 So ultimately today, whatever we do, whether it's your banking, whether it's your contracts, whether it's your online business, whether it's anything that you do electronic today, that's termed out to be the legal reality only because of Information Technology Act. So when the moment we're making out online business, specifically mobile applications or websites or having your own applications or platforms and the like, I think everything today, whatever we do digitally, I think the whole recognition of it from a legal perspective is given by the Information Technology Act, thanks to this law. Next slide please. So I think this is a very, very new generation law because it's just about 20 years old. And then however, I can just say that it's not adequate enough. There still needs to be a lot of amendments done to this law because this is one piece of legislation that is completely going to be technology dependent. So in order to be in sync with the growing technology, I think the law is slightly left behind. But nevertheless, I think there are some marvelous provisions that we're going to discuss as we go forward. Next slide please. So in India largely, we have an Indian cyber law in the form of Information Technology Act. And it was introduced in the year 2000. And an amendment also was bought about in the year 2008. And more specifically, we also have certain rules and regulations which are framed there under. And I would like to talk of one piece of the rules that is IT rules 2011. They hold a significant place in terms of doing business online. I think these are the three golden mantras for any business entity that is trying to use computers, computer systems, computer networks, and also digital information and electronic data. I think fundamentally, cyber law today is largely comprised within these three parameters. So if you're a business entity, if you're a corporate businessman, if you're a startup, if you're an entrepreneur, I think primarily you'll have to stay focused and understand the legal nuances behind this law because we live in a country which says ignorance of law is no excuse. Next slide please. There are lots of issues that are happening currently with regard to this legislation. And more specifically, like I told you, anything that is done digital would assume legal significance because of Information Technology Act. Other than four things, there are four things that the law does not recognize when there's an electronic form. The first one is power of attorney. Then will a trusted and negotiable instrument other than check and any sale document of immobile property. I think if you have any of these, even in the electronic format, I think the law will not recognize it. But other than this, anything that you do digital is going to give a legal validity by this Information Technology Act. And primarily, it's a facilitating legislation. It's not a penal statute. We have something like the IPC Indian Penal Code, which is a criminal statute, which specifically talks about the various offenses and the penalties. So in short, I would say the cyber law is nothing but a mix of all the legislations with an e-addict to it, whether it's civil, criminal, corporate, or land, or family, or banking, and the like. I think fundamentally, with everything going digital, I think this is going to be one of the most important mother legislation as we go forward. Next slide, please. So primarily, I would like to tell you that an interesting statement that has been made. So with the recent Supreme Court's judgment, I think we all have to be cognizant to the fact that right to privacy is now being made a fundamental right. So I just thought of depicting this picture, though the copyright is with the owner, I just yet intend to display that, so as to make you aware about the implication regarding privacy. I think right to privacy is no longer going to be the dark line. It's going to be a center stage attention because it's now being made a fundamental right of every Indian citizen. So no matter whether it's a company, but no matter if it's an employee, a consultant, and anybody, I think primarily you'll have to realize that protecting privacy is the only mantra that businesses have to adopt in this distant era. Next slide, please. So I just thought of sharing certain basic concepts with you before I go throughout my presentation, and so that it'll help you and me to understand and put things in a better phase. So the moment you're creating anything electronic, that is any document, any image, any video that you create using a computer or a mobile phone, today can become an electronic record. So your emails, your WhatsApp conversations, your Facebook posts, and then your tweets and your conversations that are happening to Skype and webinars like these, all of them are considered to be electronic records specifically under section 211 of the Information Technology Act. What does that mean? That means that anytime I create any of these records, I can call that as an electronic record and there's a process that needs to be adopted with regard to how you can authenticate and ensure legal validity to such electronic transactions as we go forward. Next slide, please. So I just like to talk of one big area that businesses need to keep in mind. It's something called public infrastructure. So I just put it in a very simple way so that I don't want to go too legal on it. See, I'm sure that people here would have watched certain movies, especially if you look at the old regional movies, specifically the movies which had gangsters and criminals. I don't mean to refer to them, but I just want to draw an example so that it can make your life very easy. So we've seen a lot of movies like Dawn and things like that, where a lot of smuggling activities take place. And usually what happens in those smuggling activities, there's a code being given to the parties or there's a hundred rupee note which is cut into two parts. One is vested with the other part and the other was vested with the other party. Only when they come together, they show these and then they have some kind of matching, only then they're trying to transact business. I think public infrastructure is something similar to that. You have something called a private key. You have something called a public key. The public key is known to the public. The private key is only known to that respective business house. And typically all of these are issued by an authority called Certifying Authority. So typically I think all businesses who are filing their income tax returns and GST returns would have been aware of this because they make cause of something called digital signature in order to file their returns. I think typically you'll have to understand that there's a public key, there's a private key, only once both of them get authenticated, a document stands validated. So this is the only thing that I would like to talk of in terms of electronic records. So you're putting up your email and show that you're encrypting and decrypting it using your keys. So ideally I see that there are a lot of email applications that you're making used, whether it's the Microsoft Outlook or whether it's the Gmail's of the world, whether it's the Yahoo's of the world, whether it's a corporate network. I think everywhere there's an option that you can make use of that is ethics and sign the email digitally. I think doing that would actually bring in a lot of legal things into picture because it's going to be stating that email more legally authentic in the eyes of law. Next slide please. More specifically I would like to talk of in this context of relating to e-contracts. See I think today when we all are in the digital environment we are making use of various amounts of e-contracts with or without a knowledge. So the classical example that I would like to relate here is when you create your email, what happens when you sign up on an email? Typically let's take an example of Gmail. When you start creating an email typically there are terms and conditions that you make use of and then you need to accept and agree going forward to create your email account. I think these are all e-contracts that we are signing up with or without our knowledge. The same thing happens when you make a purchase of any kinds of products on these e-commerce platforms or the marketplaces, whether it's the Amazon's or the Flipkarts or whether they're staff deals of the world. I think anything that you're making use of today for the purpose of purchasing your products you're agreeing to the terms and conditions and the policies mentioned thereof. So what does it mean? That means that it's an e-contract that you're making use of. So e-contracts typically for businesses can be in three formats. One is click, one is shrink and other is browse. So click is when you make use of something called I agree. When you click on something called I agree, I accept. So that typical form of contract is called a click-crap contract and shrink. When you purchase some kinds of CDs or DVDs from market, you're agreeing to the terms and conditions. For example, if you're purchasing any kinds of Microsoft Office or Antivirus tools or the operating systems and typically when you make a purchase of them in the physical market, there's a sheet of terms and conditions that is mentioned at the back of the CD. So typically you're agreeing to this by making a purchase that's called shrink-rap. Browse-rap, obviously when you're browsing out various applications or the websites and when you're downloading mobile applications, when you're making use of platforms, you typically have terms and conditions which you make use of. I think ideally these are three typical forms of e-contracts that companies are trying to make use of for their business and for the purpose of their trading and other aspects. So I think if you're a business, if you're an entrepreneur, if you're a startup or if you're a corporate or if you're making use of any kinds of websites or mobile applications, I think e-contracts would have to be primarily looked at, the tip of the iceberg, more specifically in this light of online ecosystem. And apart from that, we also have certain things called electronic signatures and digital signatures. Well, digital signatures as you all are aware that are typically issued by a certifying authority and then they're given to you in a USB token. Typically your chartered accountant or the company secretary makes use of this to order to file your returns. I think you can also make use of this when you're making out client conversations through emails