Companies in India are still trying to understand the implications of the newly formulated Indian Companies Act, 2013. This is natural as well as the new corporate regulatory framework has introduced novel concepts that were not in existence previously. Companies and their directors are finding it difficult to deal with techno legal issues of cyber law, cyber security, cyber forensics, e-discovery, etc that they cannot ignore anymore.
Corporate governance has also been given a totally different meaning with the introduction of concepts like corporate social responsibility. Further, an enhanced scrutiny of corporate affairs has also been ensured by the new framework. The Serious Frauds Investigation office (SFIO) would be seen in more aggressive form in the coming years. In short, the regulatory compliances under the new company law have become very stringent.
Take a simple and hypothetical example of a cyber security breach that company usually faces these days. If the company and its directors fail to take appropriate remedial actions against such cyber security breach, the company and its directors can be held civilly and criminally liable under Indian laws. Recently Target Corporation faced a similar situation where it failed to take the desired action and this resulted in further data theft and damages.
It is obvious that cyber security breaches would raise complicated cyber security issues for Indian companies in the near future. Indian companies are very poor at maintaining proper cyber security and ensuring effective e-discovery practices. These are new compliance requirements that were missing form the Companies Act, 1956. The directors’ liabilities under the 2013 Act have also increased significantly. They can be held liable for their acts or omissions arising out of non compliances under various laws of India, including the Information Technology Act, 2000.
Till now there is no sign that companies and board of directors have started formulating suitable techno legal policies for their companies. If there are no such policies, there is no question of their actual implementation. This would only give rise to multiple and increased litigations and legal disputes in the near future. Perry4Law strongly recommends that companies and board of directors must urgently formulate techno legal policies and implement the same as soon as possible.