Unit-5

The Importance of an Information Security

Policy
An information security policy helps everyone in the organization understand
the value of the security measures that IT institutes, as well as the direction
needed to adhere to the rules. It also articulates the strategies in place and steps
to be taken to reduce vulnerability, monitor for incidents, and address security
threats.

Important outcomes of an information security policy include:

Facilitates the confidentiality, integrity, and availability of data

A robust policy standardizes processes and rules to help organizations protect
against threats to data confidentiality, integrity, and availability.
Reduces the risk of security incidents
An information security policy outlines procedures for identifying, assessing,
and mitigating security vulnerabilities and risks. It also explains how to
quickly respond to minimize damage in the event of a security incident.
Executes security programs across an organization
To ensure successful execution, a security program needs an information
security policy to provide the framework for operationalizing procedures
Provides clear statement of security policy to third parties
The policy summarizes the organization’s security posture and details how it
protects IT assets and resources. It allows organizations to quickly respond to
third-party (e.g., customers’, partners’, auditors’) requests for this
information.
Helps to address regulatory compliance requirements
The process of developing an information security policy helps organizations
identify gaps in security protocols relative to regulatory requirements.

Cyber Law also called IT Law is the law regarding Information-technology including
computers and the internet. It is related to legal informatics and supervises the digital
circulation of information, software, information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects of contract,
intellectual property, privacy, and data protection laws.

Cyber Law in India: A Brief Understanding

India witnesses many cybercrimes annually, with over 44,000 reported cases. Among the states in
India, Karnataka emerges as the leader in terms of cybercrime rates. According to a 2022 report
by Statista, the average cost of data breaches was USD 2 million in India. This financial impact
reflects the consequences of data breach incidents. For more detailed statistical information, please
refer here.

Cyber law in India is governed by two key legislations: the Indian Penal Code and the Information
Technology Act of 2000. These legal frameworks provide the necessary guidelines and provisions
to address cybercrime and protect digital assets and individuals’ rights in cyberspace.

A variety of cybercrimes are addressed by Indian cyber laws, covering two main aspects: hacking
systems and employing them to commit crimes of different magnitudes. Additionally, Indian cyber
law encompasses a comprehensive range of domains, such as intellectual property rights and
privacy rights, among others.

Cyber law in India encompasses a broad range of subjects, although it is important to note that the
list provided is not exhaustive. Similar concepts may also be addressed in other jurisdictions
globally.

Area of Cyber Law:

Cyber laws contain different types of purposes. Some laws create rules for how
individuals and companies may use computers and the internet while some laws protect
people from becoming the victims of crime through unscrupulous activities on the
internet. The major areas of cyber law include:
1. Fraud:
Consumers depend on cyber laws to protect them from online fraud. Laws are
made to prevent identity theft, credit card theft, and other financial crimes
that happen online. A person who commits identity theft may face
confederate or state criminal charges. They might also encounter a civil
action brought by a victim. Cyber lawyers work to both defend and prosecute
 against allegations of fraud using the internet.

2. Copyright:
The internet has made copyright violations easier. In the early days of online
communication, copyright violations were too easy. Both companies and
individuals need lawyers to bring an action to impose copyright protections.
Copyright violation is an area of cyber law that protects the rights of
individuals and companies to profit from their creative works.

3. Defamation:
Several personnel uses the internet to speak their mind. When people use the
internet to say things that are not true, it can cross the line into defamation.
Defamation laws are civil laws that save individuals from fake public
statements that can harm a business or someone’s reputation. When people
use the internet to make statements that violate civil laws, that is called
Defamation law.

4. Harassment and Stalking:

Sometimes online statements can violate criminal laws that forbid harassment
and stalking. When a person makes threatening statements again and again
about someone else online, there is a violation of both civil and criminal
laws. Cyber lawyers both prosecute and defend people when stalking occurs
using the internet and other forms of electronic communication.

5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though cyber laws
forbid certain behaviors online, freedom of speech laws also allows people to
speak their minds. Cyber lawyers must advise their clients on the limits of
free speech including laws that prohibit obscenity. Cyber lawyers may also
defend their clients when there is a debate about whether their actions consist
of permissible free speech.

6. Trade Secrets:
Companies doing business online often depend on cyber laws to protect their
trade secrets. For example, Google and other online search engines spend lots
of time developing the algorithms that produce search results. They also
spend a great deal of time developing other features like maps, intelligent
assistance, and flight search services to name a few. Cyber laws help these
companies to take legal action as necessary to protect their trade secrets.

7. Contracts and Employment Law:

Every time you click a button that says you agree to the terms and conditions
 of using a website, you have used cyber law. There are terms and conditions
for every website that are somehow related to privacy concerns.

What is the India Digital Personal Data Protection Act

(DPDPA) 2023?