or transacting any kinds of businesses using emails because the moment you're affixing your digital signature or the electronic signature, you're adding more authenticity to it. And specifically that becomes an authenticity to the electronic record, which is the email. And then it can be used in the court of law as a valid legal evidence. So this is a very important fact that I would like to talk of because everybody no matter it's a school or a medium or a large scale enterprise, everybody is making use of digital signatures for the purpose of doing their returns and other tax compliance. I think in this domain, if you basically try to understand and take up the right class of digital signature for your business purpose, I think that can save a lot of time and energy and especially during this pandemic situation, you can try to enter into contracts with clients, vendors, as well as also pass on your legal policies to your employees with the help of and ask them to sign using this digital signatures. I think this is going to be one of the key areas that you can focus on, especially in order to attribute nexus to that particular document. Next slide please. I think typically anything that you do electronic, whether it's your conversations or the documents or any kinds of emails or videos, audios, anything that you do digitally is now going to be increasingly used as digital evidence. So I would say that think twice before you do anything digital. I'll tell you of this case which has happened, which has come to me a long time ago. There was a company, there was a business house typically wherein they started communicating their roles and responsibilities of employees through email. And typically the employee was assigned tasks by their reporting manager and then they were supposed to report back to the manager. Unfortunately, there was one employee who did not pay any kinds of attention to this particular instructions being given to him electronically. However, in the range of frustration, the reporting manager sent out an email abusing the corporate employee of using derogatory and defamatory language and then he put up his frustration through that email. And lo and behold, what has happened is that this particular employee did not abuse the employee and the manager back, but however, he went up to the police station and took screenshots of this message and then mail and then registered a criminal case against the reporting manager for defamation. I think it's a wake up call that everybody need to realize that when you're making use of the digital or the electronic environment, I think you'll have to quickly realize that you cannot do out anything that wipes out the information completely. I think we'll have to quickly realize that we need to be cautioned while we're making and any kinds of posts includes sharing audio station. I think this is a corporate learning that everyone who's using this digital environment needs to be really surprised off in order to ensure that they do not land up on the wrong side of litigation and then instead of suing the employee getting sued, it's going to be a completely different paradigm altogether. Next slide please. Ideally, when you're trying to make use of digital environment, I will say that you should act with care and caution because there could be a lot of evidence and trail that could be left behind these digital transactions. Next slide please. Yeah, I just wanted to talk about certain cyber crimes in the light of businesses so as to ensure that to bring about an awareness in the business ecosystem regarding some kinds of crimes. Of course, these are just illustrative and not exhaustive. Fishing is one of the most commonly occurring cyber crimes with regard to online businesses and specifically with regard to business houses. Fishing is nothing but creating fake login pages just like it's the original. It's like it almost looks like. So basically, if you're trying to have any kinds of websites or if you are trying to have any kinds of mobile applications or the platforms, you need to clearly ensure that you're not facing these kinds of issues. What happens largely is when you typically have websites relating to your online business, they could be looked like a lot of times and then these could be used primarily to bypass the security measures and not just that, a lot of data collection could happen through this particular fishing websites. I think nobody is immune because anybody that's there, any websites that's there on the computer network, I think you have to understand that that fishing is going to be one of the most increasing cyber crime that you're likely to be hit. Now, nevertheless, we have also have the identity steps of the world because thanks to the internet that's made and ensured anonymity to the users. So much so that today when you're trying to have any kinds of transactions with anybody online, we quickly have to understand that identifying and relating to that particular individual is going to be one of the most important legal challenge as also business challenge because you do not know who is exactly behind that who's chatting with you, whether it's a genuine one or whether it's a fake one, we don't have any clue. I think identity steps are also in the new flavor of the times. Now ransomware has become the new corporate jewel in the ground. Why? Because there's a lot of things happening across this particular crime called ransomware. So earlier we might have heard of extortions wherein people started kidnapping somebody, demanding extortion, I mean ransom and then doing a lot of extortion activities. And now thanks to this domain called the internet, I think it's taken the totally new paradigm altogether. Today ransomware attacks have become one of the most new flavor of the times. Why? Everybody is not facing these kinds of attacks. We also had the corporate giant and cognizant who actually was hit with a big ransomware attack. Now just yesterday we also had an information that Honda company had also been hit with something called the snake ransomware that's now, of course, there are official confirmations regarding the same. But yes, what happens in this kind of a scenario is that we typically get your devices, get a message that your devices have been locked and you're typically asked to pay a certain amount as ransom, which is typically in a cryptocurrency called Bitcoins. And only if that is transferred, the data and the devices are being released. So it's going to be a very, very different paradigm because there are a lot of professional personnel and social data that you make use of in a device. And more specifically in the light of businesses, when they store a large amount of confidential business information, this is going to become a very important aspect because if your information is sitting on the fence, I think it's going to be opening up a new box of legal exposures to criminals and cyber attackers. Corporate data theft is nevertheless going to be one another jewel of the crown because more specifically in this kind of pandemic, as also in the light of having corporate data shared across various systems without any proper production, I think that's going to be increasingly exposing the data of corporates and business houses to cyber criminals. So IP issues are going to also be the new toast to the times because with a lot of intellectual property coming up, whether it's trademarks or the copyrights and the like, and the patents and the trade secrets, I think it's going to be completely a different paradigm altogether. Why? Because there's going to be a lot of intellectual property generated out of your business, whether you're a service-based company or a product-based company or you do any kinds of business which is involving information or data in the electronic format. I think more specifically in the light of this, there would definitely be two kinds of issues that you could face with one with regard to your trademark, one with regard to your copyright. I think copyright is going to be largely affecting a lot of business houses in this domain of online and digital environment. Why? Because there's the favorite three keys I would say of any person is Control C, Control V, and Control A. I think cut, copy, paste is the new Indian juggard which has emerged because anybody who's going on the online domain, I think this is the favorite thing that they're trying to do. Why? They're going to cut, copy, paste anything that and everything that is available on the internet. So be cautioned because there's going to be a lot of IP related issues that is going to come across. More specifically in the light of copyright, since the copyright law recently got amended and there are going to be huge and strict penalties that have been initiated specifically under copyright infringement. And more specifically, we have a section called Section 63 which is a section for copyright infringement which could have imprisonments ranging from five to seven years and it could also be for 10 or 15 years in case you repeat the offense. More specifically in the light of intellectual property violations. Next slide, Forgery and Forge documents are actually trying to receive more center stage attention. I just talk of this case that has happened recently and then that came to my notice. There was one company secretary and a chartered accountant who were trying to do a tax advice to a particular company. Well, they wanted to ensure that the tax which is payable by the company is actually trying to be reduced. So in that kind of a scenario, what has exactly happened is while preparing returns, they actually try to forge the statements and then make a forged return as their prime FAC for filing the income tax return for the company. So what happened in this scenario? They had prepared a forged document looking and manipulating the facts and figures then trying to use the forged document for the purpose of filing their returns. Lo and behold, this went up to the department's notice and there was a raid on that business house. As a result, the computer, the laptop, everything was actually seized. What they found that it was interesting to note is that the original document and the forged document both were present in that particular system and to that understanding, it primarily basically displayed their intention to cheat and do criminal activity and more significantly not just a case on the company for doing so but also on the chartered accountant and on the tax company for actually trying to create and manipulate forged records were actually lost specifically