Monthly Archives: September 2014

Cyber Liability Insurance In India And Techno Legal Issues

Cyber Liability Insurance In India And Techno Legal IssuesAs India is marching towards the goal of being Digital India, it is imperative to consider related issues as well. These issues can be legal or technical or both. In other words, techno legal challenges are bound to occur when we would try to implement the noble goal of Digital India. The Companies Act, 2013 of India has also introduced cyber law, cyber security and other techno legal liability and obligations on the part of directors of Indian companies.

Some of the techno legal challenges would originate due to cyber crimes, cyber attacks, cyber espionage, cyber terrorism, etc. It is obvious that losses in the form of money and materials would be there. It is also clear that companies and individuals who would be victims of such cyber nuisance would be required to get themselves proper insurance covers.

Cyber crimes and cyber attacks insurance in India is still maturing. We have very few insurance companies in India that are providing cyber insurance policies in India. Further, we have few takers of cyber liability insurance in India. Even the legal issues of cyber liability insurance in India are not clear.

For instance it is still not clear for which categories cyber liability insurance is available and what the exempted categories are in this regard. Further, fine details of these cyber liability insurances are also not clear to both insurance companies and those seeking the insurance. This would raise disputes while redeeming these cyber liability insurances in future.

Many times cyber crimes and cyber attacks originate from outside the India. How would these cyber intrusions be investigated, traced back and prosecuted in India is a big challenge before the law enforcement agencies of India. It would require significant skills on the part of insurance companies as well to ascertain the origin of such cyber attacks and cyber crimes and meet the requirements of cyber liability insurance accordingly. In short, conflict of laws in cyberspace is a major challenge and hurdle before insurance companies providing cyber liability insurance in India.

We at Perry4Law believe that cyber liability insurance agreements must be thoroughly drafted keeping in mind the genuine interests of both insurance company and the insured subject. Cyber liability insurance involves high stakes and so the premium is also high. It would be a futile and frustrating exercise if after facing a cyber attack, the insured sum is also not released citing some clause or provision in the cyber liability insurance agreement.

In their own interest, those seeking cyber liability insurance must get the insurance agreement vetted by suitable techno legal professionals or law firms of their choices. While choosing the concerned legal expert or law firm, the companies and individuals must ensure that such legal experts or law firms are maintaining a proper cyber security mechanism to protect sensitive and crucial information pertaining to their clients.

The cyber security obligations of law firms in India are increasing and they cannot afford to take the data of their client causally. Law firms in India must also keep in mind the legal obligations arising out of privacy and data protection (PDF) norms as applicable in India from time to time. We wish all the best to both insurance companies and the insurance seekers regarding cyber liability insurance issues.

Indian Government Likely To Ban Use Of Gmail, Yahoo, Etc For Official Communications

Indian Government Likely To Ban Use Of Gmail, Yahoo, Etc For Official CommunicationsConflict of laws in cyberspace has slowly and steadily started showing its impact. Initially, it was Indian government’s inability to deal with foreign technology companies like Google, Yahoo, Microsoft, etc regarding the law enforcement requirements of India. Subsequently, it was realised that absence of a constructive control over these foreign companies is not good for national security and law enforcement requirements of India in the long run. Nothing short of a techno legal framework can solve these problems of India.

Meanwhile, one of the related case reached Delhi High Court that asked Indian government to formulate the e-mail policy of India. The Congress led government took a significant step in this direction and formulated an e-mail policy of India though it is yet to be implemented. Department of electronics and information technology (DeitY) issued documents like email services and usage policies of Government of India (PDF), NIC policy on format of e-mail address (PDF), password policy of Government of India (PDF), security policy for users by Government of India (PDF) and service level agreement by Government of India (PDF), etc for public comments. A final policy on this regard is yet to be issued.

We at Perry4Law have been stressing for long that India must ban Gmail and Yahoo e-mails for official communications. This is because the policies of these companies are such that they abet commission of cyber crimes in India. For instance, G-mail not only masks the Internet Protocol Address (IP Address) of a cyber criminals that makes it impossible to trace an IP Address without Google’s assistance but Google also insists upon following of non Indian laws for providing even basic level information. Till the time the entire legal process is over, the damage is already done.

Not only this, government officials are also violating the provisions of Public Records Act, 1993 wherever public records are involved. This is more troublesome when foreign intelligence agencies are targeting Indian citizens and foreign courts are allowing access to data and information of Indians at foreign locations against Indian laws.

In a much needed move, email services like G-mail, Yahoo, etc are likely to be banned for official use to safeguard critical and sensitive government data. DeitY has already moved a proposal in this regard for cabinet approval. We at Perry4Law welcome this move of BJP Government but what is more important is the decision of Narendra Modi government to allow ministries of defence and external affair to have their own e-mail infrastructures. Other ministries/departments would also be required to use the platform of the National Informatics Centre (NIC). We hope this decision would be implemented as soon as possible.