data, sensitive personal data, and roles of data fiduciaries, processors and principals. It describes the bill's scope, lawful grounds for processing data, rights of individuals, and obligations of entities processing data, including transparency, security safeguards, impact assessments, and restrictions on sensitive data and cross-border transfers. It also discusses penalties for non-compliance and oversight by an independent Data Protection Authority.
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfInternet Law Center
This document provides a section by section summary of proposed legislation called the American Data Privacy and Protection Act. Some key points:
- It would establish definitions for terms like "covered entity", "covered data", and "sensitive covered data". Covered entities would include companies that collect or process personal data.
- It outlines various individual rights for access, correction, deletion and data portability of personal data. Covered entities would need to provide transparency into their data practices and privacy policies.
- It establishes duties for covered entities around data minimization, security, and "privacy by design". It restricts certain uses of sensitive data and requires consent for things like targeted advertising.
- It addresses issues like third
The document discusses the Protection of Personal Information Act (POPI) of South Africa. It defines key terms like personal information, processing, and responsible party. It outlines 8 conditions for the lawful processing of personal information according to POPI, including accountability, processing limitation, and purpose specification. Non-compliance with POPI can result in penalties, so organizations must understand and comply with the Act when handling personal information.
The document provides an overview of the UAE's new Personal Data Protection Law (PDPL). Some key points:
- The PDPL became effective in January 2022 and aims to protect privacy and personal data by establishing requirements for data processing.
- It applies to data controllers and processors operating in the UAE or handling data of UAE residents. Some government and health data is exempt.
- The law establishes rights for data subjects, requirements for lawful processing, security measures, data transfers, and appointments of data protection officers.
- It introduces mechanisms for data subject complaints and potential penalties for non-compliance, to be enforced by the UAE Data Office. The document compares the PDPL to the
The document summarizes key aspects of data protection law in India, including the Data Protection Rules under the Information Technology Act, which impose obligations on companies that process personal data. It discusses concepts like sensitive personal data, consent requirements, data retention, complaints procedures, penalties for non-compliance, and sector-specific regulations. It also provides an overview of the European Union's General Data Protection Regulation and obligations it places on controllers and processors of personal data.
The document discusses the key aspects of the Data Privacy Act of 2012 (RA 10173), including its purpose, scope, and basic terms.
The purpose of the Act is to protect personal data and uphold an individual's right to privacy. It compels entities that process personal data to establish policies and implement measures to safeguard data.
The Act applies broadly to the processing of all types of personal data by any natural or juridical person. It does not apply in certain cases like information about government employees. Lawful processing of personal data requires consent, and sensitive personal data has additional restrictions.
The roles of document custodians include processing data lawfully and securely, preventing breaches, and respecting
This document summarizes the key aspects of the Data Privacy Act of 2012 in the Philippines. It outlines the functions of the newly established National Privacy Commission, which is tasked with ensuring compliance with the law and protecting personal information. The law applies to all entities that process personal data and defines the general principles for lawful processing of personal information, including requirements for consent, legitimate purpose, and accuracy of data. It also covers the extraterritorial application of the law and protection of sensitive personal information.
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
Egypt has recently enacted the first Personal Data Protection Law (PDPL), which has been published in the Official Gazette on 15 July 2020 and has entered into force on 16 October 2020. The PDPL reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR). The Executive Regulations of the PDPL shall be issued within six (6) months from the entry into force of the PDPL. Organizations shall comply with the provisions of the PDPL and its Executive Regulations within a grace period of one (1) year from the issuance of the Executive Regulations.
The PDPL covers almost all aspects of personal data protection stated under the GDPR. In this presentation, you will find a summary of the important data protection provisions stipulated under the PDPL, and the similarities and differences between the GDPR and the PDPL.
Draft Bill on the Protection of Personal DataRenato Monteiro
Presentation given at the DataGuidance´s webinar "Brazil: Towards Privacy Compliance", about the Brazlian Draft Bill for the Protection of Personal Data (Anteprojeto de Lei para a Proteção de Dados Pessoais) issued in January 2015, which introduced concepts such as Data Protection Officer and Binding Corporate Rules.
Similar to Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha (20)
DIGITAL PERSONAL DATA PROTECTION ACT 2023-PPT-VPD.pptxVijay Dalmia
The Digital Personal Data Protection Act, 2023 (DPDP Act) is a significant development in Indian data protection. Here's a concise overview:
**Personal Data and Processing:**
- "Personal data" under DPDP Act refers to any data identifying an individual.
