Public Interest Litigation: A Knight in Shining Armour

The Preamble of our Indian constitution envisages ‘Justice for all’, amongst other tenets. Indian judiciary in the recent past has traversed an unbeaten road. From being the guardian of the interests of an individual, to enabling the recognition of public interest as mode of entrusting locus standi on an individual for securing fundamental rights entrenched in the constitution, the seventy-two odd glorifying years of the judiciary are marked by many momentous instances.

“Public interest” denotes the interest of the people of the land. These interests can be allied in varied directions. All in all, one that integrates itself with the obligations and rights laid out in the grundnorm, represents the public interest. With changing times, fluidity in the interpretation of the term “public interest” has also been under continuous deliberation and interpretation. Since an issue of public interest, denotes a collective representation of opinions, concerns and beliefs; one citizen or person, belonging to the aggrieved class, should not be made a sole party to the dispute. A blow to the public interest hits each and every class of citizens.[1] Therefore, representation by one, as a sentry for the protection of the public interest, denotes a new form of litigation, conceptualised as “public interest litigation”.[2]

 

Public Interest Litigation: Origin and Constitutional Aspects 

A result of outstanding debt, Public interest litigation was envisaged under the Constitution with a vision of bringing the people of India at parity with each other.[3] The marginalised sections of society have always dithered before striking the portals of the court for the establishment of their rights and obligations.[4] In such a scenario, the conventional rules of locus standi were appropriately bent by the Indian Courts to pursue the cause of justice for all and sundry.[5] Justice is not only essential for pursuing the entrenched precepts of the Indian Constitution, but also for harmonization and integration of the streams of human rights, which have latterly enveloped the course of rights-based litigation in India.[6] Therefore, an increase in the panoply of human rights, provides yet another rationale for the growth of public interest litigation in India. The executives and the legislature have been endowed with a quintessential role in the Indian Constitution. Article 12 of the Indian Constitution requires them not to pass laws that impede the attainment of fundamental rights. Recourse to the judiciary in achieving the mandates of the constitution and upholding the status of fundamental rights is in itself qualified as a fundamental right. Such being the case, the Indian judiciary introduced the concept of public interest litigation to provide an answer to the conundrum facing the ailing state functionaries.

With a spurt in these lawsuits, Indian courts have cautiously attempted to lay out guidelines for how such litigation can be pursued. Not every lis draws public interest. As a result, under the guise of public interest, lis fails to provide a suitable remedy to the needy. The Supreme Court under Article 32 of the Constitution and the High Court under Article 226 of the Constitution have held that they have the power to entertain public interest litigation.[7] So much so that Courts under Articles 32 and 226 have, in furtherance of the public interest, treated a private interest case as a public interest case.[8] Both Article 32 and Article 226, vouch for an inquiry into locus standi.[9] This conventional rule of standing has been diluted to give way to class actions.[10] In public interest litigation, unlike a traditional dispute resolution mechanism, there is no determination of individual rights.[11] The compulsion for the judicial innovation of the technique of public interest litigation arises out of the constitutional promise of a social and economic transformation to usher in a welfare state.[12] 

 

Judicial Interpretation of Public Interest Litigation

Article 32 of the Constitution represents the heart and soul of this foundational document. The Indian Supreme Court has made a concerted effort to improve judicial access for the masses by relaxing the traditional rule of locus standi.[14], and it has allowed human rights organizations to intervene on behalf of victims, where it has determined that questions of broader public interest necessitate such intervention.[15] In Prem Shankar Shukla v. Delhi Administration,[16] a prisoner sent a telegram to a judge complaining of forced handcuff on him and demanded implicit protection against humiliation and torture. The court gave necessary directions by relaxing the strict rule of locus standi. 

In Municipal Council, Ratlam v. Vardhichand & Others,[17] Krishna Iyer, J. while relaxing the rule of locus standi, the Apex Court held that “ The truth is that a few profound issues of processual jurisprudence of great strategic significance to our legal system face us and we must zero-in on them as they involve problems of access to justice for the people beyond the blinkered rules of ‘standing’ of British Indian vintage. If the center of gravity of justice is to shift, as the Preamble to the Constitution mandates, from the traditional individualism of locus standi to the community orientation of public interest litigation, these issues must be considered… Why drive common people to public interest action? Where Directive Principles have found statutory expression in Do’s and Don’ts the court will not sit idly by and allow municipal government to become a statutory mockery. The law will be relentlessly enforced and the plea of poor finance will be poor alibi when people in misery cry for justice.” Justice Bhagwati of the Supreme Court in his judgment in S.P. Gupta v. President of India & Others,[18] altogether dismissed the traditional rule of standing and in its place, the Court prescribed the modern rule on standing while holding that “where a legal wrong or a legal injury is caused to a person or to a determinate class of persons by reason of violation of any constitutional or legal right or any burden is imposed in contravention of any constitutional or legal provision or without authority of law or any such legal wrong or legal injury or illegal burden is threatened and such person or determinate class of persons is by reason of poverty, helplessness or disability or socially or economically disadvantaged position, unable to approach the Court for relief, any member of the public can maintain an application for an appropriate direction, order or writ, in the High Court under Article 226, and in case of breach of any fundamental right, in this Court under Article 32.”

Indian Courts have become so inclined towards accepting litigation involving public interest that they have maintained relaxed procedural norms to entertain writs for continuing such litigations.[19] In Sheela Barse v. State of Maharashtra,[20] Sheela Barse, a journalist, complained of custodial violence against women prisoners in Bombay. Her letter was treated as a writ petition and the directions were given by the court. In Dr. Upendra Baxi (I) v. State of Uttar Pradesh & Another,[21] two distinguished law Professors of the Delhi University addressed a letter to this court regarding inhuman conditions that were prevalent in the Agra Protective Home for Women. The court heard the petition for a number of days and gave important directions by which the living conditions of the inmates were significantly improved in the Agra Protective Home for Women. 