under section 468 of the Indian Penal Code. So these are all wake-up calls and this is also some kinds of cyber crimes that are happening and more specifically, confidentiality and privacy are some two basic areas that need to be increasingly looked at by any business house. Now confidential information has been shared across with different actors whether it's the company's employees or the consultants or the affiliates or the clients or the customers or the vendors. I think more specifically, confidential information needs to be specifically defined so as to ensure that the confidential information is not missing any of the bits and sperms of the confidential information. I have seen that there are a lot of companies who make use of non-disclosure agreements and confidentiality agreements. Well that's a good practice, no two ways about it. However, more specifically including the specific type of information that has been shared across these domain and these agreements would actually help the company to actually try to address any confidential letter issues and more specifically privacy also is going to be increasingly going to hold a very important aspect more specifically in the light that is not being declared as a fundamental. Cheating my impersonation like I said identity theft and cheating my impersonation are going to be the new flavor of the times because it's going to be very very difficult in order to identify your online transactions and specifically have interactions with your users. If you're having any kinds of website, mobile application or a platform that is involving users, I think you'll have to get prepared on these. Email related crimes, well a simple example that I would like to talk of here is that if anybody makes use of official email ID and shares any of the confidential information with an even their personal email ID that becomes an email related crime though it's the same for making of both the email accounts. While the email accounts are supposed to be used in two different ways and doing any kinds of mismatch would land you in legal issues. Email related crimes are going to also be one of the most important cyber crimes considering the business houses. More specifically when everything goes through the information exchange happening through emails. Next slide please and more specifically we're all under heat because we're under a leaking ecosystem. Next slide please. Online defamation is also going to receive a lot of areas because good bad or worse there are lots of avenues open at your clients or vendors or customers or employees. I think they're mounting to a lot of acts that are actually defaming and actually trying to punish the reputation of the company and I think primarily this is the key cyber crimes that's happening with online ecosystem. You don't need an online presence. I think any business without an online presence also can be prone to online defamation issues. Fake news is a new epitome. There is a completely no legislation with regard to fake news in the country and more specifically a good bad hello I think I just I'm not the production puff. Yeah more specifically fake news is going to be holding a very significant role because a lot of fake news have also been published regarding certain companies recently a client of mine happened to see that there was a fake news generated that they were actually suffered a cyber attack which is actually totally false news. I think people who are propagating fake fake news who are encouraging who are actually trying to share it would actually face equal amounts of liabilities with regard to what do you say transmission of this fake news. Cyber security breaches have become galore why because with everything going digital I think every company but no matter what is the kind of company is actually now being targeted by cyber criminals for cyber security breaches. Device breaches are also going to become the new order of the day shall I say because with work from home being the new normal I think a lot of device breaches are also happening by the advent of this pandemic situation and if you're trying to have something called BYOD where bring your own device they're asking the employees to work on their own devices I think you're opening up an invitation to disaster why they could be a lot of legal ethical security issues that turn up when an employee makes use of his or her own device for the purpose of doing any kinds of official responsibilities. Next slide please. In this kind of a scenario you may be either sucked in as a plaintiff or a defendant or increasingly sometimes as both in case of BYOD or the like and ransomware like I said is assuming a lot of legal significance because it's going to be a big time for people to actually handle and tackle this concept of ransomware so you don't need to be the huge players you don't need to be the internet service provider you could be anybody who's having an online presence so it could be a typical a typical company's website or an application could also be prone to ransomware attack it's going to be completely a different paradigm all together next slide please. A COVID-19 has brought in a variety of different legal challenges for business houses so I just wanted to highlight some of them with phishing there's a lot of things you know we've been always calling this as a pandemic period well apart from calling this as a pandemic period I would also want you to understand that there is an important activity that is happening here why a good better was a lot of information relating to phishing is happening why because there's a lot of information relating to corona pandemic and COVID-19 that's actually trying to rule the internet so any kinds of posts that are actually relating to this may actually be having come some kinds of phishing attacks and if you're clicking on that you may be directed to a website which may be a phish website well there are also certain websites and applications that ask you to subscribe for any kinds of COVID-19 updates the moment you do that you may be exposed to a phishing attack so phishing is going to be having a big time attention an authorized access we're going to see a lot of we've already started seeing a lot of instances of unauthorized access whether it's into online meetings or whether it's into websites or whether it's into any kinds of forums and discussions I think unauthorized access is also assuming a greater significance as the pandemic period continues ransomware like I said is assumed to be one of the big time revolution especially with regard to COVID-19 identity thefts are also assuming significant impacts and cyber security breaches and computer contaminants are actually trying to be the big time objects in this scenario why because good battle was a lot of virus malware and proteins are getting themselves attached to various posts relating to corona COVID-19 as well as COVID pandemic situations I think clicking on this could expose our systems and our business to these kinds of computer contaminants and merely sharing them would also make you legally responsible because in the eyes of law you would be considered as a person who has actually created that particular contaminant it's not going to be only the big tech players but also any person who's actually trying to forward any post relating to COVID-19 or corona would also be committing a cybercrime without without his knowledge next next act please work from home is supposed to be the new normal of the world and it's bringing in a lot of cyber legal issues specifically for business houses so primarily the one of the aspects that would like to happen is that data breach so when you're asking your employees to work from home and it's the company's data I think it's going to also pose in a lot of data breach obligations more specifically the confidential obligations on the employees are also trying to evaporate more specifically because there is a lack of policy in this area and confidential and privacy issues are also going to receive big time attention in this work from home jurisdiction issue I got this wonderful case let me try to just tell you here what happened from work from home there was this company who actually issued work from home to one of its employees the company was physically located in one country the employee actually had his native place in one another one another state and what happened in this kind of a scenario he urged the company that you know due to this pandemic situation he wanted to work from his native place and the company has given him a green signal okay go ahead you can work because we have a specific work from home policy it's okay everything was hunky dory till such time that there was an issue the issue was that the company came to know that the employee is actually trying to share out confidential information of the company to the competitors well that being so the documents be prepared whether it's your NDAs or the confidential information and the like more specifically all these have the jurisdiction as the company's place so typically if your company is located in Hyderabad all the jurisdiction with regard to these policies would be Hyderabad so just imagine if the same situation if the same data breach was committed by your employee sitting in another state let's say Bangalore which is in Karnataka so what happens it's going to bring in a lot of jurisdictional issues I think this is one area that companies need to really stage their attention so as to ensure that these kinds of jurisdiction issues are avoided and also device security the more specifically it is also required that you update or also inform your employees who are making use of your devices about the security aspects like running antivirus programs updating it and not clicking on any kinds of other activities and also doing a proper due diligence with regard to the security measures physical device issues and electrical issues are also trying to receive big-time attention why I got this case where one of the companies had actually given a laptop to its employee for working from home and more specifically the laptop had a different adapter altogether and when the company when an employee plugged in that particular adapter includes the normal electrical board went and he switched on he was absolutely astonished that there was a spark on the system and then as a result the system was unable to get accessed more specifically it has actually suffered an electric issue which burnt out the motherboard in the device this is also going to be an increasingly important area