Information Technology Policy for Corporates - Need of the Hour
Download as PPT, PDF5 likes3,223 views
The document discusses the importance of an information technology (IT) policy for organizations, highlighting legal liabilities related to data protection and the need for secure usage of IT resources by employees. It outlines responsibilities regarding the protection of sensitive personal data, the risks associated with improper use of technology, and the benefits of establishing a culture of security and trust. The policy aims to enhance productivity, mitigate risks, and ensure compliance with applicable laws while protecting the company's reputation.
Information Technology Policy for Corporates - Need of the Hour
- 1. INFORMATION TECHNOLOGY POLICY - NEED OF THE HOUR By Vijay Pal Dalmia, Advocate Partner & Head of Intellectual Property & Information Technology Laws Practice
- 2. Liable for the acts of Employees and Agents etc. ◦ Strict Liability ◦ Vicarious Liability Data ◦ Protection and ◦ Secrecy Are the norm of the day. WHY “IT POLICY”!
- 3. Email and Internet Usage Laptop/Desktop Usage Hardware Usage ◦ Data card ◦ Pen Drive Security of Computer Network ◦ System Access ◦ Virus Protection ◦ Installation Rights System back up and Maintenance Third Party and Remote Access
- 4. Data of the Company forms its valuable IP Assets. Data may include ◦ Patents ◦ Designs ◦ Copyrights ◦ Trade Secrets (Unpatented) ◦ Customer Data ◦ Business Data ◦ Business Methods ◦ Third Party Data ◦ Formulas ◦ Source Code ◦ Employee Information WHY “IT POLICY”! .. Continued..
- 5. A company may be UNDER LAW obliged to protect the sensitive personal data of its customers and employees. ◦ Reference: Information Technology Act, 2000 Holds the Company liable Civil action- compensation under Section 43A Criminal action- Punishment under Section 72A for failure to protect any sensitive personal data which its owns, controls or operates. ◦ Promulgation of Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 Provides for mandatory Privacy policy for protection of sensitive personal data. LEGAL & CONTRACTUAL OBLIGATION OF A COMPANY!
- 6. ◦ A Company may be held liable To pay Compensation or Criminal Prosecution For Negligent in handling of data, information leading to DEFAMATION Use of unauthorized or pirated software
- 7. A company may also be held liable for criminal prosecution ◦ Tampering of computer source documents- u/s 65 of the IT Act, 2000 ◦ Sending of offensive messages u/s 66A of the IT Act, 2000 through Computer resources & Communication devices ◦ Punishment for identity theft- u/s 66C of the IT Act, 2000 ◦ Use of computer resource for cheating by impersonation- u/s 66D of the IT Act, 2000 ◦ Violation of privacy by use of electronic means of a company- u/s 66E of the IT Act, 2000. ◦ Publication or transmission of obscene material in electronic form- u/s 67 of the IT Act, 2000
- 8. Information technology means & includes: computers, computer-based networks, computer peripherals, operating systems, e-mail, Intranet, software or any combination thereof, that are made available by a Company for the purpose of supporting its goals of providing quality products and services to customers, increase shareholder value and foster employment satisfaction. IT Resources of the Company may Include
- 9. Time Management ◦ Office hours can be used only for official work thereby enhancing productivity Utilization and Management ◦ Company resources including computer resources for maximum Employer & Employee Relationship Customer Relationship Poaching can be curbed Reduces the risk of use of pirated and unauthorized use of software Bandwidth Protection ◦ Authorized Official use of Company network and resources can increase the functioning of IT system. ADVANTAGES OF IT POLICY
- 10. Information Technology policy intends to:- Establish a culture of security and trust for all employees; Establish guidelines governing proper use of IT and Internet by all employees; Ensure the use of internet only as a tool for continuous improvement of efficiency and performance; Fixing the Responsibility & Liability; Contd….. OBJECTIVE & PURPOSE OF INFORMATION TECHNOLOGY POLICY
- 11. To supplement, not replace, all existing laws, regulations, agreements, and contracts; Preserve the integrity of the information technology systems; Protect IT systems against the accidents, failures or improper use; Reserves the right to access confidential data; Contd/-- OBJECTIVE & PURPOSE OF INFORMATION TECHNOLOGY POLICY….
- 12. Reserves and limit to copy, remove or alter any data, file or system resources; Maintain a high level of professionalism in keeping with Code of Ethics; Maintain Company’s reputation among trade and public.
- 13. Most of our communications are now electronic. Recipients of electronic documents like ◦ agents, ◦ distributors, ◦ customers etc. needs the source and authenticity of the documents or messages. Satisfy audit requirements Contd….
- 14. Assist in compliance with applicable ◦ laws ◦ Regulations ◦ Guidelines and recommendations Mitigate risk from a security incident Educate users on sound security practices Reduce legal risk INTRUSIONS ARE NOT ALW AYS AS OBVIOUS AS THIS EXAM PLE
- 15. Espionage Employees falling to the lure or trap of RIVALS, and passing sensitive and secure data of the company. Damage to Goodwill, Reputation, Credibility of the Company.
- 16. Harassment Viewing inappropriate content, such as pornography, hate or violence, can create an environment that is hostile and offensive for co-workers, and can damage reputation of a company. Productivity Frequent online browsing, shopping, and chatting can get in the way of getting the work done, and often leads to resentment from the coworkers Viruses Visiting less than reputable websites can lead to viruses, spyware, or other malicious software getting into the network. Service Interruptions Large downloads and streaming audio and video can suck up network resources that other employees need to do work and service customers
- 17. All ◦ Directors ◦ Employees, ◦ Part-time employees, ◦ Industrial Trainees, ◦ Contractors, ◦ Agents, ◦ & …..others of an organization directly or indirectly associated with the conduct of business of the organization.
- 19. Would you be proud to wear your browser history? Would you be embarrassed if your boss or your peers saw where you’ve been going?
- 20. Portable media (CDs, flash drives) should not be left on the desk Passwords (pencil) should not be posted Sensitive FAX or call logs should be put away Drinks should not be kept near workstations
- 21. Vaish Associates Advocates New Delhi Mumbai Gurgaon Bengaluruǀ ǀ ǀ Celebrating 40 years of professional excellence IPR & IT Laws Practice Division 1st & 11th Floors Mohan Dev Building 13, Tolstoy Marg New Delhi 110001 (India)ǀ ǀ ǀ Phone: +91 11 49292532 (Direct) Mobile: +91 9810081079 Phone: +91 11 49292525 (Board) Fax: +91 11 23320484 www.vaishlaw.com email:- [email protected] Intellectual Property & Information Technology Laws Division