INFORMATION TECHNOLOGY ACT OF INDIA Flashcards
What is the Information Technology Act 2000 (IT Act)?
The cornerstone of India’s legal framework for cyber law - digital transactions - and data protection.
What was the purpose of the Information Technology (Amendment) Act 2008?
To address new issues such as data privacy - information security - and cybercrimes.
What does Section 43 of the IT Act cover?
Penalties and compensation for damage to computer systems - unauthorized access - and data theft.
What is the penalty under Section 65 of the IT Act?
3 years imprisonment and a fine of 2 lakh rupees for tampering with computer source documents.
What is the penalty under Section 66 of the IT Act?
3 years imprisonment and a fine up to INR 500 -000 for hacking computer systems.
What happened to Section 66A of the IT Act?
It was struck down by the Supreme Court in 2015 for being vague and infringing on free speech rights.
What do Sections 66C and 66D of the IT Act penalize?
Identity theft and computer-based scams.
What is the role of the Indian Computer Emergency Response Team?
It is the national agency for cybersecurity - established under Section 70B.
What is required under Section 43A of the IT Act?
Body corporates handling sensitive personal data must implement and maintain reasonable security practices.
What is the role of the adjudicating officer under Section 46 of the IT Act?
To discern IT Act violations.
What is the scope of the IT Rules 2011?
Applies to bodies corporate or persons located in India - covers private sector only - and defines ‘personal information’.
What is included in Sensitive Personal Data (SPDI) under the IT Rules?
Passwords - financial information - health records - biometric data - etc.
What are acceptable security practices under the IT Rules?
IS/ISO/IEC 27001 or a code developed by an industry association and approved by the government.
What must organizations include in their privacy policies under the IT Rules?
The type of personal information collected - its purpose - and processing methods.
What are the key data protection principles outlined in Rules 4-8 of the IT Rules?
Consent and purpose limitation - lawful purpose and minimal collection - notice and purpose limitation - retention - use - subject access and correction - option to refuse or withdraw consent - security - complaint handling.