The India Digital Personal Data Protection Act 2023 (DPDPA) is a landmark legislation

that aims to safeguard the privacy of individuals in the digital age. The Act came into effect

on September 1, 2023, and it applies to all organizations that process personal data of

individuals in India.

What is personal data?

Personal data is defined under the DPDPA as "any data that relates to a natural person who

can be identified, directly or indirectly, in particular by reference to an identifier such as a

name, an identification number, location data, or an online identifier." This broad definition

encompasses a wide range of information, including but not limited to:

 Name, address, and contact information

 Date of birth and gender

 Financial information, such as bank account numbers and credit card details

 Online browsing history and search queries

 Social media posts and messages

 Location data, such as GPS coordinates

What data is protected by the DPDPA?

The DPDPA protects personal data that is processed in India, regardless of whether the data

was originally collected in India or elsewhere. The Act also applies to the processing of

personal data of Indian citizens, even if the data is processed outside of India.
The DPDPA does not apply to personal data that is:

 Processed for law enforcement or national security purposes

 Processed for the purpose of journalism or artistic expression

 Processed for personal or family purposes

Key principles of the DPDPA

The DPDPA is based on six key principles:

1. Lawfulness: Personal data must be processed lawfully, fairly, and transparently.

2. Purpose Limitation: Personal data must be collected for specified, explicit, and

legitimate purposes and not further processed in a manner that is incompatible with

those purposes.

3. Data Minimization: Personal data must be adequate, relevant, and limited to what

is necessary in relation to the purposes for which they are processed.

4. Accuracy: Personal data must be accurate and, where necessary, kept up to date.

5. Storage Limitation: Personal data must be kept in a form which permits

identification of data subjects for no longer than is necessary for the purposes for
which the personal data are processed.

6. Integrity and Confidentiality: Personal data must be processed in a manner that

ensures appropriate security of the personal data, including protection against

unauthorized or unlawful processing and against accidental loss, destruction, or

damage, using appropriate technical or organizational measures.

Rights of data principals

The DPDPA grants individuals several rights with respect to their personal data,

including:
  The right to access their personal data

 The right to rectification of inaccurate personal data

 The right to erasure of their personal data

 The right to restrict the processing of their personal data

 The right to data portability

 The right to object to the processing of their personal data

Intellectual property rights are the rights given to each and every person for the creation
of new things according to their minds. IPR usually give the creator a complete right over
the use of his/her creation for a certain period of time.
Intellectual property rights are the legal rights that cover the benefits given to individuals
who are the owners and inventors of work and have created something unique with their
intellectual creativity or capability. Every person related to areas such as literature, music,
invention, etc., can be granted such rights, which can then be used in their business
practices by them.
The creator/inventor gets complete rights against any misuse or use of work without
his/her prior information. However, the rights are issued for a limited period of time to
maintain equilibrium.
What are Intellectual Properties?
1. Industrial designs
2. Scientific discoveries
3. Protection against unfair competition
4. Literary, artistic, and scientific works
5. Inventions in all fields of human endeavor
6. Trademarks, service marks, commercial names, and designations

Types of Intellectual Property Rights:

Intellectual Property Rights can be classified into four types:
 1. Copyright: Copyright is a term that describes ownership or control of the
rights to the use and distribution of certain works of creative expression,
including books, videos, movies, music, and computer programs.
2. Patent: A patent gives its owner the right to exclude others from making,
using, selling, and importing an invention for a limited period of time. The
patent rights are granted in exchange for enabling public disclosure of the
invention.
3. Trademark: A Trademark is a Graphical representation that is used to
distinguish the goods and services of one party from those of others. A
Trademark may consist of a letter, number, word, phrase, logo, graphic, shape,
smell, sound, or combination of these things.
4. Trade Secrets: Trade secret describes about the general formula of any
product and the key behind any organization’s progress. It also includes various
firms’ different secret formulas for the same products which differ in quality.
Advantages of Intellectual Property Rights:
The advantages of intellectual property rights are as follows:
 IPR yields exclusive rights to the creators or inventors.
 It encourages individuals to distribute and share information and data instead
of keeping it confidential.
 It provides legal defense and offers the creators the incentive of their work.
 It helps in social and financial development.
  It inspires people to create new things without fear of intellectual theft.

Legislations Enacted to Protect IPR[5]

In the year 1999, the government passed an important legislation based

on international practices to safeguard the intellectual property rights. The
same are described below−

1. The Patents (Amendment) Act, 1999, facilitates the establishment

of the mailbox system for filing patents. It offers exclusive
marketing rights for a time of five years.
2. The Trademarks Bill, 1999.
3. The Copyright (Amendment) Act, 1999.
4. Geographical Indications of Goods (Registration and Protection)
Bill, 1999.
5. The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.
6. The Patents (Second Amendment) Bill, 1999, for further amending
the Patents Act of 1970 in compliance with the TRIPS.