Cybersecurity in India is yet to reach a sophisticated stage. While several businesses are working in the space, the common populace is to grapple with several concepts of how cybersecurity directly impacts their digital and real lives.
One such concept is the legal perception of how cybercrime should be treated, recognized, and penalized. Section 66A of the IT Act was created in the year 2000 for the exact purpose. It had laid out the definition of cybercrime in the form of communication and the proportionate punishment for it.
Fifteen years after it was created, the Supreme Court of India decided to strike down Section 66A of the IT Act while ruling on a Public Interest Litigation case. The decision throws light on how India's legal and compliance landscape is evolving to match the increased cybersecurity risks across the country.
What is Section 66A, IT Act?
Section 66A was designed to define how criminal activity might be conducted by a person or persons on digital mediums. It penalized a considerable portion of such action by laying out a broad definition. Any person who communicated the following with her/his computer or another digital device was subjected to a criminal activity under the Section 66A of the IT Act:
- The content shared by the person was considered grossly offensive.
- The content carried false information and was deliberately created for annoying, putting in danger, making it inconvenient for, insulting, injuring, criminally intimidating, obstructing, people or treating them with enmity, hatred, or ill will.
- The content was created to create a deception about the source of the messages.
Any person or persons found carrying out such activities were treated with criminal charges and could receive three years of imprisonment and a fine.
Why Was Section 66A IT Act Repealed?
As one tries to answer what is Section 66A, IT Act, one gets to know that it was probably created with good intentions but was not proving to be effective. It faced several challenges like:
- Vague Descriptions of Key Terms: One of the primary challenges with the act was how it defined several key terms like grossly offensive. While the term communicates what the law might have intended, it does not lay out a framework for identifying something as grossly offensive. Such expressions can be open to interpretations and may have subjectivity embedded in them.
- Overlapping with Indian Penal Code, 1860: For several parts of criminal conduct, intimidating, harassing, and other such cases, the section overlapped with the Indian Penal Code, 1860. Moreover, both the laws were giving out different punishments for apparently identical offenses.
The Section 66A IT Act directed a sentence of three years in imprisonment, while the IPC 1860 directed a two-year sentence for the same offense. This could have created challenges in applying and interpreting the law across the country.
- Defining the Perpetrators and the Victims: One key area where the law did not mention some critical criteria was – how did it define the number of perpetrators and victims? Was the law supposed to be applied between two people's interaction, or could it be used for many to many, many to one, and one to many conversations?
- Abused Across the Country: In its nearly 15 years of enactment, the law was misused by several facets across the country. The particular PIL that led to the section's removal was motivated by the punishment sentenced to two girls in Maharashtra who communicated their dissatisfaction against the local government when it declared a shutdown on a significant political leader's demise.
Which Law Replaced Section 66A IT Act?
After the section was removed, no new sections were created, consequentially to replace it. That does not mean there isn’t a legal structure surrounding cybercrime in India.
The Indian Penal Code, 1860, and the Companies (Management and Administration) Rules 2014, working with the Companies Act 2013, are the commonly used directive laws in cases dealing with cybercrime.
How are Businesses Protected Against Cybercrimes?
Now that Section 66A has been removed for over half-a-decade, businesses have understood a more straightforward definition of cybercrime and started protecting their interests with cyber security insurance.
More Indian businesses are now creating an IT security infrastructure paired with a cyber security insurance
plan that allows them comprehensive protection against malware, ransomware, and other forms of cyberattacks along with their consequences.
- What type of companies can take cyber security insurance?
It is an industry-agnostic insurance cover available to businesses of all sizes and scales.
- Does cyber security insurance pay for hiring a lawyer to post a cyberattack?
The specifics are dependent on the specific policy. However, some policies do compensate for the hiring fees of professionals after the incident has taken place. Peruse the policy wordings to know all about cyber insurance coverage
and key aspects that are included under your policy.