that companies need to really focus on because not giving an proper directions not sanitizing your employee about the basic due diligence would actually help would actually land up in data loss as also device destruction or regard to these devices I think these are also the new things that companies need to extensively look at next slide please these are going to actually open up new manifestations now not having a proper consent is also going to pose a very big legal challenge for companies so for those companies who have or who are trying to come up with the work from home policy all I would say is that please have a proper consent taken from that employee so why because most of the times today since we are talking about this being shared over the internet and specifically over the electronic medium so I would advocate that in case you're having internal portals or internal internet portals I would advocate you to have this policy also as part of the sign up wherein you can collect specific consent from the employee by the way of a checkbox and more specifically I think proper consent needs to be obtained from all the employees so is to ensure that the employees are actually aware and is actually giving consent to the specific work home policies so this is one important area that companies need to really trust upon in this period of pandemic next slide please I think the work from home strategies all also I also talk about one real-time case today with regard to this I already talked to you about the instance this was the instance that I was actually trying to talk about let's say that a company has actually given work from home to one of this to its employees and they specifically do not have what is what do you say about dedicated work from home policy so as a result what has happened in this kind of a scenario only physical no no only physical instructions over the phone call was given to the employee and nothing no dedicated policies happened so in this kind of a scenario when there's a breach of any client's confidential information what has happened is the client's confidential information was breached by the employee and as a result the client started getting informed about the same and it is it should legal notices not just to the employee but also to the particular company now you'll say how am I responsible as a company what is my responsibility and liability in case any kinds of breach is committed by my employee in the work from home period well in the absence of a work from home policy I think you'll have to also be quickly realizing that you will also be part of this particular breach why because the law will ask you what kind of due diligence you have done so having some kinds of policies or guidelines in this regard would aim would try to immune you from legal liability well nevertheless you could expose yourself as a co-party of the breach and you could also face legal liabilities and legal actions for this breach committed by your employee so this is one interesting case study that I've not thought of sharing it with you this is a real-time one would happen to any particular individual it has happened to one of my clients next slide please uh more specifically uh I will also suggest apart from having a device policy that you have apart from having a work from home policy also have a device policy why there are two kinds of devices here one is the company's device and more specifically one is BYOD so both require legal policies to to ensure that documented due diligence has been adopted by the company and more significantly that in case of any kinds of breaches breaches by their employees the companies are actually trying to immune themselves from legal liability so have a specific device policy regarding the dos and don'ts of the device and when you're making your employee use their own device for the purpose of working for your company I think you'll have to quickly realize that a specific policy has to be defined and in order to ensure that the confidential information of the company is protected from inadvertent disclosure more specifically because that personal laptop of the employee is used for a number of activities by that particular employee next slide please online meetings are now trying to assume a greater significance and these online meetings are bringing up a large number of legal specifically shall I say cyber legal manifestations why because uh companies are now trying to go and make use of applications like this whether it's zooms or webex or whether it's uh the any other application and the like I think a lot of companies are trying to make use of these applications for conducting online meetings not just with clients but also their employees lot of scrum meetings if you're an IT company you will typically be able to understand that there are a lot of scrum meetings also taking up uh taking place through these online uh applications more significantly if there's any breach that has been done out of these uh platforms in order to immune yourself from legal liability it's essential that you also have specific uh the policy and let into online meetings as also simply some guidelines also if you're asking your employees to come in video for these meetings think twice why because i'm going to share out a case study that is going to actually try to uh throw light on what exactly happened in one scenario where in video meeting was called next next slide please so just like to talk of this scenario one company has actually asked its employees to present in person video and then attend a meeting which is going to be taking place the next day well an email was given to that perfect to all the employees okay learn behold everything was going fine everything was hankidori till such time the meeting has taken place and end meeting was between nine a.m. and 10 a.m. in the morning and everything was hankidori till such time that one of the employees who's uh typically a female employee uh got a phone call at seven a.m. seven p.m. in the evening so what happened in the scenario the female employee who attended the meeting got a phone call at seven o'clock on her mobile phone and increasingly uh she was shocked that people started asking her for the special lockdown services which she was providing at thousand rupees per service she did not understand on what's happening and then she started to think twice she started looking at her profile and she found that somebody has created a profile take profile of hers on the social media platform specifically facebook and they've used what really becomes important here is that her real photograph was used there's more specifically the message the photograph was actually trying to take to be being taken from the online meeting which he attended in the morning a screenshot of take was taken uh a screenshot of the same was taken in the morning as and was posted on the social media a real name real details the real phone number was given and then uh they claimed the message that she was providing lockdown special services to all the people at thousand rupees per service this is a wake-up call now you will say as a company what have i got to do with this case and what is my legal liability now i would like to tell you that in case you're a company who's trying to engage in online meetings you do not have specific guidelines or policy you would also be legally responsible why because the message is louder and clear that you do not have your legal documented due diligence so this is one wake-up call to all the companies that i would like to talk of i think you need to be really cognizant to this fact next slide please this is one more such slide that is that i would like to talk of this one more case that has happened one company trying to host their meetings through an application through a video conferencing tool suddenly in the midst of the meeting they started receiving this that you know strangers as a particular stranger has entered the call so what happens in the scenario so it's been put to an authorized access i think this is also one more area that companies need to really focus on while they're drafting out their their online meeting policies why because in such kinds of scenarios how do you tackle going forward there's going to be one more interesting legal manifestation more specifically in the light of online meetings next slide please there was one one more such instance where an unauthorized entry was made into an online meeting room of of companies discussion and more significantly the unknown stranger started different sharing differently and obscene content and also trying to abuse the company with all sorts of details whether it's defaming or using abusive language or under like i think a lot of different kinds of legal challenges were posed in this kind of a scenario why because the companies never had experience such kinds of issues and more significantly it is when they started organizing an awareness program for their employees and there were 500 odd employees present in the meeting so it's very embarrassing in that kind of a scenario more specifically when you think that an authorized access and inclusion has taken place next slide please so i think these are all just wake up calls to all of us that we need to quickly realize that our work from home policy as well as our online meeting policy needs to specifically address these issues now cyber security is going to become the new ticket of the times more specifically for businesses in the light of this online ecosystem cyber security policies are going to be assuming a greater significance and the company is going to have to have reasonable security practices and procedures and ensuring that the confidentiality integrity and authenticity are protected so these three are the mantras cyber security has confidentiality integrity and authenticity i think you should ensure that these three are protected in your cyber security policy have a cyber security policy in place so as to ensure that your view diligence as well as you're complying to the information technology rules 2011 read along with information technology act thousand so this is going to be assuming a greater significance and it's going to also give up a lot of new legal and legislative mechanisms to do with cyber security legal issues next slide please these three are the basic things that can make any succumb as a security system what i am what i have and what i know what i am is nothing but my physical self the dynamics of my handwriting my voice and my other things that i possess what i have is nothing but the