- "Processing" includes various operations, like collection and storage.
**Data Fiduciary and Data Processor:**
- "Data Fiduciary" determines data processing purposes.
- "Data Processor" processes data on behalf of a Data Fiduciary.
**Coverage:**
- DPDP Act covers those processing personal data, excluding personal or domestic purposes.
**Applicability:**
- Applies when processing occurs within or outside India related to offering goods/services within India.
**Permitted Processing:**
- Personal data can be processed with consent or under legitimate uses outlined in DPDP Act.
**Consent:**
- Consent should be clear, informed, and obtained through affirmative action.
**Notice:**
- A notice is mandatory before collecting personal data.
- Fresh notice required if processing begins before DPDP Act commencement.
**Data Fiduciary Obligations:**
- Appoint Data Processor via valid contract.
- Ensure data completeness, accuracy, and security.
- Erase data when purpose is fulfilled.
- Implement technical and security measures.
- Report breaches to Data Protection Board.
- Establish grievance redressal mechanism.
- Publish contact information of Data Protection Officer.
**Significant Data Fiduciary:**
- Conduct periodic data protection impact assessments.
- Appoint Data Protection Officer and independent data auditor.
**Data Protection Board:**
- An enforcement body established by the Central Government.
- Appeals go to Telecom Disputes Settlement and Appellate Tribunal.
**Consent Manager:**
- Facilitates consent management through an accessible platform.
- Registered with Data Protection Board.
**Data Principal Rights:**
- Right to access personal data.
- Right to correction, erasure, and grievance redressal.
- Right to nominate and withdraw consent.
**Cross-Border Data Transfers:**
- Generally allowed, but Central Government can restrict specific countries/territories.
**Penalties:**
- Non-compliance may result in penalties up to INR 250 Crores (approx. US$ 3,01,00,000).
**Compliance Timeframe:**
- No specific timeframe provided; companies should proactively prepare for DPDP Act compliance.
This summary provides a concise overview of the DPDP Act's key provisions and obligations.
Enforcement Of Intellectual Property Rights Through CustomsVijay Dalmia
Custom Act, 1962 & Intellectual Property Rights Enforcement Rules, 2007
Apart from the various remedies provided under the IP Laws in India, one of the most efficient ways to protect and enforce intellectual property rights is through Custom Act, 1962
It prohibits import of goods that infringe Intellectual Property at the Custom Borders thereby restricting the entry of the goods infringing Intellectual Property Rights
Under Section 156 (1) read with Section 11 (2) (n) and (u) of the Customs Act, 1962, the Central Government has made the Intellectual Property Rights (Imported Goods) Enforcement Rules, 2007 applicable to imported goods.
The Intellectual Property Rights (Imported Goods) Enforcement Rules, 2007 has been amended vide notification no. 56/2018. - Customs (N.T.) dated 22nd June 2018 and the said rules have been called the Intellectual Property Rights (Imported Goods) Enforcement Amendment Rules, 2018.
Intellectual Property Rights (Imported Goods) Enforcement Amendment Rules, 2018
Vide the said Amendment Rules, the Central Government has amended Rule 2 and Rule 5 of the Intellectual Property Rights (Imported Goods) Enforcement Rules, 2007.
As per the Amendment, in Rule 2 in clause (b), the words and figures “patent as defined in the Patents Act, 1970” has been omitted and in clause (c), the words and figures “the Patents Act, 1970” shall be omitted.
In Rule 5, after condition (b), two more conditions have been inserted.
The Intellectual Property Rights (Imported Goods) Enforcement Amendment Rules, 2018 can be accessed from the following link: https://patentsrewind.files.wordpress.com/2018/07/custom-notification.pdf
After the amendment of 2018, the IPR Enforcement Rules 2007 permits a Right Holder to protect the following different types of Intellectual property-
Under the Intellectual Property Rights (Imported Goods) Enforcement Rules, 2007, goods infringing intellectual property rights which are made, reproduced, put into circulation or otherwise used in breach of the intellectual property laws in India or outside India and without the consent of the right holder or a person duly authorized to do so by the right holder.