In Labourers Working on Salal Hydro Project v. State of Jammu & Kashmir & Others,[22] on the basis of a news item in the Indian Express regarding the condition of the construction workers, the Court took notice and observed that construction work is hazardous employment and no child below the age of 14 years shall be employed in such work by reason of the prohibition enacted in Article 24. It also held that this constitutional prohibition must be enforced by the Central Government. In Paramjit Kaur (Mrs.) v. State of Punjab & Others,[23] a telegram was sent to a Judge of the Apex Court which was treated as a habeas corpus petition. The allegation was that the husband of the appellant was kidnapped by some people in police uniform from a busy residential area of Amritsar. The Court took serious note of it and directed that the investigation of the case be handled by the Central Bureau of Investigation.

 

Public Interest Litigations sans the Public Interest 

Though, the Indian Courts have entertained public interest litigation in the recent past, in a plethora of cases they have also shut the portals of the Courts to those who have come with unclean hands to avenge themselves in the guise of public interest litigation. In BALCO Employees’ Union (Regd.) v. Union of India & Others[24], the Court recognized that there have been, in recent times, increasing instances of abuse of public interest litigation. Accordingly, the Court has devised a number of strategies to ensure that the attractive brand name of public interest litigation is not used for suspicious products of mischief. 

Firstly, the Supreme Court has limited standing in public interest litigation to individuals “acting bonafide”. Secondly, it has sanctioned the imposition of “exemplary costs” as a deterrent against frivolous and vexatious public interest litigations. Thirdly, instructions have been issued to the High Courts to be more selective in entertaining public interest litigations. 

In S.P. Gupta v. President of India & Others,[25] the Court has found that this liberal standard makes it critical to limit standing to individuals “acting bona fide”. To avoid entertaining frivolous and vexatious petitions under the guise of public interest litigation, the Court has excluded two groups of persons from obtaining standing in public interest litigation petitions. First, the Supreme Court has rejected awarding standing to “meddlesome interlopers.” Second, it has denied standing to interveners bringing public interest litigation for personal gain. Further, the court cautioned that important jurisdiction of public interest litigation may be confined to legal wrongs and legal injuries for a group of people or a class of persons. It should not be used for individual wrongs because individuals can always seek redressal from legal aid organizations. This is a matter of prudence and not a rule of law. 

In Chhetriya Pardushan Mukti Sangharsh Samiti v. State of U.P & Others[26], the Court withheld standing from the applicant on grounds that the applicant brought the suit motivated by enmity between the parties. The Court again, in this case, emphasized that Article 32 is a great and salutary safeguard for the preservation of the fundamental rights of the citizens. The superior Courts have to ensure that this weapon under Article 32 should not be misused or abused by any individual or organization.  In Neetu v. State of Punjab & Others[27], the Court concluded that it is necessary to impose exemplary costs to ensure that the message goes in the right direction and that petitions filed with an oblique motive do not have the approval of the Courts. In S.P. Anand v. H.D. Deve Gowda & Others[28], the Court warned that it is of the utmost importance that those who invoke the jurisdiction of this Court seeking a waiver of the locus standi rule must exercise restraint in moving the Court by not plunging into areas wherein they are not well-versed. 

In Sanjeev Bhatnagar v. Union of India & Others[29], this Court went a step further by imposing a monetary penalty of Rs10,000/- against an Advocate for filing a frivolous and vexatious petition. The Court found that the petition was devoid of public interest, and instead labelled it as “publicity interest litigation”.. In Dattaraj Nathuji Thaware v. State of Maharashtra & Others[30], the Supreme Court affirmed the High Court’s monetary penalty against a member of the Bar for filing a public interest litigation petition on the same grounds. The Court found that the petition was nothing but a camouflage to foster personal dispute. Observing that no one should be permitted to bring disgrace to the noble profession, the Court concluded that the imposition of the penalty of Rs. 25,000 by the High Court was appropriate. Evidently, the Supreme Court has set a clear precedent validating the imposition of monetary penalties against frivolous and vexatious public interest petitions, especially when filed by Advocates. The Court expressed its anguish on misuse of the forum of the Court under the garb of public interest litigation and observed that public interest litigation is a weapon which has to be used with great care and circumspection and the judiciary has to be extremely alert in ascertaining the true intentions behind the beautiful veil of social justice.  

The Court must not allow its process to be abused for oblique considerations. In Charan Lal Sahu & Others v. Giani Zail Singh & Another[31], the Supreme Court observed that “we would have been justified in passing a heavy order of costs against the two petitioners” for filing “a light-hearted and indifferent” public interest litigation petition. However, to prevent “nipping in the bud a well-founded claim on a future occasion” the Court opted against imposing monetary costs on the petitioners. In this case, this Court concluded that the petition was careless, meaningless, clumsy and against the public interest. Therefore, the Court ordered the Registry to initiate prosecution proceedings against the petitioner under the Contempt of Courts Act. Additionally, the court forbade the Registry from entertaining any future public interest litigation petitions filed by the petitioner, who was an Advocate in this case.