fingerprinting the eyelid scanning and the what do you say other things but there's official recognition and what i know ultimately is the password pass phase and the pin number which ultimately is is the security mechanism i think in short any system should ideally have these three and any system is as long as this weakest thing so when you're a company and you're trying to have the basic security mechanisms in your organization i think these are the three things that you need to primarily address as you go forward next slide please now cyber security is no longer going to be uh somewhere in the horizon i think it's already started to be a part of our daily lives and it's the new age that is waiting for us and it's the cyber security age these kinds of cyber criminals are not trying to exploit the fear that we have with regard to corona why because every kinds of posts that you're making today whether it's on the internet or it's on your social media whether it's on your over the top applications like facebook and whatsapp we need to clearly understand that any website or a platform that is talking about corona virus may be infected with malware or any kinds of computer contaminant which is used by cyber criminals to exploit and and do a variety of activities including ransomware i think clicking on them would actually try to expose ourselves to think twice before you click or subscribe or you open up anything relating to corona digital corona virus is the new star of the times next slide please um like i said uh even big giants are now being targeted with ransomware look at this energy giant in the edp which has been hit with 10 million ransomware threats so it's going to be assuming a totally different ball game altogether and as i see cyber security is going to be the evergreen hero more specifically in the science of pandemic next slide please and maize ransomware has also tried to be demonstrative of how indian it giants could be targeted with regard to ransomware attacks i think this is just wake up call to tell you that it's going to give you a completely different message altogether you cannot run away from the stands of cyber crimes i think cyber crimes are assuming to be the new facets of our day-to-day existence next slide please dark net is going to be the new clock of anonymity why more specifically in this light of companies being trying to use dark net for legitimate and legitimate purpose so the net we access and the dark net is completely different paradigm altogether a lot of criminal activities cyber criminal activities are happening across dark net and more significantly i would like to tell you that three days back one of my client actually got a mail from the dark net stating that their product information with regard to their new launch which is likely to happen in next 15 days is already available with them on the dark net and they were asked for a ransom of one crore rupees a feeling which they said they're going to release that in public so this is going to be the corporate threats that are likely to arise from dark net and we can no longer get away from it because it's no longer in the horizon but it's become a part and parcel of us next slide please whatsapp is now turned out to be the new de facto mode in India why anything that you do that's audio video image or text but it's your professional personal corporate everything that is happening through whatsapp i also started understanding when i looked at the terms and conditions of whatsapp that it's whatsapp is literally not going to have much security why it's not the fact that of course it's the fact that it's enter and encrypt it but when you look at the terms and conditions i'm clear why it says that any audio video image or text that you're sharing becomes public information once it becomes information in the public domain you can no longer see any kinds of legal remedy so i had this case from one of my clients who who started to use whatsapp as their mode of communication so as to ensure that they're communicating with the employees during this period of pandemic i would say it is opening up a lot of amount of panderas box of legal exposures and companies quickly have to have to realize that these are going to relatively going to be one of the entry points for doing cybersecurity beaches i think bank on target it's going to be a completely different time altogether more specifically in the light of whatsapp so if you're using whatsapp to share of any of these things twice you could also be legally getting a notice from one of your clients from the beach of confidentiality in case you're going to share clients information across whatsapp next slide please more specifically iot devices i only want to tell you two things uh whether it's the amazon alexas or the google homes of the world i think they're going to pose in a lot of privacy issues have you ever realized that when you're trying to have any kinds of discussions uh or online meetings if you have any of these devices being placed near to that room there are lots of privacy issues that are going to crop up recently i had a client of mine who placed his amazon alexa in the in the place where he was actually trying to have online meeting and uh he was surprised to report that once the meeting is completed got completed the the particular device listened to the conversation and is also ordered something on amazon so more specifically it has also given an interpretation for the conversation that it is recorded it's going to be completely evaporating the concept of privacy i think quickly we have to realize this because privacy is now going to be the fundamental right of all the citizens whether it's the employee or the consultants or the employers also perceive i think iot devices are going to hold very significant importance more specifically certain iot devices also have the capability of being used as an evidence i would also tell you that in some of the cases this was used as a primary evidence to ensure uh to pass the culprit because it opened up a lot of conversations that were recorded not just that even your mobile phone there are lots of mobile phones that are recording your conversations so when your moment you're using your mobile phones think twice because the concept of privacy needs to be specifically protected in this line as well next slide please you can also add you know these iot devices are not are cannot be used as legal evidence i would say that any iot device becomes ultimately a digital evidence and then can be used in a code of law so any recordings from them also could be primarily used against you so now stay away in case you're making such sense of unwanted conversations next slide please quantum computing has already arrived well a lot of companies like IBM and google have already started developing 50 qubit and 20 qubit quantum computers these quantum computers are going to be uh completely taking down the guards why they're going to break all the algorithms and passwords within just a couple of hours and the legalities relating to quantum computing also need to be properly addressed the way we go forward this is going to be the new uh a ground reality i think the quantum computing is also receiving center stage attention during this particular digital era next slide please wherever devices have already been the bang on the target why because everybody each one of us whether we are an employer or an employee are trying to make use of these wearable devices all i would like to say is that wearable devices also bring in a lot of cyber legal ethical policy regulatory issues but when it comes to privacy why there are lots of data that we make use of for the purpose of storing on this and specifically in the corporate domain i would say that when you're connecting your mobile phone typically to your smart watch and the like think twice because any breach that is taking place would also expose the corporate data to cyber criminals so that's one more um learning that i would like to just tell you next slide please more specifically there also is an element of data security i never place that uh your biometrics and the like also could be posed uh what do you say uh threat to post a threat in case you're making use of these wearable devices specifically uh medical wearable devices and health medical devices it's not going to just help you to identify you but it's also going to disclose a lot of personal and sensitive information about you including your health patterns to the world i think we have to quickly realize ourselves to this area next slide please and more significantly this could also be used as an evidence so there was this one particular case where health evidence of health data in a particular mobile phone was used as legal evidence i don't want to go into the depth of it but i all i want to tell you is that uh when you're making use of these various health related applications that are inbuiltly coming up in your mobile phones uh you should quickly realize that they're going to leave out a lot of digital and cyber trails and if you're doing anything wrong then you could be uh under the danger of getting caught with the help of analyzing this particular health data next slide please ai is going to be uh completely a new paradigm as we go forward i think cybercrime earlier we've seen that it's going to be done by criminals but thanks to artificial intelligence cybercrime is now being also provided as a service and more specifically i would like to highlight that a lot of businesses are making use of artificial intelligence for the purpose of their business activities so they quickly have to understand that there's a cyber legal area that the companies need to focus when they're making use of such artificial intelligence tools why because uh knowingly or unknowingly uh artificial intelligence is going to bring in a variety of cyber confidentiality issues and the like there's going to be a huge amount of uh hot deep waters which the companies are unaware by the way they're using artificial intelligence next slide please um well one learning is that if you're trying to do business with any of the european union companies i would like to tell you that there is a new legislation that you need to be aware of so there is something called gdpr that has been passed it is called general data protection uh regulation which has been passed by the european union so if you're if you're a company who's trying to handle some kinds of uh uh data which is relating to uh the personal data of european citizens now you must be gdpr compliant so you say why