Notice to be Registered by the Custom Authorities on satisfaction
Within 30 working days from the date of receipt of the notice under Rule 3 (1) or from the extended period as per Rule 3 (4), the Commissioner shall notify the applicant whether notice is registered or rejected.
Minimum validity of registration of notice for a period of 1 year
Prohibition and suspension of import of infringing goods under Section 11 of the Customs Act, 1962.
At all the Ports (Custom Borders) in India
Notice can be given by the Right Holder of the suspected infringing goods
Commissioner of Customs can suo moto suspend the clearance of such infringing goods
Rule 7(4): Where the Deputy Commissioner of Customs or Assistant Commissioner of Customs, as the case may be, has suspended clearance of goods on his own initiative and right holder
White Collar Crime by Vijay Pal Dalmia.pptxVijay Dalmia
A Crime is a Crime.
Colour does not change the crime.
Blue Collar crime is motivated by
fury,
vengeance,
Emotions.
White collar crime is a crime
motivated by greed
meticulously organized & accomplished
committed by the people who belongs to the higher class of society and
These people :
Are from reputable group of society.
Commit these crimes during the course of their occupation.
Usually have a better understanding of
technology,
their respective field,
disciplines etc.
are people of high stature and
There is generally an element of breach of trust by carrying out unethical business practices because of motivation to gain financially.
It is the offenders’ position that accords upon them the opportunity to perpetrate such crimes.
Essential elements of White Collar crime:
Fraud
Deceit
Cheating
Breach of Trust
Intent
Disguise
Knowledge
Concealment
Conspiracy
Organized
Planning
Legislations against White Collar Crimes in India
# Companies Act, 1960.
# Income Tax Act, 1961.
# Indian Penal Code, 1860.
# Commodities Act, 1955.
# Prevention of corruption Act, 1988.
# Negotiable Instrument Act,
# Prevention of Money Laundering Act, 2002.
# IT Act, 2005.
# Imports and Exports (Control) Act, 1950
#Fugitive Economic Offenders Act, 2018
#Foreign Exchange Management Act
# Special Court (Trial of offences relation to Transactions in Securities) Act, 1992
#Central Vigilance Commission Act, 2003
Vijay Pal Dalmia, AdvocateSupreme Court of India & Delhi High CourtEmail id: vpdalmia@gmail.com Mobile No.: +91 9810081079Linkedin: https://www.linkedin.com/in/vpdalmia/ Facebook: https://www.facebook.com/vpdalmia Twitter: @vpdalmia
Taxation of Cryptocurrencies – Virtual Digital Assets in India-VPDalmia.pptxVijay Dalmia
The document summarizes the taxation of cryptocurrencies in India. It defines cryptocurrencies as virtual digital assets under Indian law and outlines how they are taxed. Income from transferring cryptocurrencies is taxed at 30% and is subject to TDS of 1% by the payer. Gains from gifting cryptocurrencies are also taxed. Cryptocurrency exchanges providing trading services are subject to 18% GST. Overall, the document provides an overview of the key Indian tax and legal provisions related to cryptocurrencies.
Indian Approach On Bitcoins-cryptocurrencies- Blockchain Legal Practical Pe...Vijay Dalmia
There are no specific laws relating to Blockchain in India.
Under the Indian laws Blockchain is governed by the general laws of India including laws relating to contracts.
Blockchain Technology is being adopted practically by all, i.e. Government and Private Parties including Banks.
Cryptocurrencies/Crypto Assets/ Cryptos are not FIAT currencies.
Fiat Currency is different from Cryptocurrencies.
Virtual Currencies like Bitcoins are not legal currencies or fiat currency, issued by any Government, and in fact, these are not a currency at all.
Virtual Currencies like Bitcoins are nomenclature for various “computer algorithms”, which are being used to generate codes by private parties and traded over the internet.
Most of the currencies in the world including the currency of India i.e. rupee, are Fiat currencies. Fiat money is the currency that a government has declared to be legal tender, but which may not be backed by any physical commodity like Gold.
The prices of such currencies are
arbitrary
without any backing of any government and geographical restrictions.
Virtual Currencies like Bitcoins are
State Free,
Border Free and
Control Free.
removes the need of a trusted third party such as a governmental agency, bank, etc.
A Virtual Currency like Bitcoin, is a stateless digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank like the Reserve Bank of India, rendering it immune from government interference.
