Post on 16-Jul-2015
INFORMATION TECHNOLOGY POLICY-
NEED OF THE HOUR
By Vijay Pal Dalmia, Advocate
Partner & Head of Intellectual Property & Information Technology Laws Practice
Liable for the acts of Employees and Agents etc.
◦ Strict Liability◦ Vicarious Liability
Data ◦ Protection and◦ Secrecy
Are the norm of the day.
WHY “IT POLICY”!
Email and Internet Usage Laptop/Desktop Usage Hardware Usage◦ Data card◦ Pen Drive
Security of Computer Network◦ System Access◦ Virus Protection◦ Installation Rights
System back up and Maintenance Third Party and Remote Access
Data of the Company forms its valuable IP Assets. Data may include◦ Patents◦ Designs◦ Copyrights◦ Trade Secrets (Unpatented)◦ Customer Data◦ Business Data◦ Business Methods◦ Third Party Data◦ Formulas◦ Source Code◦ Employee Information
WHY “IT POLICY”! .. Continued..
A company may be UNDER LAW obliged to protect the sensitive personal data of its customers and employees.◦ Reference:
Information Technology Act, 2000 Holds the Company liable Civil action- compensation under Section 43A Criminal action- Punishment under Section 72A
for failure to protect any sensitive personal data which its owns, controls or operates.
◦ Promulgation of Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 Provides for mandatory Privacy policy for protection of sensitive
personal data.
LEGAL & CONTRACTUAL OBLIGATION OF A COMPANY!
◦A Company may be held liable To pay Compensation
or Criminal Prosecution
For Negligent in handling of data,
information leading to DEFAMATION Use of unauthorized or pirated software
A company may also be held liable for criminal prosecution◦ Tampering of computer source documents- u/s 65 of the IT Act, 2000◦ Sending of offensive messages u/s 66A of the IT Act, 2000 through
Computer resources & Communication devices◦ Punishment for identi ty theft- u/s 66C of the IT Act, 2000◦ Use of computer resource for cheating by impersonation-
u/s 66D of the IT Act, 2000◦ Violation of privacy by use of electronic means of a company-
u/s 66E of the IT Act, 2000.◦ Publication or transmission of obscene material in electronic form-
u/s 67 of the IT Act, 2000
Information technology means & includes: computers, computer-based networks,computer peripherals,operating systems,e-mail, Intranet, software or any combination thereof,
that are made available by a Company for the purpose of supporting its goals of providing quality products and services to customers, increase shareholder value and foster employment satisfaction.
IT Resources of the Company may Include
Time Management◦ Office hours can be used only for official work thereby enhancing
productivity Utilization and Management◦ Company resources including computer resources for maximum
Employer & Employee Relationship Customer Relationship Poaching can be curbed Reduces the risk of use of pirated and unauthorized use of software Bandwidth Protection◦ Authorized Official use of Company network and resources can
increase the functioning of IT system.
ADVANTAGES OF IT POLICY
Information Technology policy intends to:-
Establish a culture of security and trust for all employees;
Establish guidelines governing proper use of IT and Internet by all employees;
Ensure the use of internet only as a tool for continuous improvement of efficiency and performance;
Fixing the Responsibility & Liability;
Contd…..
OBJECTIVE & PURPOSE OFINFORMATION TECHNOLOGY POLICY
To supplement, not replace, all existing laws, regulations, agreements, and contracts;
Preserve the integrity of the information technology systems;
Protect IT systems against the accidents, failures or improper use;
Reserves the right to access confidential data;
Contd/--
OBJECTIVE & PURPOSE OFINFORMATION TECHNOLOGY POLICY….
Reserves and limit to copy, remove or alter any data, file or system resources;
Maintain a high level of professionalism in keeping with Code of Ethics;
Maintain Company’s reputation among trade and public.
Most of our communications are now electronic.
Recipients of electronic documents like ◦ agents, ◦ distributors,◦ customers etc.needs the source and authenticity of the documents or messages.
Satisfy audit requirementsContd….
Assist in compliance with applicable ◦ laws ◦ Regulations◦ Guidelines and recommendations
Mitigate risk from a security incident
Educate users on sound security practices
Reduce legal risk
INTRUSIO
NS
ARE NOT
ALWAYS A
S
OBVIOUS
AS THIS
EXAMPLE
Espionage Employees falling to the lure or trap
of RIVALS, and passing sensitive and secure data of the company.
Damage to Goodwill, Reputation,
Credibility of the Company.
HarassmentViewing inappropriate content, such as
pornography, hate or violence, can create an environment that is hostile and
offensive for co-workers, and can damage reputation of a company.
ProductivityFrequent online browsing,
shopping, and chatting can get in the way of getting the work
done, and often leads to resentment from the coworkers
VirusesVisiting less than reputable
websites can lead to viruses, spyware, or other malicious
software getting into the network.
Service InterruptionsLarge downloads and
streaming audio and video can suck up network resources
that other employees need to do work and service customers
All
◦ Directors◦ Employees, ◦ Part-time employees,◦ Industrial Trainees,◦ Contractors, ◦ Agents,◦ & …..others of an organization directly or indirectly
associated with the conduct of business of the organization.
Would you be proud to wear your browser history?
Would you be embarrassed if your boss
or your peers saw where you’ve been going?
Portable media (CDs, flash drives) should not be left on the desk
Passwords (pencil) should not be posted
Sensitive FAX or call logs should be put away
Drinks should not be kept near workstations
Vaish Associates AdvocatesNew Delhi Mumbai Gurgaon Bengaluruǀ ǀ ǀ
Celebrating 40 years of professional excellenceIPR & IT Laws Practice Division
1st & 11th Floors Mohan Dev Building 13, Tolstoy Marg New Delhi 110001 (India)ǀ ǀ ǀPhone: +91 11 49292532 (Direct)
Mobile: +91 9810081079Phone: +91 11 49292525 (Board)
Fax: +91 11 23320484www.vaishlaw.com
email:- vpdalmia@vaishlaw.com
Intellectual Property & Information Technology Laws Division