In J. Jayalalitha v. Government of Tamil Nadu & Others[32], the Court laid down that public interest litigation can be filed by any person challenging the misuse or improper use of any public property including the political party in power for the reason that interest of individuals cannot be placed above or preferred to a larger public interest. In Holicow Pictures Pvt. Ltd. v. Prem Chandra Mishra & Others[33], the Court observed that “It is depressing to note that on account of such trumpery proceedings initiated before the Courts, innumerable days are wasted, the time which otherwise could have been spent for disposal of cases of the genuine litigants. Though we spare no efforts in fostering and developing the laudable concept of public interest litigation and extending our long arm of sympathy to the poor, the ignorant, the oppressed and the needy, whose fundamental rights are  infringed and violated and whose grievances go unnoticed, un-represented and unheard; yet we cannot avoid but express our opinion that while genuine litigants with legitimate grievances relating to civil matters involving properties worth hundreds of millions of rupees and criminal cases in which persons sentenced to death facing gallows under untold agony and persons sentenced to life imprisonment and kept in incarceration for long years, persons suffering from undue delay in service matters -government or private, persons awaiting the disposal of cases wherein huge amounts of public revenue or unauthorized collection of tax amounts are locked up, detenu expecting their release from the detention orders etc. etc. are all standing in a long serpentine queue for years with the fond hope of getting into the Courts and having their grievances redressed, the busybodies, meddlesome interlopers, wayfarers or officious interveners having absolutely no public interest except for personal gain or private profit either of themselves or as a proxy of others or for any other extraneous motivation or for glare of publicity break the queue muffing their faces by wearing the mask of public interest litigation and get into the Courts by filing vexatious and frivolous petitions and thus criminally waste the valuable time of the Courts and as a result of which the queue standing outside the doors of the Courts never moves, which piquant situation creates frustration in the minds of the genuine litigants and resultantly they lose faith in the administration of our judicial system.”

The Court has to be satisfied with:

(a) the credentials of the applicant;

(b) the prima facie correctness or nature of the information given by him;

(c) the information being not vague and indefinite.

The information should show the gravity and seriousness involved. Court has to strike balance between two conflicting interests;

(i) nobody should be allowed to indulge in wild and reckless allegations besmirching the character of others; and

(ii) avoidance of public mischief and avoid mischievous petitions seeking to assail, for oblique motives, justifiable executive actions.

The Courts also have to practice great caution in ensuring that while redressing a public grievance, it does not encroach upon the sphere reserved by the Constitution to the Executive and the Legislature, while maintaining a balance while dealing with imposters and busybodies or meddlesome interlopers impersonating as public-spirited holy men. In Janata Dal v. H.S. Chowdhary & Others[34], the court rightly cautioned that the expanded role of courts in the modern `social’ state demands greater judicial responsibility. In Guruvayur Devaswom Managing Committee & Another v. C.K. Rajan & Others [35], it was reiterated that the Court must ensure that its process is not abused. Therefore, the Court would be justified in insisting on furnishing of security before granting an injunction in appropriate cases. The Courts may impose heavy costs to ensure that the judicial process is not misused.

The bandwagon of public interest litigation has attained new heights in the recent past. With all the parameters drawn by Courts to adjudge what constitutes litigation related to the public interest, still, with blindfolded certainty; it cannot be said that a strait jacketed formula would serve as a panacea for all vexatious litigants to sieve through. With the Courts, always loaded with backlogs, the utopian dream of ‘justice for all” and in the “interest of all,” might straddle.

References: 

[1] (Traditionally used to the adversary system, we search for individual persons aggrieved. But a new class of litigation public interest litigation- where a section or whole of the community is involved (such as consumers’ organisations or NAACP-National Association for Advancement of Coloured People-in America), emerges in a developing country like ours, this pattern of public oriented litigation better fulfils the rule of law if it is to run close to the rule of life…The possible apprehension that widening legal standing with a public connotation may unloose a flood of litigation which may overwhelm the judges is misplaced because public resort to court to suppress public mischief is a tribute to the justice system.) Bar Council of Maharashtra v. M. V. Dabholkar & Others, 1976 SCR 306.

[2] (Our current processual jurisprudence is not of individualistic Anglo-Indian mould. It is broad-based and people-oriented, and envisions access to justice through `class actions’, `public interest litigation’, and `representative proceedings’. Indeed, little Indians in large numbers seeking remedies in courts through collective proceedings, instead of being driven to an expensive plurality of litigations, is an affirmation of participative justice in our democracy. We have no hesitation in holding that the narrow concepts of `cause of action’, `person aggrieved’ and individual litigation are becoming obsolescent in some jurisdictions.) Akhil Bharatiya Soshit Karamchari Sangh (Railway) v. Union of India & Others, AIR 1981 SC 298.

[3] (Public Interest Law is the name that has recently been given to efforts to provide legal representation to previously unrepresented groups and interests. Such efforts have been undertaken in the recognition that ordinary market place for legal services fails to provide such services to significant segments of the population and to significant interests. Such groups and interests
 include the proper environmentalists, consumers, racial and ethnic minorities and others.) M/s Holicow Pictures Pvt. Ltd. v. Prem Chandra Mishra & Ors., AIR 2008 SC 913.

[4] (Public interest litigation is a cooperative or collaborative effort by the petitioner, the State of public authority and the judiciary to secure observance of constitutional or basic human rights, benefits and privileges upon poor, downtrodden and vulnerable sections of the society.) People’s Union for Democratic Rights & Others v. Union of India & Others, (1982) 3 SCC 235. 

[5] (Public interest litigation is part of the process of participative justice and `standing’ in civil litigation of that pattern must have liberal reception at the judicial doorsteps.) Fertilizer Corporation Kamagar Union Regd., Sindri & Others v. Union of India & Others, AIR 1981 SC 844.

[6] (Public interest litigation is for making basic human rights meaningful to the deprived and vulnerable sections of the community and to assure them social, economic and political justice.) Ramsharan Autyanuprasi & Another v. Union of India & Others, AIR 1989 SC 549.