At the moment, there is no express law that classifies virtual currencies as a good, service, security, commodity, derivative or currency
Some of the laws which have a direct bearing on the legal aspects relating to illegal Virtual Currencies like Bitcoins, are as under:
The Constitution of India, 1950;
Reserve Bank of India Act, 1934,
The Foreign Exchange Management Act, 1999 (“FEMA”);
The Reserve Bank of India Act, 1934 (“RBI Act”);
The Coinage Act, 1906 (“Coinage Act”);
The Securities Contracts (Regulation) Act, 1956 (“SCRA”);
The Sale of Goods Act, 1930 (“Sale of Goods Act”);
The Payment and Settlement Systems Act, 2007 (“Payment Act”).
Indian Contract Act, 1872 (“Contract Act”).
The term ‘Currency’ has been defined under Section 2(h) of the Foreign Exchange Management Act, 1999 to include all currency notes, postal notes, postal orders, money orders, cheques, drafts, travelers cheques, letters of credit, bills of exchange and promissory notes, credit cards or such other similar instruments, as may be notified by the Reserve Bank.
It is clear that Bitcoin is not similar to any of the instruments mentioned in the definition, especially digital or virtual currencies. Section 2(m) of The Foreign Exchange Management Act, 1999, ‘foreign currency’ has been defined as any currency other than Indian currency.
Under Section 2 (q) of FEMA, “Indian currency” means currency which is expressed or drawn in Indian
Need for having Security, Email & Internet Usage Policy in Companies - Legal ...Vijay Dalmia
This document discusses the need for companies to have robust IT security, email, and internet usage policies. It notes that most organizations do not have adequate policies in place to protect data and prevent misuse. The document outlines why such policies are important from both a legal and risk management perspective. It discusses how policies help establish appropriate usage of company resources, prevent data theft, and ensure compliance with privacy laws. The document advises that policies should apply to all employees and others associated with the organization. It provides examples of objectives that policies can achieve, such as maintaining security and productivity. The conclusion emphasizes that policies help reduce legal risks and damage to an organization's reputation.
The right to be taken out of Police custody by being brought before a Magistrate is a right given in the interest of, the accused.
Arrest and detention can not be used to extract confession or as a means of compelling people to give information.
It prevents Police Stations being used as though they were prisons - a purpose for which they are unsuitable.
It affords an early recourse to a judicial officer independent of the Police on all questions of bail or discharge.
When the petitioner was arrested the Police Officer knew that he cannot complete his investigation within 24 hours, in such a case, Section 167(1), Cr.P.C. provides for the transmission forthwith of a copy of the entries in the Police Diary relating to the case and for the production of the accused before such Magistrate.
Special emphasis has to be laid on the words "forthwith" in Section 167(1).
The Criminal Procedure Code does not authorise detention by the police for 24 hours after the arrest.
A Police Officer making an arrest without warrant shall, without unnecessary delay take or send the person arrested before a Magistrate.
No Police Officer shall detain in custody a person arrested without warrant for a longer period than under all the circumstances of the case is reasonable, and such period shall not, in the absence of a special order of a Magistrate under Section 167, exceed twenty four hours exclusive of the time necessary for the journey from the place of arrest to the Magistrate's Court.
Thus, the twenty-four hours prescribed is the outermost limit beyond which a person cannot be detained in Police custody.
It is certainly not an authorization for the Police to detain him for twenty-four hours in their custody.
It is only in a case where a Police Officer considers that the investigation can be completed within the period of twenty-four hours that such detention for twenty-four hours is permitted. This is clear from Section 167(1), Cr.P.C.
When an arrested person is brought before a Magistrate, he has to decide whether
he should remand the person to Jail custody under Section 167(2) Cr.P.C. as requested by the Police and at the same time he has to decide whether the request of the person for bail should be granted.
In order to decide the question of remand, he must be satisfied on a perusal of the entries in the Police Diary that there were grounds for believing that the accusation or information against the accused was well founded and that the Police have exercised their right of arresting without warrant legally and further that it was necessary for the purpose of investigation that the accused should be remanded to custody.
Unless, the Magistrate is satisfied on all these points, he can- not remand the accused to Jail custody.
It. is for this purpose that Section 167(1) enjoins that a copy of the entries in the Police Diary should be transmitted to Court.
