Call Now

Get The App


Information Technology Act (IT ACT)

Computer Related Offences

•Harassment via fake public profile on social networking site

A fake profile of a person is created on a social networking site with the correct address, residential information or contact details but he/she is labeled as 'prostitute’ or a person of 'loose character’. This leads to harassment of the victim.

•Email Account Hacking

If victim’s email account is hacked and obscene emails are sent to people in victim’s address book.

•Credit Card Fraud

Unsuspecting victims would use infected computers to make online transactions.

•Web Defacement

The homepage of a website is replaced with a pornographic or defamatory page. Government sites generally face the wrath of hackers on symbolic days.

•Introducing Viruses, Worms, Backdoors, Root kits, Trojans, Bugs

All of the above are some sort of malicious programs which are used to destroy or gain access to some electronic information.

•Cyber Terrorism

Many terrorists use virtual (Drive, FTP sites) and physical storage media (USB’s, hard drives) for hiding information and records of their illicit business.

•Online sale of illegal Articles

Where sale of narcotics, drugs weapons and wildlife is facilitated by the Internet.

•Cyber Pornography

Among the largest businesses on Internet, pornography may not be illegal in many countries, but child pornography is.

•Phishing and Email Scams

Phishing involves fraudulently acquiring sensitive information through masquerading a site as a trusted entity (e.g. passwords, credit card information).


•Theft of Confidential Information

Many business organizations store their confidential information in computer systems. This information is targeted by rivals, criminals and disgruntled employees.

•Source Code Theft

A Source code generally is the most coveted and important ‘crown jewel’ asset of a company.

·Cyber crime

The term 'Cyber Crime’ finds no mention either in The Information Technology Act 2000 or in any legislation of the Country. Cyber Crime is not different than the traditional crime. The only difference is that in Cyber Crime the computer technology is involved.

This can be explained by the following instance:

  • Traditional Theft:‘A’ thief enters in B’s house and steals an object kept in the house.
  • Hacking:‘A’ Cyber Criminal sitting in his own house, through his computer hacks the computer of ‘B’ and steals the data saved in B’s computer without physically touching the computer or entering in B’s house. Hence Cyber Crime is a Computer related crime.


Advantages of Cyber Laws

  • The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber- crimes.
  • The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.
  • The Act seeks to empower government departments to accept filing, creating and retentionof official documents in the digital format.
  • The Act has also proposed a legal framework for the authentication and origin of electronic records/communications through digital signature.
    • Emailwould now be a valid and legal form of communication in India that can be duly produced and approved in a court of law.
    • Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.
    • Digital signatures have been given legal validity and sanction in the Act.
    • Certifying Authorities for issuing Digital Signatures Certificates.
    • Government to issue notification on the web thus encouraging e-governance.
    • Enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.
    • Addresses the important issues of security, which are so critical to the success of electronic transactions.
    • The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.



The main principles on data protection and privacy enumerated under the IT Act, 2000 are:

  • Defining 'data’, 'computer database’, 'information’, 'electronic form’, 'originator’, 'addressee’ etc.
  • creating civil liability if any person accesses or secures access to computer, computer system or computer network
  • creating criminal liability if any person accesses or secures access to computer, computer system or computer network
  • declaring any computer, computer system or computer network as a protected system
  • imposing penalty for breach of confidentiality and privacy
  • setting up of hierarchy of regulatory authorities, namely adjudicating officers, the Cyber Regulations Appellate Tribunal etc.


Sensitive Personal Data Information(SPDI)

  • Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011 formed under section 43A of the Information Technology Act 2000 define a data protection framework for the processing of digital data by Body Corporate.
  • Scope of Rules: Currently the Rules apply to Body Corporate and digital data. As per the IT Act, Body Corporate is defined as ‘Any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities.’
  • Definition of Personal and Sensitive Personal data: Rule 2(i) defines personal information as “information that relates to a natural person which either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.”

Rule 3 defines sensitive personal information as:

  • Passwords
  • Financial information
  • Physical/physiological/mental health condition
  • Sexual orientation
  • Medical records and history; and
  • Biometric information
  • Consent to collect: Rule 5(1) requires that Body Corporate should, prior to collection, obtain consent in writing through letter or fax or email from the provider of sensitive personal data regarding the use of that data.
  • where services are delivered with little or no human interaction, like sensors etc, data is collected on a real time and regular basis - it is not practical, and often not possible, for consent to be obtained through writing, letter, fax, or email for each instance of data collection and for each use.
  • Consent to Disclosure: Rule 6 provides that Disclosure of sensitive personal data or information by body corporate to any third party shall require prior permission from the provider of such information.

Explore All Chapters