INFORMATION TECHNOLOGY POLICY-

NEED OF THE HOUR

By Vijay Pal Dalmia, Advocate

Partner & Head of Intellectual Property & Information Technology Laws Practice

Liable for the acts of Employees and Agents etc.

◦ Strict Liability◦ Vicarious Liability

Data ◦ Protection and◦ Secrecy

Are the norm of the day.

WHY “IT POLICY”!

Email and Internet Usage Laptop/Desktop Usage Hardware Usage◦ Data card◦ Pen Drive

Security of Computer Network◦ System Access◦ Virus Protection◦ Installation Rights

System back up and Maintenance Third Party and Remote Access

Data of the Company forms its valuable IP Assets. Data may include◦ Patents◦ Designs◦ Copyrights◦ Trade Secrets (Unpatented)◦ Customer Data◦ Business Data◦ Business Methods◦ Third Party Data◦ Formulas◦ Source Code◦ Employee Information

WHY “IT POLICY”! .. Continued..

A company may be UNDER LAW obliged to protect the sensitive personal data of its customers and employees.◦ Reference:

Information Technology Act, 2000 Holds the Company liable Civil action- compensation under Section 43A Criminal action- Punishment under Section 72A

for failure to protect any sensitive personal data which its owns, controls or operates.

◦ Promulgation of Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 Provides for mandatory Privacy policy for protection of sensitive

personal data.

LEGAL & CONTRACTUAL OBLIGATION OF A COMPANY!

◦A Company may be held liable To pay Compensation

or Criminal Prosecution

For Negligent in handling of data,

information leading to DEFAMATION Use of unauthorized or pirated software

A company may also be held liable for criminal prosecution◦ Tampering of computer source documents- u/s 65 of the IT Act, 2000◦ Sending of offensive messages u/s 66A of the IT Act, 2000 through

Computer resources & Communication devices◦ Punishment for identi ty theft- u/s 66C of the IT Act, 2000◦ Use of computer resource for cheating by impersonation-

u/s 66D of the IT Act, 2000◦ Violation of privacy by use of electronic means of a company-

u/s 66E of the IT Act, 2000.◦ Publication or transmission of obscene material in electronic form-

u/s 67 of the IT Act, 2000

Information technology means & includes: computers, computer-based networks,computer peripherals,operating systems,e-mail, Intranet, software or any combination thereof,

that are made available by a Company for the purpose of supporting its goals of providing quality products and services to customers, increase shareholder value and foster employment satisfaction.

IT Resources of the Company may Include

Time Management◦ Office hours can be used only for official work thereby enhancing

productivity Utilization and Management◦ Company resources including computer resources for maximum

Employer & Employee Relationship Customer Relationship Poaching can be curbed Reduces the risk of use of pirated and unauthorized use of software Bandwidth Protection◦ Authorized Official use of Company network and resources can

increase the functioning of IT system.

ADVANTAGES OF IT POLICY

Information Technology policy intends to:-

Establish a culture of security and trust for all employees;

Establish guidelines governing proper use of IT and Internet by all employees;

Ensure the use of internet only as a tool for continuous improvement of efficiency and performance;

Fixing the Responsibility & Liability;

Contd…..

OBJECTIVE & PURPOSE OFINFORMATION TECHNOLOGY POLICY

To supplement, not replace, all existing laws, regulations, agreements, and contracts;

Preserve the integrity of the information technology systems;

Protect IT systems against the accidents, failures or improper use;

Reserves the right to access confidential data;

Contd/--

OBJECTIVE & PURPOSE OFINFORMATION TECHNOLOGY POLICY….

Reserves and limit to copy, remove or alter any data, file or system resources;

Maintain a high level of professionalism in keeping with Code of Ethics;

Maintain Company’s reputation among trade and public.

Most of our communications are now electronic.

Recipients of electronic documents like ◦ agents, ◦ distributors,◦ customers etc.needs the source and authenticity of the documents or messages.

Satisfy audit requirementsContd….

Assist in compliance with applicable ◦ laws ◦ Regulations◦ Guidelines and recommendations

Mitigate risk from a security incident

Educate users on sound security practices

Reduce legal risk

INTRUSIO

NS

ARE NOT

ALWAYS A

S

OBVIOUS

AS THIS

EXAMPLE

Espionage Employees falling to the lure or trap

of RIVALS, and passing sensitive and secure data of the company.

Damage to Goodwill, Reputation,

Credibility of the Company.

HarassmentViewing inappropriate content, such as

pornography, hate or violence, can create an environment that is hostile and

offensive for co-workers, and can damage reputation of a company.

ProductivityFrequent online browsing,

shopping, and chatting can get in the way of getting the work

done, and often leads to resentment from the coworkers

VirusesVisiting less than reputable

websites can lead to viruses, spyware, or other malicious

software getting into the network.

Service InterruptionsLarge downloads and

streaming audio and video can suck up network resources

that other employees need to do work and service customers

All

◦ Directors◦ Employees, ◦ Part-time employees,◦ Industrial Trainees,◦ Contractors, ◦ Agents,◦ & …..others of an organization directly or indirectly

associated with the conduct of business of the organization.

Would you be proud to wear your browser history?

Would you be embarrassed if your boss

or your peers saw where you’ve been going?

Portable media (CDs, flash drives) should not be left on the desk

Passwords (pencil) should not be posted

Sensitive FAX or call logs should be put away

Drinks should not be kept near workstations

 Vaish Associates AdvocatesNew Delhi   Mumbai    Gurgaon   Bengaluruǀ ǀ ǀ

Celebrating 40 years of professional excellenceIPR & IT Laws Practice Division

1st  & 11th Floors   Mohan Dev Building   13, Tolstoy Marg   New Delhi 110001 (India)ǀ ǀ ǀPhone: +91 11 49292532 (Direct)

Mobile: +91 9810081079Phone: +91 11 49292525 (Board)

Fax: +91 11 23320484www.vaishlaw.com

email:- vpdalmia@vaishlaw.com 

Intellectual Property & Information Technology Laws Division