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia AdvocateVijay Dalmia
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate
Police Remand Judicial Remand & Default bail by Vijay Pal Dalmia Advocate - Terms, Conditions, Rights of Accused. Duty of Police and Courts
Indian approach on bitcoins, cryptocurrencies and blockchain – legal practica...Vijay Dalmia
This document provides an overview of blockchain technology and cryptocurrencies according to Indian law. It discusses that blockchain is distinct from cryptocurrencies, which are based on but not the same as blockchain. It outlines that while blockchain is legally recognized, cryptocurrencies are not considered legal tender in India and fall into a legal gray area. The document also examines how existing Indian laws around banking, currency, securities, and money transmission may apply to cryptocurrency.
Sanction for prosecution of offences under chapter xii of the income tax actVijay Dalmia
Under Chapter XII of the (Indian) Income Tax Act-1961, a person cannot be prosecuted for an offence Under Sections 275A, 275B, 276, 276A, 276B, 276BB, 276C, 276CC, 276D, 277, 277A or 278, except with the previous sanction of the Principal Commissioner or Commissioner or Commissioner(Appeals) or the appropriate Authority. Accordingly, in all cases of prosecution the fact of proper sanction by a competent authority is sine qua non, for initiating prosecution against an offender by the Income Tax Authorities. The issue of valid previous sanction becomes important, and may be taken as a defense by the accused during the course of trial. Following are the important points, which are to be considered, while granting sanction in any matter:
Guide for de-mystifying law of trade mark enfocrement and litigation in indiaVijay Dalmia
The document provides an overview of trademark litigation law in India. It discusses several key points:
1) Trademarks can be protected in India through registration or as unregistered marks via infringement or passing off lawsuits.
2) Rights in trademarks can be acquired via registration, first adoption and continuous bona fide use, or assignment.
3) Registered trademarks may face cancellation petitions or opposition during registration. Unregistered marks rely on passing off claims.
4) Registration does not preclude passing off claims, as marks can still be challenged on grounds like prior use or registration.
IPR Enforcement in India through Criminal Measures - By Vijay Pal DalmiaVijay Dalmia
This document summarizes Indian laws relating to intellectual property including trademarks, copyrights, patents, industrial designs, geographical indications, and internet/information technology. It outlines the criminal statutes and procedures for IP infringement cases, noting that infringement is a cognizable offense allowing police to directly file cases. Upon conviction, penalties include imprisonment up to 3 years and fines up to Rs. 200,000 for trademarks, and minimum 6 month imprisonment and Rs. 50,000 fine for copyright. Special provisions also address copyright enforcement authorities in various states.
The document summarizes the process of criminal trials in India. It outlines the key laws governing criminal procedure and offenses in India, including the Code of Criminal Procedure, Indian Penal Code, and Indian Evidence Act. It then provides a flow chart depicting the typical stages of a criminal investigation and trial in India, from police investigation and filing charges to court proceedings, potential appeals, and outcomes of acquittal or conviction. Key concepts in Indian criminal law like bailable vs. non-bailable offenses, anticipatory bail, and cognizable vs. non-cognizable cases are also defined for context.
LAW OF THE SEMICONDUCTOR INTEGRATED CIRCUITS IN INDIA By Vijay Pal DalmiaVijay Dalmia
This document discusses Indian laws regarding the registration and protection of semiconductor integrated circuit layout designs. It outlines the key provisions of the Semiconductor Integrated Circuits Layout-Design Act, 2000, including definitions, registration procedures, opposition processes, rights conferred, infringement exceptions, penalties for infringement, and jurisdictional filing requirements. The layout-design is registered for 10 years and confers exclusive rights and remedies against unauthorized reproduction and distribution.
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
Information Technology Policy for Corporates is the need of the hour as organisations, are continuously at a stake for violation of information technology laws, commission of cyber crimes, sexual harassment, e-mail violations, and misuse of internet and intranet.
This document summarizes intellectual property laws and enforcement in India. It outlines the main forms of IP rights protected, including trademarks, copyrights, patents, industrial designs, and geographical indications. Registration is required for patents, industrial designs, and geographical indications but not for trademarks and copyrights. Registration confers monopoly rights and shifts the burden of proof to the opposing party in litigation. Civil remedies for IP infringement include injunctions, damages, seizure of infringing materials, and pre-trial asset preservation. Criminal remedies include fines and imprisonment. Interim injunctions are a key remedy to maintain the status quo. The document also discusses opposition and cancellation proceedings, domain name disputes, trade secret protection approaches, Anton Pillar orders, and highlights some
This document provides an overview of patent law from an Indian perspective. It defines what a patent is, outlines the key benefits and requirements for obtaining a patent in India, and describes the patent application and granting process. The document also discusses what can and cannot be patented, infringement issues, and how patents can provide strategic advantages for companies.