[7] (The Court has all incidental and ancillary powers including the power to forge new remedies and fashion new strategies designed to enforce the fundamental rights.) M. C. Mehta & Another v. Union of India & Others, AIR 1987 SC 1086.

[8] Indian Banks Association v. Devkala Consultancy Service, AIR 2004 SC 2815.

[9] (Any person claiming of infraction of any fundamental right guaranteed by the Constitution is at a liberty to move to the Supreme Court, but the rights that could be invoked under Article 32 must ordinarily be the rights of the person who complains of the infraction of such rights and approaches the Court for relief.) Narinderjit Singh Sahni v. Union of India, AIR 2001 SC 3810; see also Ruqmani v. Achuthan, AIR 1991 SC 983; see also Delhi Administration v. Madan Lal Nangia, AIR 2003 SC 4672.

[10] (The law as to locus standi has been diluted by the advent of the doctrine of public interest litigation.) Bangalore Medical Trust v. Muddappa, AIR 1991 SC 1902.

[11] (The traditional rule is flexible enough to take in those cases where the applicant has been prejudicially affected by an act or omission of an authority, even though he has no proprietary or even a fiduciary interest in the subject-matter. That apart, in exceptional cases even a stranger or a person who was not a party to the proceedings before the authority, but has a substantial and genuine interest in the subject-matter of the proceedings will be covered by this rule.) Jasbhai Motibhai Desai v. Roshan Kumar, Haji Bashir Ahmed & Others, (1976) 1 SCC 671.

[12] (The old doctrine of only relegating the aggrieved to the remedies available in civil law limits the role of the courts too much as protector and guarantor of the indefeasible rights of the citizens. The courts have the obligation to satisfy the social aspirations of the citizens because the courts and the law are for the people and expected to respond to their aspirations.) Smt. Nilabati Behera alias Lalita Behera v. State of Orissa & Others, AIR 1993 SC 1960.

[13] (Today, unfortunately, in our country the poor are priced out of the judicial system with the result that they are losing faith in the capacity of our legal system to (sic) about changes in their life conditions and to deliver justice to them. The poor in their contact with the legal system have always been on the wrong side of the line. They have always come across ‘law for the poor & rather than law of the poor’. The law is regarded by them as something mysterious and forbidding–always taking something away from them and not as a positive and constructive social device for changing the social economic order and improving their life conditions by conferring rights and benefits on them. The result is that the legal system has lost its credibility for the weaker section of the community.) Hussainara Khatoon & Others v. Home Secretary, State of Bihar, Patna AIR 1979 SC 1369.

[14] The Mumbai Kamgar Sabha, Bombay v. Abdulbhai Faizullabhai Others, AIR 1976 SC 1455.

[15] Sunil Batra v. Delhi Administration & Others, AIR 1978 SC 1675.

[16] AIR 1980 SC 1535.

[17] AIR 1980 SC 1622.

[18] AIR 1982 SC 149.

[19] (public interest litigation should be encouraged when the Courts are apprised of gross violation of fundamental rights by a group or a class action or when basic human rights are invaded or when there are complaints of such acts as shock the judicial conscience that the courts, especially this Court, should leave aside procedural shackles and hear such petitions and extend its jurisdiction under all available provisions for remedying the hardships and miseries of the needy, the underdog and the neglected.)Shri Sachidanand Pandey & Another v. The State of West Bengal & Others, (1987) 2 SCC 295.

[20] AIR 1983 SC 378.

[21]  1983 (2) SCC 308.

[22] AIR 1984 SC 177.

[23]  (1996) 7 SCC 20.

[24] AIR 2002 SC 350.

[25] AIR 1982 SC 149.

[26] AIR 1990 SC 2060.

[27] AIR 2007 SC 758.

[28] AIR 1997 SC 272.

[29] AIR 2005 SC 2841.

[30] (2005) 1 SCC 590.

[31] AIR 1984 SC 309.

[32]  (1999) 1 SCC 53.

[33] AIR 2008 SC 913.

[34] (1992) 4 SCC 305.

[35] (2003) 7 SCC 546.

 

Image Credits: Image by Sasin Tipchai from Pixabay 

The bandwagon of public interest litigation has attained new heights in the recent past. With all the parameters drawn by Courts to adjudge what constitutes litigation related to the public interest, still, with blindfolded certainty; it cannot be said that a strait jacketed formula would serve as a panacea for all vexatious litigants to sieve through.

POST A COMMENT

In Focus: Why Is It Important to Bridge the Gender Inequality Gap in India

The Global Gender Gap Index of 2022[1], released by the World Economic Forum, in July placed India at the 135th position out of 146 countries. Contrastingly, in 2021, India was placed in the 140th position out of 156 countries. The Global Gender Gap Index benchmarks the current state and evolution of gender parity across four areas of concern- economic participation and opportunity; educational attainment; health and survival, and political empowerment. At present, India fares the worst in the health and survival category.

Discrimination affects many aspects of the lives of women, from career development and progress to mental health disorders. While Indian laws on rape, dowry and adultery have women’s safety at heart, these highly discriminatory practices are still taking place at an alarming rate.

What is Gender Inequality?

Gender inequality is a social phenomenon in which men and women are not treated equally. The treatment may arise from distinctions regarding biology, psychology, or cultural norms prevalent in society. Some of these distinctions are empirically grounded, while others appear to be social constructs. It has serious and long-lasting consequences for women and other marginalised genders. Exposure to violence, objectification, discrimination and socioeconomic inequality can lead to anxiety, depression, low self-esteem, and PTSD. Gender inequality in education has a direct impact on economic growth by lowering the average quality of human capital. In addition, economic growth is indirectly affected by the impact of gender inequality on investment and population growth.

