How to comply with India’s IT Act 2000

India’s Information Technology Act, 2000 or IT Act contains some of the most stringent privacy requirements in the world and has the unfortunate impact of holding intermediaries liable for illegal content.

If you operate from/in India, you need to understand the IT Act in order to avoid potential penalties.

Requirements of the IT Act of 2000

The IT Act 2000 applies to companies that do business in India. This includes entities registered in India, outsource there, and maintain servers within the country’s borders.

If your only connection with India is having customers there, you are not held to the IT Act.

The only way that can occur is if you run a service or sell a product and also maintain servers there.

For example, Instagram (1) is popular (2) in India with many people participating in that social media app.

However, Instagram is a U.S. company and does not need policies complying with the IT Act.

(1) Link to https://www.instagram.com/?hl=en

(2) Link to http://www.alexa.com/siteinfo/instagram.com

(3) Link to https://www.snapdeal.com/

(4) Link to https://www.snapdeal.com/page/terms

However, Snapdeal (3), an online shopping source in India, is an Indian company that conducts transactions in India.

It is held to the stipulations in the IT Act 2 - and that is addressed in its Privacy Policy page (4):

How to comply with IT Act of 2000

Know where your servers are located at

If your company is located in India and registered there, there is no doubt that you must comply with the act.

If you hired a consultant or other company to handle your outsourcing or IT needs, ask them where they keep the servers.

Determine if your servers are located in India.

Privacy by Design

Many offenses listed in in the IT Act 2000 arise from security breaches.

Follow the Privacy by Design guidelines:

Have a good Privacy Policy Have good IT security policies

(5) Link to https://termsfeed.com/blog/privacy-by-design/

Limit access to your servers

Create unique login credentials

Develop ways to track use on your servers so if any illegal activity arises, you can link it to an individual rather than make it appear your entire company is culpable.

Examples:

* * *

Monitor user-generated content

If your website or mobile app allows of user-generated content to be created and post, develop screening so you can control the user-generated content before it posts.

Discovering slanderous content after the fact can still result in legal liability so you want to be as proactive as possible.

Addressing user-generated content in your Terms and Conditions (6) is also helpful.

This is important because not only do you need to monitor client use of your servers but you also need the authority to do so.

(6) Link to https://termsfeed.com/blog/4-clauses-host-user-generated-content/

Companies operating in and/or from India concerned about complying with the IT Act 2000 would do well to:

Start with Privacy by Design approaches

Writing simple language into their Privacy Policy agreements

https://termsfeed.com/?utm_source=Article-285&utm_campaign=Presentations-PDF&utm_medium=PDF