1. The document discusses wills in the Indian perspective, including the meaning and procedure of wills under Indian law. It defines the key characteristics of wills and different types of wills such as conditional, joint, mutual, and concurrent wills.
2. It outlines the advantages of making a will, eligibility requirements, the role and selection of executors, and the necessity of appointing an executor. The document also discusses the registration, deposit, revocation and alteration of wills.
3. The enforcement of wills through probate and letters of administration is explained, along with the defined meanings and necessity of obtaining probate or letters of administration under Indian law.
Law of nutritional and supplement food products in India-The ConflictVijay Dalmia
One of the potential threats for manufacturing and sale of
food/health supplements such as “Dietary food supplement”, “Food supplements”, “Nutritional supplements”, “Health supplements”, is its categorization in the category of “Food” or “Drugs”, as there is
a very thin line between “drugs/medicines” and “nutritional
supplements”
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
The Microsoft 365 Migration Tutorial For Beginner.pptx
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2011 Avantha
1. REASONABLE SECURITY PRACTICES AND PROCEDURES AND
SENSITIVE PERSONAL DATA OR INFORMATION RULES, 2011
Under
The (Indian) Information Technology Act, 2000
By
Vijay Pal Dalmia, Advocate
Partner & Head of Intellectual Property & Information Technology Laws Practice
2. INFORMATION TECHNOLOGY ACT,
2000
Enacted in the year 2000 and was implemented w.e.f. 17th
October, 2000.
Important features of this Act :
Recognition to e-transactions, digital signatures, electronic
records etc. and also recognise their evidentiary value.
Lists out various computer crimes which are technological in
nature.
However, this Act, originally, did not contain any provision for
data protection.
3. THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT, 2008
The IT Act, 2002 was amended in the year 2008.
Section
43A and Section 72A were added by the
amendment Act for protection of personal data
and information.
Boththese provisions are penal in nature, civil and
criminal respectively.
4. REASONABLE SECURITY PRACTICES
AND PROCEDURES AND SENSITIVE
PERSONAL DATA OR INFORMATION)
RULES , 2011
Ministry Of Communications And Information Technology
(Department Of Information Technology) promulgated these
rules (IT Rules 2011), under Section 87 (2)(ob) read with
Section 43A.
IT Rules, 2011 came in force on 11th April, 2011.
Non Compliance of these rules would lead to invocation of
Section 43A of The IT Act, 2008 and liability to pay
compensation, limits of which have not been fixed.
5. SECTION 72A of IT Act 2008.
In addition to the civil liabilities under Section 43 A
◦ Any person, or
◦ Intermediary
◦ Is liable for punishment
Of imprisonment for term which may extend to
*3 years
Or fine up to INR 5,00,000
Or both
◦ For disclosure of information
In breach of lawful contract.
*(Cognizable offence and Bailable) ( as per Section. 77B)
6. SECTION 43A: COMPENSATION FOR
FAILURE TO PROTECT DATA
Where a BODY CORPORATE,
possessing, dealing or handling any sensitive personal
data or information
in a computer resource which it owns, controls or
operates
is negligent in implementing and maintaining reasonable
security practices and procedures
and thereby causes wrongful loss or wrongful gain to any
person
such body corporate shall be liable to pay damages by
way of compensation to the person so affected.
7. DEFINITION OF BODY CORPORATE
SECTION 43 A –Explanation (i)
A body corporate would mean:
any company and includes:
a firm,
sole proprietorship or
other association of individuals
engaged in
•commercial or
•professional activities.