In many developing countries, the disparity in access to quality education between girls and boys adversely impacts the girls’ ability to build human and social capital, narrowing their job opportunities and reducing their entitled wages in labour markets. Often women and girls are confined to fulfilling roles as mothers, wives, and caretakers. Gender norms position girls as caretakers, which leads to discrimination with respect to the distribution of domestic duties. 47% of the Indian population is female, out of which only 19% of the population actively contributes to the country’s GDP.[2]If India were to bridge this gap, it could expand the GDP by a third by 2050, equating to $6 trillion.

Rural households that are headed by women suffer more from poverty than those headed by men. Social and cultural barriers, a lack of kindergartens, as well as the burden of unpaid housework, prevent women from developing their skills and from generating an income.

Within the context of population and development programs, gender equality is critical because it will enable women and men to make decisions that impact more positively on their own sexual and reproductive health as well as that of their spouses and families.

 

Gender Inequality in the Workplace

Men and women alike may face issues regarding gender inequality in the workplace, although women typically deal with it more often than men. Gender inequality occurs in the workplace due to traditional gender roles and persistent gender bias. Traditional gender roles may be indicative of how much extra time and effort an individual can put into their jobs since employees are usually expected to go above and beyond to prove their worth. There are gender biases that may inadvertently give the advantage to one gender over the other in the workplace, such as the idea that men have more physical capability or that women are better in nurturing roles.

Gender equality in the workplace is very important for one to grow and develop a business.

When a business proactively takes steps to resolve gender discrimination, it automatically enables them to increase productivity, alleviate conflict, and reduce the chances of legal issues. Gender equality is the key to capturing skills, ideas and perspectives that each gender has to offer. People prefer to work at companies that prioritise equality, diversity, and inclusion. Gender inclusion in the workplace varies depending on the business. However, excluding an individual from team projects, company outings, meetings and necessary decision-making because of gender falls within the realm of gender inequality. When an individual is not included in tasks or events, it can prevent them from becoming productive workers.

Gender equality in the workplace means employees of all genders have access to the same rewards, opportunities, and resources at a company, including:

  • Each gender can fully participate in the workplace.
  • Equal opportunities for each gender for promotions, and career progression to achieve leadership positions.
  • Equal pay and benefits for equal work.
  • Equal consideration of needs.
  • Acceptance rather than discrimination against those who have caregiving and family responsibilities.

There are several benefits for companies who maintain gender equality in the workplace, including the following:

  • Positive company culture A gender-equal work environment where all employees feel respected and valued creates an overall more positive workplace for all your employees. When you have a gender-diverse environment, your employees will likely notice that their co-workers have talents and strengths they don’t possess themselves. The appreciation for these differences will help promote an environment of respect among the team.
  • More innovation and creativity People of different genders bring unique talents, strengths and skills into the workplace, which can improve collaboration and result in a stimulating and creative environment. In fact, companies often find that gender diversity can lead to greater innovation within the workplace.
  • Build a great reputation – By promoting gender equality in the workplace, a business can foster a great company reputation with the outside world. People who have similar values will want to work for them, and with happy employees, the business will have a positive and productive workforce.
  • Improved conflict resolution – Strong communication skills among employees are essential for company-wide success. People of different genders naturally communicate differently, with some preferring to communicate problems directly and others working as peacemakers. When you combine these different communication styles in one work environment, you can more easily achieve conflict resolution.

 

The Legal View

A look at some of the decisions court has taken over the years, championing women’s rights in the workplace, at home, and in public spaces to give women their due:

 

Daughters’ Rights in Hindu Undivided Family Property (HUF)

A landmark judgment in protecting women’s rights in the context of the family is the SC judgment in Vineeta Sharma v. Rakesh Sharma (August 2020) where the court held that daughters would have equal coparcenary rights in Hindu Undivided Family property (HUF) by virtue of their birth and could not be excluded from inheritance, irrespective of whether they were born before the 2005 amendment to the Hindu Succession Act, 1956.

Before the 2005 amendment, there was marked discrimination in determining the rights of a son and daughter in claiming the inheritance. A son could claim a share in HUF property “as a matter of right,” however, a daughter did not have any rights after marriage as she was considered to be a part of her husband’s family. Even after the amendment, judgments of various courts and the Supreme Court itself in Prakash v. Phulvati (2016) held that a daughter could be eligible to be a co-sharer only if the daughter and the father were alive as of September 9, 2005 (the date of the amendment). The Supreme Court, by virtue of the Vineeta Sharma judgment, extended the benefit of the 2005 amendment and legitimised the position of women as an integral part of their father’s families.

 

Protection at the Workplace

The court has also sought to provide for the safety of women in the workplace by protecting them from sexual harassment. In the case of Vishakha v. State of Rajasthan [1997 AIR 3011 (SC)], the court framed detailed guidelines for employers to follow to provide for a mechanism to redress the grievances of their female employees. The court felt the need to develop guidelines to “check the evil of sexual harassment of working women at all workplaces” in the “absence of domestic law occupying the field.” These guidelines were eventually formalised as legislation with the passing of The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, a vital law to protect millions of women who enter the country’s workforce every year.

 

Participation in Defence

The Supreme Court also held in its 2021 judgement in the case of The Secretary, Ministry of Defence v. Babita Puniya & Ors. that all women army officers are eligible for permanent commissions, allowing them to be in commanding roles in the defence forces. Women officers are now on par with their male counterparts when it comes to promotions, rank, benefits and pensions, thereby fortifying their position in the defence sector, an institution with rigid gender norms.

