In a Paper `What IT Amendment Bill 2008 – Entails for Corporate India’ brought out by the ASSOCHAM says, “the Information Technology Bill 2008 in Parliament got passed with unprecedented hurry, without any discussion in both the Houses.  As a result, the Bill does not ensure confidential information and data of corporates and their adequate protection.  These issue need to be re-addressed before the Bill is enacted into legislation”.

The Paper further says, “the IT Act Amendments 2008 are also deficient in the sense that they do not create rebuttable presumptions of confidentiality of trade-secrets and information, in the contest of corporate India. A large number of Indian companies and individuals are saving their confidential data, information and trade-secrets in the electronic form on their computers.

Given the apparent increase in technology adoption, it is increasingly being found that that despite all precautions been taken, the employees are still going ahead and taking away confidential data from companies. The inability of the law to create enabling presumptions of confidentiality regarding corporate and individual data and information in the electronic form, is likely to complicate matters further for Indian companies and citizens”.

Another major failure of the proposed amendments is that they have not dealt with the entire issue pertaining to Spam, in a comprehensive manner.  In case, the word Spam is not even mentioned anywhere in the IT Amendment Bill passed by both the houses of the Parliament. India has missed yet another opportunity to deal with the contentious issue of Spam.

The IT Act amendments do not address jurisdictional issues. At a time when the Internet has made geography history, it was expected that the new amendments would throw far more clarity on complicated issues pertaining to jurisdiction. This is because numerous activities on the internet take place in different jurisdictions and that there is a need for enabling the Indian authorities to assume enabling jurisdiction over data and information impacting India, in a more comprehensive way than in the manner as sketchily provided under the current law.

According to ASSOCHAM, the new amendments make it mandatory for corporates, possessing, dealing or handling any sensitive personal data or information in a computer resource to maintain reasonable security practices, and procedures”. However, what would be these “reasonable security practices and procedures” would be anybody’s guess. It has to be pointed out that one set of security practices will not fit the entire nation. What would be reasonable security practices for one industry may not be directly applicable to another industry.  Non-maintaining such reasonable security practices, would expose the said corporates to civil liability to pay damages by way of compensation to the person so affected, to the tune of Rs 5 crore. The new amendments are likely to impact all industries, which use computers, computer systems and computer networks and data and information in the electronic form. These reasonable security practices and their mandatory adoption, while in overall better interests, are likely to unveil a package of unpleasant surprises for many.

The most startling aspect of the new amendments is that these amendments seek to make the Indian Cyberlaw a cyber crime friendly legislation; -- a legislation that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; a legislation that chooses to give far more freedom to cyber criminals than the existing legislation envisages; a legislation which actually paves the way for cyber criminals to wipe out the electronic trails and electronic evidence by granting them bail as a matter of right; a legislation which makes a majority of cybercrimes stipulated under the IT Act  as bailable offences; a legislation that is likely to pave way for India to become the potential cyber crime capital of the world.