8. SENSITIVE PERSONAL DATA OR
INFORMATION:
RULE 3, IT RULES, 2011
Sensitive personal data or information of a „person‟ means
such „personal information‟ which consists of information
relating to:
1. Password;
2. Financial information such as:
Bank account or,
Credit card or debit card or,
Other payment instrument details
3. Physical, physiological and mental health condition;
4. Sexual orientation;
Contd…
9. SENSITIVE PERSONAL DATA OR
INFORMATION
RULE 3 OF THE IT RULES, 2011
5. Biometric information;
6. Any detail relating to the above clauses
as provided to body corporate
for providing service; and
7. Any of the information received under above clauses by
body corporate for
processing,
stored or
processed
under a lawful contract or otherwise
10. EXCEPTIONS:
Following information is not regarded as sensitive personal
data or information:
1. Information freely available or accessible in public domain
or,
2. Information furnished under the Right to Information Act,
2005 (RTI) or
3. Information furnished under any other law for the time being
in force.
11. PERSONAL INFORMATION:
RULE 2 , IT RULES, 2011
Any information that relates to a
„natural person‟
which either directly or indirectly, in combination with other
information available or likely to be available with a body
corporate,
is capable of identifying such person.
12. MEANING OF REASONABLE SECURITY
PRACTICES AND PROCEDURES
Section 43, Explanation (ii)
Security practices and procedure designed to
protect such information from unauthorized
• access,
• damages,
• use,
• modification,
• disclosure or
• impairment,
Contd…
13. MEANING OF REASONABLE SECURITY
PRACTICES AND PROCEDURES
Section 43, Explanation (ii)
Contd…
as may be specified in :
an agreement between the parties or;
any law for the time being in force; or
in absence of such agreement or law,
such reasonable security practices and
procedures,
as may be prescribed by the Central
Government.
14. Privacy Policy
Consent for collection of data
Collection of data
Use and Retention
Opt Out/Withdrawal
Access and Review of Information
Grievance Mechanism
Limitation on Disclosure of Information
Limitation on Transfer of Information
Reasonable Security Practices and Procedures
15. PRIVACY POLICY: RULE 4
Body corporate or any person on its behalf
◦ collects, receives, possess,
◦ stores, deals or handles
information of provider of information
Shall provide a privacy policy for
handling of or dealing in
„personal information including sensitive personal data or
information‟.
Contd…
16. PRIVACY POLICY: RULE 4
Privacy Policy shall be published on the website and provide:-
• Clear and easily accessible statements of its practices and
policies;
• Type of personal or sensitive personal data or information
collected;
• Purpose of collection and usage of such information;
• Disclosure of information including sensitive personal data
or information;
• Reasonable security practices and procedures followed by
the corporate.
17. CONSENT
RULE 5 (1)
o Requires the corporate or any person on its
behalf,
o before collection of sensitive personal data or
information,
o to obtain consent in writing through letter or FAX
or email from the „provider of the information‟
o regarding purpose of usage of such information.
18. CONSENT
RULE 5(3)
Requirements in case of collection of information directly from
the person concerned:
Steps to ensure that the person concerned is having the
knowledge of :
o The fact that the information is being collected;
o The purpose for which the information is being collected;
o The intended recipients of the information; and
o The name and address of –
◦ the agency that is collecting the information; and
◦ the agency that will retain the information
19. PURPOSE OF COLLECTION OF
INFORMATION
RULE 5 (2)
Sensitive personal data or information can be
collected only under following two circumstances:
1. For a „lawful purpose‟
connected with a function or activity
of the body corporate or any person on it behalf;
and
2. Considered „necessary‟ for that purpose
20. USE AND RETENTION OF INFORMATION
USE - RULE 5(5):
The information collected shall be used
only for the purpose for which it has been collected.
RETENTION - RULE 5(4)
A body corporate or its representative
must not retain such information for
longer than is required for the purposes for which the
information may lawfully be used. OR
as required under any other law in force.
21. OPT OUT/WITHDRAWAL
RULE 5(7) :
Requires the body corporate to give the provider of
information, an option:
1. prior to the collection of the information, to not provide the
data or information sought to be collected
2. of withdrawing his consent given earlier to the body
corporate.
Withdrawal shall be sent in writing to the body corporate.
the body corporate shall have the option to not provide
goods or services for which the said information was
sought.
22. OPT OUT/WITHDRAWAL
It is noteworthy that, none of the rules talk about
obtaining the consent of the person to whom the
information relates in case the provider the
information is not the person concerned.
For example, where the husband provides the
medical information of the wife, consent of the wife
is not required as per these rules as she is not the
provider of the information. She also does not have
the option of opting out as per Rule 5(7).