The court also slammed the Indian Army on August 18, 2021, for disallowing women to appear in National Defence Academy (NDA) examinations. The Supreme Court ordered that women can also sit for National Defence Academy (NDA) examinations. It allowed women candidates to take the examination and said the army’s policy for women was based on “gender discrimination.” The Supreme Court told the Centre that women candidates must be allowed to sit for the entrance exam to the National Defence Academy in November 2021. It cannot defer for one year. Further, medical standards should be tentatively notified and UPSC to issue a corrected notification for the November exam.

 

Acid attack

The Supreme Court, in the case of Laxmi v. Union of India (2014), a PIL brought about by Laxmi, an acid attack survivor, issued guidelines for the welfare of acid attack survivors, besides imposing a country-wide restriction on the sale of acid and compensation to the victims. The judgement led to an amendment in the criminal law, making acid attacks a specific offence and framing a victim compensation scheme for the survivors.

 

Triple Talaq

In the case of Shayra Bano v Union of India [2017 SCC 963 (SC)], the court declared that the practice of instant triple talaq (talaq-e-bidat) is against the basic tenets of the Quran. Talaq-e-bidat is a practice that gives a man the right to divorce his wife by uttering ‘talaq’ three times in one sitting, without his wife’s consent. The court directed the Centre to pass legislation in this regard, which led to the Muslim Women (Protection of Rights of Marriage) Act, 2019. As per the Act, any Muslim husband who pronounces triple talaq on his wife shall be punished with imprisonment which may extend up to three years and a fine. The judgement also saw a heartening departure from the conservative approach taken by the court in Mohd. Ahmed Khan v. Shah Bano Begum (1985). The court also departed from its traditional reluctance to issue judgments in matters of faith while passing its verdict in the Sabrimala (2019) issue. The court held that devotion cannot be subjected to gender discrimination and permitted the entry of women of all ages into the Sabarimala Temple despite a centuries-old custom banning the entry of menstruating women.

The expanding sphere of women in civil society, politics and the armed forces in India has been marshalled and punctuated by various judgments of the court. These judgements have slowly but surely chipped away at some of the anachronistic customs and norms that have long kept women on the sidelines and have paved the way for the executive and the legislature to take up steps to uphold women’s rights in the country.

As the importance of women’s rights in the public and private spheres continue to grow, it is imperative that the law too continues to evolve, accommodating their aspirations and desires.

In March, 2021, in the case of Lt. Col. Nitisha and Ors. v. Union of India, the Supreme Court issued a judgement declaring that the Army’s criteria on Permanent Commissions indirectly discriminated against women. In this case, 86 Army officers had approached the SC alleging gender-based discrimination in the Indian Army. The army officers were women who had a Short Service Commission (SSC) and were applying for a Permanent Commission (PC) in the army. Although the criteria adopted to select women PC officers were nearly identical to the ones used for men, some sub-criteria imposed an unfair burden on women. The Court held that the Army’s criteria indirectly discriminated against women officers. The Bench stated that invisible forms of discrimination must be eliminated to achieve substantive equality.

 

SC Gets Three New Women Judges

On October 31, 2021, nine new Chief Justices were appointed by the Supreme Court. Out of the total, three are female judges, a first in the Indian judicial appointments history. This decision was historic because for the first time these many women judges have been appointed and another reason was for the first-time camera was allowed inside the swearing-in room. The newly appointed judges are Justices Hima Kohli, BV Nagarathna and Bela M. Trivedi. Justice Nagarathna is going to be the first female Chief Justice of India in 2027.

 

Conclusion

 

According to Swami Vivekananda, “That nation which doesn’t respect women will never become great now and nor will it ever in the future.” A concerted effort and the support of everyone can and shall pave the way for a truly equal society.

However, skewered gender roles do not provide enough opportunities to improve access to education for women. As a first step, actively breaking the gender bias on the domestic front is the key. Only when women are seen as more than caregivers and housekeepers, will their individuality and potential be truly respected. In this mission, parents play a crucial role, they should teach their child to be respectful towards all genders and refrain from typecasting genders into specific roles. Many other developmental schemes and initiatives for improving the status of women havealso been implemented, but the law and the judiciary can only extend assistance to a certain limit. Real change will only ensue when we as a community and society take conscious initiatives to break the age-old biased practices embedded in our culture.

Skewered gender roles do not provide enough opportunities to improve access to education for women. As a first step, actively breaking the gender bias on the domestic front is the key. Only when women shall be seen as more than caregivers and housemakers, will their individuality and potential be truly respected. In this mission, parents play a crucial role, they should teach their children to be respectful towards all genders and refrain from typecasting genders into specific roles. Many developmental schemes and initiatives for improving the status of women also have been implemented, but the law and the judiciary can only extend assistance to a limit. A real change shall only ensue when we as a community and society take conscious initiatives to break the age-old biased practices embedded in our culture.  

POST A COMMENT

Legal Implications of Offering Gifts to Public Servants

Offering gifts to Public Servants is an act which might call for interference with the provisions of the Prevention of Corruption Act, 1988 (“Act”). Many companies grapple with whether they should be offer gifts to Public Servants as a gesture of celebration during festivals. It is pertinent to note that the concern involved might be looked at from different perspectives. The leitmotif of this piece is to only provide a picture from the standpoint of the Act.

The Act was enacted to eradicate corruption. Section 2 (c) of the Act provides for an elaborate definition of the term “Public Servant”. The definition of the term “Public Servant” has time and again been under wide judicial interpretation. Interestingly, the Act does not define the term bribe, gift or gratification. Instead, the it uses the terminology ‘undue advantage’. The term ‘undue advantage’ is defined under section 2(d) which means “any gratification whatever, other than legal remuneration”. The term “gratification” is not limited to pecuniary gratifications or to gratifications estimable in money. The expression “legal remuneration” is not restricted to remuneration paid to a public servant but includes all remuneration that the public servant is permitted by the Government or the organisation, which he serves, to receive. Therefore, any gift to a Public Servant can qualify as an undue advantage given to him.