why should i be gdpr compliant well if you're running a platform if you're having a website you're a mobile application or providing any kinds of services to the companies or citizens located in the european unions you'll have to quickly pay attention that gdpr compliance is going to be the new mantra that you'll have to adopt failed to do so then you that could expose you to a legal liability which is something like four percent of your global turnover or four crore rupees whichever is higher so that's the kind of uh legal exposure that you want to be exposed to uh so that's going to be an interestingly different area because i see that there are a lot of companies that are coming to me with regard to gdpr consultation because thanks to the internet i like this phrase the internet has been uh internet has made geography as a history so there's no longer going to be any kinds of boundaries so if your website is going to be accessed by any person uh any citizen who's sitting across in the european union i think gdpr is uh something that you'll quickly have to understand next slide please true caller should i say is going to be receiving center stage attention more specifically that we are trying to use this for a variety of purposes well i would just want to highlight one particular aspect here um the other day i was surprised to look at the true caller also displays your banking otp so just try to understand what kinds of dangers that uh you as a true caller user may face because so much so that your otp is also interpreted in terms of true caller so just my suggestion is that you know when you're making use of these applications have a due diligence on what permissions are supposed to be given and why they should be given and what light they have to be given if you're able to understand this i think life is going to be pretty much safe next slide please and twitter posts are also going to be evidence so anything that you do on your social media whatsapp and the like are also going to be legal evidence this kind of a scenario would like to tell you that the information technology act has given up something called uh unlimited damages so the company is able to prove that it has suffered um let's say uh 10 million as part of the post being made by you you you should be liable to pay of 10 million to the company that's the kind of legal exposure and that's the kind of area that you need to really look at it's not just going to be from the company even your vendor or the client also going to potentially uh can go to target you in case any such things are made about them on the social media next slide please more specifically i would like to understand uh and tell you that anything that you do on the digital platform is going to form part of your digital footprint and but analyzing this digital footprint i think one can really be able to uh do a variety of activities it can also uh use that for a forensics to track down a cybercriminal i think this is one interesting area that every company needs to be aware of anything that they do using a mobile phone or a computer becomes the digital footprint and not just the digital footprint of the company but also of that respective stakeholder next slide please um i know that uh there are going to be a lot of legal issues certain computer emergency response team is the nodal agency for cyber security so do report any cyber security breaches uh to certain you can just google it you'll get the uh details of that and you can do a variety of activities you can report the cyber crimes and also please please pay attention to the notifications and the press releases being given by uh certain in order to ensure that your business is not being targeted by any cyber criminals i'd only say that these are only statutory guidelines but like i said ultimately we do not have any kinds of idea how we could be targeted next slide please now the fundamental aspect that i would like to talk of in today's presentation the highlight is is your organization or is your business an intermediary well if uh if that being so if you're an intermediary then there's a lot of legal cyber law compliance that has been um given up for you to comply with so what's an intermediary typically i'll just put it in a very simple terminologies well if you're if you're uh in business house or a startup or an entrepreneur who's basically uh collecting processing storing any of the electronic records and providing any service with respect to that records you become an intermediary so if you're a website yes you're an intermediary for a mobile application you're an intermediary if you're if you're a service based company you're an intermediary why because you collect the electronic records from the client and provide the service to that effect if you're a product based company you're also an intermediary so basically it's no longer going to be the internet service providers of the world but anybody who's basically providing any service by collecting electronic records are going to be a intermediary per se so what is that going to be doing you're you're going to be complying to the intermediary guidelines 2011 i'll also take a quick look at what we need to do from a legal perspective uh next slide please so this is what i was talking to you about section 21 w so this is no longer going to be uh narrow it's going to be broadly covering anybody and everybody who is basically making use of an electronic record or an information and providing the respective service with respect to that information next slide please yeah so therefore as an intermediary you're supposed to do your due diligence how do you do your due diligence next slide please yeah so you you have the option to now take down unlawful content now let's say that you're an intermediary you're having a platform you have running a website or a mobile application some information that you actually encounter by way of an email you must ensure that anytime you receive a complaint regarding any content you must have been posted that has been posted on your platform you will be getting a take down period of 36 hours from the time you actually get that notification so if you get a notification from somebody through email that there's an unlawful content being displayed within 36 hours on receiving that you should immediately pull down the content you can do your internal investigations that's okay that's that's the due course of the company no problem but primarily you need to ensure that you block public access to that particular piece of unlawful content failing which you'll be exposed to legal laboratories which i will be talking of as you go forward next slide please so the law has come up with something called sensitive personal data or information or personal information so what is sensitive personal data information passwords financial information as your credit card details debit card details bank account details biometric information sexual orientation your gender related details health and records and medical information apart from this any information that is required for processing a lawful contract is considered to be sensitive personal data information and there's an exception let's go to the next slide please any any disclosure that you're making under rti right information act is exempt from sensitive personal data on information next slide please next slide please so the law has also come up with personal information so what is personal information any information with which i can identify an individual that is a natural person so your name your email id your phone number your adhar card your driving license your pan card your blood group your office id everything could could be considered as a personal information so if you're a company typically kind of collecting processing storing handling any of the sensitive personal data or information or personal information i think there are three takeaways that you need to be aware of so as a as an intermediary and failure to do so to could expose you to two kinds of liability civil and criminal i'll be discussing that as you go forward but just to make sure that if you're collecting this of your employees or of your consultants of your or of your vendors or of your clients you need to also have data protection agreements next next slide please failure to do so to expose you again like i said 72 a is also one of the uh criminal provisions that could be initiated against you where you'll be liable for three up to three years imprisonment up to five lakh rupees or both next slide please in the interest of time i just don't want to talk about these three because i know that there's a lot of time gap that is happening so quickly want to tell you that these three are the illustrative cases wherein the companies who have failed to exercise their due diligence had to pay a lot of amount as compensation and also in some cases they also the top management of the companies also went behind bars so these are the three illustrative cases due to paucity of time and not getting into that but just wanted to just start of highlighting that this is the kinds of legal liabilities that the company could face next next slide please so the compliance requirements you feel having ISO 27001 i think by and large you've complied to the uh intermediary guidelines more specifically there are also certain other parameters that you need to be aware i'll also talk about that also having specific data protection agreements regarding sensitive personal information and personal data would also be one of the compliance that you would be required to do under information technology and next slide please so cyber law compliance is defined in three basic phases so if you're a company and if you're basically an intermediary like i said you need to have three things as a golden take away have a privacy policy have terms and conditions and also have a grievance mechanism so you can declare a person called a grievance officer the appointment need not be made by paper it can only be made also just by having a grievance mechanism in place so these three are the golden guidelines for any business as far as cyber law compliance is concerned so if you're a company if you're an entity who's collecting processing dealing with sensitive personal data or information always also with electronic records i think you'll have to quickly realize that these three are supposed to be mandately done by you next slide please apart from that you also would be required to have different data protection agreements but data protection agreements can be with clients with