Indiato add more rules in IT Act soon
Inview of security breaches taking across cyber space and to send astrong message to the world on security of Data in India, theGovernment of India is planning to add some more rules to theexisting Information Technology Act 2000.
"Legalframework cannot itself solve the problem. Data should be recorded inparticular reasonable format and that is where the need of bestpractices arises. IT Act 2000, which was amended in 2008, talks aboutdata theft in all possible manners. We are working closely with DataSecurity Council of India. We are committed in notifying some morerules in IT Act 2000 soon," said Dr Gulshan Rai, directorgeneral, CERT-IN, Government of India at an event organized by DataSecurity Council of India recently.
DSCI in last August hasproposed to introduce 16 best practices and 9 privacy practices inIndia which it has taken from rules and legislation implementedacross the world. The new rules to be added in IT ACT 2000 areexpected to be taken from the proposed best practices and privacypractices of DSCI.
"Section 43 and 72 talk about datatheft and security but the government still need to define'reasonable' security practices under section 43 A. We hope that ourproposed framework will help government in defining 'reasonable'security practices," said Dr. Kamlesh Bajaj, CEO, DSCI.
However, there will be no amendment in the IT Act 2000 asboth industry and government feels that it is complete.
"ITAct 2000 is complete but there is only need to add some rules whichdoes not need to go through tedious process of approval as in case ofAct amendment," added Bajaj.
R Chandrashekhar,Secretary, Department of Information Technology, Ministry of IT andCommunications clarified that the framework proposed by DSCI has beentaken from the rules and legislation across the world and anylegislation that is made in a country is due to its own societalstructure.
"Everything has its place. There is securityframework which provides certain minimum basis of securityrequirement. If you go in rural India, people are very open to sharethere information. The IT Act 2000, amended in 2008, reflects theneed of India and then there are rules that amplify the parameter ofthe Act. Security requirement vary from project to project. An actmeans something that binds every one mandatory. The Act is completein itself," said Chandrashekhar.