Section 7 of the Act provides for punishment to a Public Servant for accepting bribe. The Section provides that obtaining or accepting or attempting to obtain “undue advantage” from any person as a reward or with an intention to perform or cause performance of a public duty improperly or dishonestly or to forbear the performance of any such duty would amount to a punishable offence. It further provides that if a public servant abets any other public servant to perform the aforesaid acts, the said public servant would be liable under the provisions of Section 7. The explanation to Section 7 provides that the act of obtaining or accepting or attempting to obtain any “undue advantage” shall by itself constitute an offence, even if the performance of the public duty by the public servant is not or has not been improper. Thus, the explanation makes it clear that, whether the public servant has discharged the duty improperly or not, he can be prosecuted, if he has obtained or attempted to obtain any undue advantage for the discharge of his official duty.

The Act further provides for the punishment of any person who commits the offence of bribing a public servant. Section 8 of the Act states that any person who gives or promises to give an undue advantage to other person/persons with an intention to induce a public servant to perform improperly, a public duty or to reward such public servant for such improper performance shall be punished with imprisonment or with fine or with both. Further, Section 9 of the Act deals with an offence relating to bribing a public servant by a commercial organization. Under the Section, a commercial organization not only includes a company or partnership incorporated in India and carrying on business in India or outside India, but also a body or partnership incorporated or formed outside India but carrying on business in India. Moreover, Section 9 makes the commercial organization guilty and punishable with a fine if any person(s) associated with them gives/promises to give any undue advantage with the intent to:

  • Obtain/retain any business, or
  • Obtain/retain an advantage in the conduct of business for such a commercial organization.

It is pertinent to note that, under Section 9, it shall be a defence for the commercial organization to prove that it had in place adequate procedures for the compliance of such guidelines as may be prescribed to prevent persons associated with it from undertaking such conduct.

Section 10 of the Act provides that a person in charge of a commercial organization who has committed an offence under section 9 of the Act shall be guilty of the offence and shall be liable to be proceeded against. That is to say that when an offence under Section 9 of the Act is committed by a commercial organization and such offence is proved in the Court to have been committed with the connivance of any director, manager, secretary or another officer of the commercial organization; such director, manager, secretary or another officer shall be guilty of the offence and shall be liable to be proceeded against and shall be punishable with imprisonment for a term which shall not be less than three years but which may extend to seven years and shall also be liable to a fine.

Having understood the conspectus of sections, it is pertinent to note that gifts given to a public servant might be considered as “undue advantage” under Section 2 (d) of the Act. The term “undue advantage” has been defined in a broad manner under the Act to mean any gratification, other than the entitled legal remuneration. Therefore, gifts which do not form part of the legal remuneration of a Public Servant could be held as an “undue advantage”. In such a case, both the person giving such undue advantage and the Public Servant accepting such undue advantage might be booked under the provisions of the Act. Therefore, in this regard that when it comes to criminal prosecution, both mens rea and actus reus are important to be established. Even if the intention of the person giving such gifts was not to gain any undue benefits from the Public Servant, in deviation of his duty, that would have to be established before a Court of law. Lack of intention would not stop the State authorities to initiate an action under the provisions Act.

Therefore, both people giving gifts to Public Servants and Public Servants accepting gifts are to be cautious of its legal implications.

Image Credits: Photo by Shameer Pk from Pixabay 

The term “undue advantage” has been defined in a broad manner under the Act to mean any gratification, other than the entitled legal remuneration. Therefore, gifts which do not form part of the legal remuneration of a Public Servant could be held as an “undue advantage”. In such a case, both the person giving such undue advantage and the Public Servant accepting such undue advantage might be booked under the provisions of the Act. Therefore, in this regard that when it comes to criminal prosecution, both mens rea and actus reus are important to be established.

POST A COMMENT

Thinking through Timelines: Acceptance of Rent Amounts to Waiver of Termination of Lease?

On June 24, 2022, the Supreme Court of India while deciding the matter of Sri K.M. Manjunath Vs. Sri Erappa G,[i] held that mere acceptance of rent by landlord after the expiry of lease would not amount to waiver of termination of lease.

Background

 

The dispute in this matter arose in connection with unregistered lease agreements for the lease of shop premises at Banaswadi Main Road, Bengaluru. Pursuant to the expiry of the last lease deed executed between the parties, the respondent-lessor filed a suit for ejectment before the Small Causes Court against the petitioner-lessee to obtain vacant possession of the shop premises. The Small Causes Court dismissed the suit for ejectment on the grounds that the suit was not maintainable as there was no valid termination of tenancy under section 106 of the Transfer of Property Act, 1882 (“ToP Act”) (detailed hereinbelow).

Aggrieved by the aforesaid dismissal, the respondent-lessor preferred a revision petition before the Karnataka High Court (“High Court”). Upon appreciation of the evidence on record, which inter alia consisted of unregistered lease agreements executed between the parties during the period of 1989 to 1995, the High Court noted that the duration of the lease agreements could be inferred to be for a period of 11 (eleven) months each, and thus the lease granted thereunder stood terminated by efflux of time. Hence, the petitioner-lessee was not entitled to notice under section 106 of the ToP Act. The High Court thus set aside the judgement of the Small Causes Court.

The petitioner-lessee thereafter filed a special leave petition (“Special Leave Petition”) before the Supreme Court challenging the judgment and final order of the High Court.