vendors with their employees or consultants and specifically if you're a product or a service based company or if you're having some kinds of platform i think user agreement relating to this data would also be the requirement as per the guidelines next slide please so the law says three things exercise due diligence do not partner yourself with somebody who's violating the law and third comply yourself also exercise your due diligence and do not partner if you do these three life is safe failing which you could expose yourself to two kinds of liability next next slide please they could be exposure to civil and criminal liability civil could be up to five crore rupees per contravention so there are 10 contraventions you could be sued for up to 50 crore rupees and more specifically criminal liability could be initiated against you for for a period of three years to life imprisonment and a fine ranging from one lakh rupees for 10 lakh rupees specifically the civil section is section 43 criminal section could be 63 66 and the like so these are the two kinds of exposures for your non-compliance in addition to that there's also section 45 which you could be actually which could be invoked against you for non-compliance which could be for a compensation of up to 25 000 rupees odd amount next slide please this is what i was trying to tell you in addition to this yeah next slide please so you will say who is liable yeah it's not just the company who's is the legal person that is going to be liable the top management the middle management and each and every employee who's responsible for that processing of data would be legally responsible only if and if you're able to prove that then that you have exercised negligence and no diligence that the contravention has taken place with your knowledge and then you have exercised your due diligence i think these three are the important aspects you need to be aware of if you exercise your due diligence and comply with the law do not have negligence in implementing these practices i think life is going to be safe for you next slide please so 43 i would only want to tell you in a nutshell i think i would just like to highlight some corporate provisions for businesses especially from this cyber law perspective so i just thought i just talk about these aspects well this is the civil provision so this could be exposed exposing yourself to civil contraventions that i spoke of which is up to 5 crore rupees so you don't have privacy policy you don't have terms and conditions you don't have grievance you don't have a user agreement i think 20 crore rupees up to 20 crore rupees you could be sued for by way of damages but not just that there's also something called unauthorized access which would bring in a large ambit of unauthorized access related offenses next slide please so typically if any person without the permission of the owner of the computer or the person in charge of the computer does any of these above activities it would be considered as a civil contravention so for which for each and every act compensation could actually be got from the violator so if you're accessing securing access download extreme copying data introducing a computer contaminant damage damage includes both the physical as well as the electronic why because there's no distinction made with regard to what exactly is damage then disrupting the computer network design calling the denial of access providing assistance to illegal access charges availed and then this charges around i'll just give you an example if somebody gives out the wi-fi password of the company or any other a VPNs password of the company to anybody else then yes that could be one of the charges that would be posing here while destroying diminishing altering the value and utility of any document and the computer source code thereof i think if you're doing any of these these activities i think increasingly if your employers are indulging in any of these activities i think you can sternly take legal action on them from a civil perspective next next next and more specifically 66 is one section that is talking about computer related offenses and the like 66 b if your employees trying to make use of someone else's mobile phone or purpose of uh can visual activities then it could be charged under the section not just for stealing the computer or the resource but also for the data that is assigning there so data that could also be invoked against that employee next slide please next slide please identity if like if you're making use of someone else's identity and then making use of it yes that for example if you're sending an email from one particular email id that is not yours but unfortunately what is happening is that you have you have done you have committed an act of identity theft why because you're using someone else's identity and more specifically in this light of cheating by impersonation when you actually try to make use of that email and and share out a lot of criminal emails whether it's sharing out malicious content or obscene posters i think it's it's going to be originating from this particular email id and not you originally the email owner would have never done it but in case the emails originate from his account it is called cheating by impersonation you're impersonating as if it's someone else that's going to be increasingly one of the very big cyber crimes that is happening in the corporate environment today and more specifically 415416 also under IPC are covering cheating by impersonation next slide please a violation of personal privacy is shall i say going to be a very indigenous crime that is happening with regard to online meetings like i told you the case of the female employee's identity being used i think specific guidelines needs to be stipulated in terms of how the particular what do you say attire of people also had to be defined in terms of putting up guidelines because any indecent exposure would actually not only expose the employee but also would expose the company in case the same is being what do you say targeted by any cyber criminal nor and the offense of what do you say personal privacy could also be invoked against the company in case there are no proper guidelines with regard to online meetings so this is one increasing different area that companies needs to focus on next next slide please so artificial intelligence i say i already spoke of that facial recognition shall i say faces the new passport of the times and a lot of companies are trying to use facial recognition as they mode of collecting attendance from their employees more specifically in this light of pandemic because it's easy for them to do so i think when you're when you're when you're making use of your facial recognition tools you'll have to quickly realize that in case your application you're you're making use of third party application providers any breach from their end would expose your employee's facial recognition to the world and for that also you would have to face legal liabilities in case you're not done your due diligence so have a specific policy relating to facial recognition describe the do's and don'ts and ensure that you are staying safe and not eliminating yourself to any kinds of cyber criminal activities next slide please so cyber ethics and ethical policies are going to be the new post of the time shall i say because more specifically in the light of online meetings i think a specific policy needs to needs to be defined with regard to the slang and the usage of the words because i see that a lot of companies are making casual conversations in their video meetings i think this is going to be knowingly or unknowingly going to cause a lot of the defamatory and derogatory kinds of issues because interpreting that in terms of libel and slander which are some of the defamatory related crimes i think it's going to be completely a different paradigm altogether we'll all we'll also have to quickly realize that cyber ethics is now receiving center stage attention and requires to be specifically addressed by companies next slide please uh i thought of just putting up some guidelines cyber security guidelines for businesses do have some employee sensitization programs not just for the employees but also for the top and material management so as to ensure that they're also equipped with what's happening on the world at regular intervals so because like i said there are no golden rights rules or the paradigms i think we are here we should understand that education and sensitization are going to be one of the key essentials of protecting ourselves not just that anti-virus needs tools needs to be installed in various systems i think not just installing them but also trying to update them should be the need of the art do regular kinds of cyber IT security audits of specific remote specifically in this line of work from home so as to ensure that your employee is not done the wrong side of the law report any cyber crime to search in like i said and also there's a website called cybercrime.gov.in so i think increasingly we'll have to ensure that we report any kinds of cyber crimes or cyber issues so as to ensure that our due diligence is also adopted from our end next slide please security settings in these online learning platforms like zoom or webex on the like should also be understood and if you have any kinds of abuse that has taken place in the meeting room do report it to the same to the platform change the platform immediately notify all your attendees that they have been put to a cyber security breach and also employee awareness on cyber security should be the new tipping point because once your employee is not aware i think there's a lot of legal exposure that he can do on his side and expose the company to a great amount of legal abilities i think separate a professional and personal devices needs to be encouraged so the companies needs to provide some kinds of devices or some kinds of strategies to ensure that the employee is not using the same kinds of device for personal and professional purposes and more specifically password management should i say is also going to be receiving a lot of attention because slowly having not having power from proper passwords and continuing with the default passwords would be a historical mistake and would result in a lot of activities that could percolate from those random passwords i think a lot of emphasis and attribution nexus has to be made with regard to password management as we go forward next slide please more specifically i would say that the privacy protection also has to be