23. ACCESS & REVIEW OF INFORMATION
RULE 5(6)
o Providers of information- permitted- to review the
information provided by them- as and when
requested by them;
o Information- if found to be inaccurate or deficient
shall be corrected or amended as feasible.
o Body corporate NOT responsible for authenticity of
the personal information or sensitive personal data
or information as supplied by the provider to the
body corporate.
24. GRIEVANCE REDRESSAL MECHANISM
RULE 5(9)
o Time bound redressal of any discrepancies and
grievances.
o Grievance Officer shall be appointed.
o Publication of name and contact details of
Grievance Officer on website
o Redressal of grievances: within one month from the
date of receipt of grievance.
25. LIMITATION ON DISCLOSURE OF
INFORMATION
RULE 6
Permission of the provider of the information is required
before disclosure of information
Exceptions:
1. when disclosure is agreed upon in the contract;
2. when disclosure is necessary for compliance of a legal
obligation;
3. when disclosure to Government agencies mandated under the
law to obtain information.
4. when disclosure to any third party by an order under the law
for the time being in force.
26. LIMITATION ON DISCLOSURE OF
INFORMATION
RULE 6
Rule 6 also forbids the following:
1. Publication of sensitive personal data or
information by body corporate or its
representative,
2. Disclosure by third party receiving the
sensitive personal data or information
from the body corporate.
27. LIMITATION ON TRANSFER OF
INFORMATION
RULE 7
Transfer allowed to:
another body corporate or a person
in India, or located in any other country.
Transfer is allowed only if :
1. other body corporate or person ensures the same level of
data protection that is adhered to by the body corporate as
provided under these rules.
2. it is necessary for the performance of the lawful contract
between the provider of the information and the corporate
receiving the information.
28. REASONABLE SECURITY PRACTICES
AND PROCEDURES
RULE 8
Prescribes standard to be adhered to
by a body corporate, receiving the information,
◦ in the absence of an agreement between the
parties;
◦ or any law for the time being in force.
One such prescribed standard: The International
Standard IS/ISO/IEC 27001 on “Information
Technology – Security Techniques – Information
Security Management System – Requirements”.
29. REASONABLE SECURITY PRACTICES
AND PROCEDURES
Any other Security code, if followed shall be :
o Duly approved and Notified
o by the Central Government
o Audited annually by an independent auditor approved by
the Central Government.
In the event of an information security breach –
demonstration of implementation of security
control measures - by the body corporate.
30. REASONABLE SECURITY PRACTICES
AND PROCEDURES
A body corporate or a person on its behalf shall be deemed to
have complied with reasonable security practices and
procedures if:
They have implemented such security practices and
standards, and
Have a
comprehensive documented information
security programme; and
information security policies for:
managerial, technical, operational and physical
security which are proportionate with the
information assets being protected with the
nature of business.
31. IT Act, 2000 is available at:
http://www.mit.gov.in/sites/upload_files/dit/files/downloa
ds/itact2000/itbill2000.pdf
IT (Amendment) Act, 2008 is available at:
http://www.mit.gov.in/sites/upload_files/dit/files/downloa
ds/itact2000/it_amendment_act2008.pdf
Information Technology (Reasonable security practices and
procedures and sensitive personal data or information)
Rules, 2011are available at:
http://www.mit.gov.in/sites/upload_files/dit/files/GSR313
E_10511(1).pdf
32. 1. What is the likelihood of active
enforcement of the new rules?
2. What are the penalties for violations
of the new rules?
3. Do the rules apply only to
information collected from data
subject in India, or do they also apply
to information about data subjects
located outside India?
33. Do the rules apply to uses/disclosure of
information that occur outside of India, if the
information was originally collected in India?
Do the rules apply to pseudonymized
information?
Is the “provider of the information” in Rule 5
referring to the subject, or can this be
interpreted as referring to a third party that
provides information but who is not the data
subject?
34. Are there opportunities for further
clarification/amendment of the new rules?
35. THANK YOU
Intellectual Property & Information Technology Laws Division
New Delhi Mumbai Bangalore Gurgaon
Flat # 5-7, 10 Hailey Road, New Delhi, 110001 (India)
Phone: +91 11 42492532 (Direct)
Phone: +91 11 42492525 Ext 532
Mobile :- 9810081079
Fax: +91 11 23320484
email:- vpdalmia@vaishlaw.com