the new mantra next slide please sorry next slide please no previous slide please yeah the privacy protection plans that the businesses can adopt is have a proper privacy policy with your employees with your clients with your vendors as also if you're having any products or platforms or websites have a documented privacy policy but what goes on to protect to have a privacy policy is very clear you can say what is the kind of information collected how is it used how is it processed for whom all is it shared what kinds of security become mechanisms you have in place to protect them and what kinds of places there's going to be a legal disclosure i think these are some areas that you can make use of as best practices and more specifically what has to go in a privacy policy is already mentioned under rule three subsection one and subsection two of the it rules 2011 and more specifically i would like to tell that these are going to be adequately this have to be adequately protected more so when privacy is now being made the fundamental right next next slide please i thought of just sharing with you a certain cyber legal regime which the businesses need to adopt during this period of pandemic so having specific work home home policies cyber security policies device or b or by by od policies can help companies and as also revisiting your existing legal policies and documentation see i see that a lot of companies have issued employee agreements nda's and the employee handbooks and also have offer letters and the appointment letters and various other agreements with your employees i think it's time to revisit them so as to ensure that this work from home legal nuances are also getting covered under those ambit and more specifically to ensure that the confidentiality and other data breach issues are well covered within the ambit of those agreements as well next slide please a forced major clause needs to step in i think it's it's it's receiving a lot of attention and the key uh uh it's it's been put as a center stage because with a lot of clients now intending to have forced major clause i think one of the mantras that i would say in this pandemic period is that the businesses can use uh from uh legal perspectives have these work what do you say forced major clauses inserted and make sure that these kinds of pandemic situations are also covered under the ambit of forced major and more specifically if you're not if you're not yet had these uh clauses do make an amendment to all your existing agreements so as to ensure that your legal exposure with regard to this pandemic situation is going down to the bare minimum revisit your HR and leave policies so as to ensure that these specific work from home related leaves are also being covered under that particular policy and uh ip protection and licensing strategies would also have to be specifically understood in the light of pandemic and work from home i think specific policies in that in regard to the uh ip protection also has to be devised as we go forward and not just that uh consider having cyber or data insurance lot of companies are trying to give you that uh cover it would be advisable because it will help you from these cyber security beaches that are happening all globally all across and more specifically i would say that the employees health and medical protection also has to be taken into consideration so if you're having any kinds of employees who are reporting to you with regard to any of the uh health issues i think uh focus has to be made so as to report the same uh to the government of india i think uh specifically the companies need to have a specific health policy with regard to the employees in order to encourage them to report any kinds of um covid symptoms so as to ensure that their legal due religions is done and they're not contaminate the virus as as you go forward apart from this also it'll be advisable that uh you you also hope advise your employees not to click or not to subscribe for any updates which are relating to corona pandemic or cobit 19 so as to ensure that they're not being targeted by any cyber criminal next step please i think the learnings and takeaways that i would like to talk of here is that the culture of cyber security has to come into place due diligence is the new mantra i see that there's the world is going to is going through a transition of a new cyber world order and a new world is awaiting for us revisting and drafting specific policies and agreements can be one of the key takeaways and also protecting the privacy and cyber ethics can also be the new close to the times as with slowly the world is slowly churning out to be through the digital environment reporting cyber security breaches and abuse is going to be highly advisable as also reporting any kinds of health related issues also would be the need of the hour i think we'll have to understand slowly that the world is going through a trinity of sisters i would say that increase in cyber crimes increase in cyber security breaches and fake news are the new trinity of sisters that the world is encountering not just that but i would say that a lot of cumulative efforts needs to also happen with regard to the companies and their legal framework so as to ensure that the cyber security is now going to be essentially the key takeaway and more specifically i would say that you could not walk the walk without cyber law and cyber security and closing your eyes to the sun and saying that the sun has gone away i think that's a great great paradigm that we all are likely to think of but i will say closing your eyes to cyber laws and cyber security and saying that cyber laws and cyber security are not the need of the hour i think it's going to be a toothless wonder and a historical mistake that we are going to try we are ever trying to make this would ensure that we are doing on the wrong side of the law and and the legal legislation next slide please i think cyber resilience has to be the new picture behind the curtains because how quickly can you respond back in case of a cyber attack a cyber resilience plan can be one of the good options that the companies can now look at with the passage of time more specifically in this line of line of pandemic i think good bad or worse for our selfish interests i think cyber resilience should assume a greater significance of we're all compliant to the it law and the cyber security in breach rather than practice i think the compliance has to be unconditional and not conditional all i we should tell you is that we're all going out in rain or storm it's advisable that you carry a raincoat or an umbrella because if you do that at least you could expose you could be protected from that of course there could be so many scenarios where despite having this that could expose you to cyber security lurking dangers but nevertheless i would say that it's a totally different paradigm that we've we're all in i think uh if you're able to have a sanity and sanity and prudence like i said we're going to be safe as we go forward i'm more specifically i would like to tell you that internet as a paradigm never sleeps and internet as a phenomena never forgets so this is a very big thing that you all need need to be really arriving and more specifically with a lot of new companies joining the digital bandwagon i think it's going to be completely hot deep waters i think we'll all i have to come out of the shell and make ourselves more cyber resilient cyber due diligence and pay a lot of focus on cyber law and cyber security next slide please what is necessary is only what is required so i know a lot of points are discussed and of course we could not really discuss everything in detail more specifically due to the positive of time i just thought of this being in this basic kinds of awareness and trusting uh you upon the fact that cyber security has to be the new manifestation and cyber law is going to act as a key catalyst thereby a lot of hope and aspiration that this kind of a pandemic situation is going to go away well the message is very loud and clear that cyber law cyber security are the only digital mantras next next slide please so that's all i have for my side ladies and gentlemen it's a pleasure talking to all of you here and i once again thank sunali and the business world for giving me this wonderful opportunity to share across these kinds of legalities and the cyber security and the requirements which are very very going to be very very important as we go forward into this little era thank you so much i'm open to questions please thank you so much mr sushant for such a wonderful session it was so descriptive so informative and i'm 100 percent sure that all our attendees were uh able to take something away with it and they got to learn a lot in today's session uh unfortunately we have uh exceeded our time limit as well so i would just request you to wrap up the session and anything else you would like to say to all our attendees you can also leave your contact details in the chat box so that if any of the attendees want some consultations with you they can get in touch with you as well okay i mean i think more nervous we are covered almost everything i think i'm you can get in touch with me through my contact that i'm sharing right i think that will help you to actually get in touch with me as well as we can we can talk across any kinds of issues and we do provide legal services in the areas of cyber laws information technology and the like i think please we work on this intersection of law and technology that's what exactly what we do so we also help companies with their legal duties and aspects so that's all i have to say from my end so let's all ensure that we are safe from corona and also safe from digital corona virus when i say so thank you so much for this wonderful opportunity okay thank you so much once again mr sushant and thank you to all our people one small request that i would like to make here is if you can share this kind of a video on your facebook page i think it's going to be benefiting a lot of people because it's going to it's going to it's since we had a lot of insightful discussion on various topics it could also help you and me as you go forward yes of course we'll do that so thank you so much once again thank you to all our attendees i'm really sorry we cannot take any questions right now because we are very short of time so all our attendees if you have any questions please make sure you get in touch with me or mr sushant and we'll make sure that we answer your questions personally so yeah thank you so much once again thank you