 

Applicable Provisions and Contentions

 

The primary contention in the matter was the applicability of section 106 of the ToP Act, which provides that where there is no written contract for the lease of immovable property, not being leased for agricultural or manufacturing purposes, the period of the lease shall be deemed to be from month to month and terminable by 15 (fifteen) days’ notice. The contention of the petitioner-lessee before the Small Causes Court was that no valid notice was served by the respondent-lessor as per this provision. On the basis of the aforesaid, the Small Causes Court ruled in favour of the petitioner-lessee. However, based on the aforementioned evidence evaluation, the High Court determined that the lease in this case stood determined by virtue of section 111(a) of the ToP Act, which provides that a lease may come to an end by efflux of time limited therein.

The Supreme Court, in the Special Leave Petition, took note of the contention of the petitioner-lessee that after the expiry of the period of the last lease agreement, the petitioner-lessee was continuing as a tenant in sufferance and had paid the rent till the date of the filing of the suit for ejectment.

 

Verdict

 

Considering the above provisions and contentions, the Supreme Court appreciated the reiteration of the High Court, based on the precedents relied upon by the High Court, that mere acceptance of the rent does not amount to a waiver of the termination of the tenancy. The Supreme Court, however, granted the request of the petitioner-lessee for a grant of time to vacate the shop premises by allotting a period of 6 (six) months from the date of its judgement to hand over the possession of the shop premises to the respondent-lessor. The aforesaid extension was granted subject to the petitioner-lessee submitting an undertaking on affidavit to pay the arrears of rent at the rate of INR 1400/- (Indian Rupees One Thousand Four Hundred only) per month for the arrears pending from the year 2017 (as determined by the High Court) and extending to the aforesaid period of 6 (six) months.

Accordingly, the Supreme Court upheld the decision of the High Court and dismissed the Special Leave Petition for being devoid of merit.

 

The Takeaway

 

The reaffirmation of the Supreme Court on non-waiver of termination in this matter reinforces the significance of capturing the duration of the lease in crystal clear terms in lease agreements. Detailing timelines for termination and notice period is just as important. As seen in the facts of the discussed case, the absence of such agreed timelines can further complicate disputes arising between the parties. Hence, customising such timelines on a case-specific basis is critical, while adopting timelines based merely on common practice is best avoided.

References: 

[i]Petition For Special Leave To Appeal (C) NO.10700 OF 2022 filed before the Supreme Court Of India, Civil Original Jurisdiction.

Image Credits: Photo by  Tierra Mallorca on Unsplash

The reaffirmation of the Supreme Court on non-waiver of termination in this matter reinforces the significance of capturing the duration of the lease in crystal clear terms in lease agreements. Detailing timelines for termination and notice period is just as important. 

POST A COMMENT

There is a Tide in the Affairs of Men…and Nations too

Three decades ago, the mobile revolution helped India overcome its communication challenges. Today, mobile phones have become a commodity in India. At least feature phones have, even if smartphones haven’t. But if you are old enough to remember India during the mid-1990s, you will know that India’s fixed line telephone density was very low at that time. Getting new telephone connections was tough, and involved waiting periods that often extended to several months. Due to ageing cables, making telephone calls was a challenge, and even when calls were connected, the quality was poor.  

Mobile communication technologies unleashed a powerful revolution that changed all this. Even far-off locations where laying fixed-line cables was a challenge got access to mobile towers and signals. So huge has been the transformative power of mobile technologies that an entire generation of regulatory reforms, business models and lifestyle paradigms all depend on the ubiquitous mobile phone.

Why is this relevant now?

Today, the world is on the threshold of a new breed of technologies such as AI/ML, Robotics, IIoT, Blockchain, Cloud, Analytics, Drones, Autonomous Vehicles, the Metaverse etc. Collectively and individually, these technologies have the potential to transform the world as we know it to a much greater degree. Indeed, the next decade may witness the greatest changes driven by technology in the recorded history of humankind.

The reason why it is important to be cognizant of this and take timely action. There are no established leaders in these areas because the sectors, their impact and tech are still evolving. India as a country has the technical and commercial savvy to harness these new technologies and drive innovations. What is needed is the educational and industrial framework to ensure that students get to acquire and sharpen their expertise in these new areas and start applying them to solving real-world problems. The National Education Policy is one step in this direction, but implementing it in the right way is key. Not just the curriculum, but the whole system of education must change. Internships must become more focused and integrated with the learning process, and not just a certificate-driven activity as it largely has been (and is).

It’s not just the central government that needs to act with alacrity and vision; state governments also need to formulate the right policies and rules to ensure that the country as a whole is able to take advantage of the massive disruption that is occurring all around us. Some states have woken up to this need and are putting in place plans to encourage entrepreneurs and attract investments into key sectors. The initial agreement to set up a chip-making facility in Karnataka is one example- but it’s early days yet, and many more hurdles need to be overcome.

The startup ecosystem, too, needs to readjust its approach to backing ventures in these new areas. Yes, the risk will be higher and the failure rate may be higher, but these ventures must be seen as proving grounds for technologies and ideas. Our private sector must also be ready to make the necessary investments to embrace these new technologies and lead innovation and adoption. Our large IT services industry must accelerate the shift to provide offerings built around these new areas. A lot is already happening, but the pace must pick up. India’s public sector, long regarded as a white elephant, can also play a key role by absorbing these technologies and innovatively deploying them in sectors of national importance, such as energy, agriculture, disaster recovery, infrastructure development, defence etc.

Achieving all this requires macroeconomic stability: inflation under control, relatively stable exchange rates and an adequate money supply. For a number of reasons that are outside the control of our government or individual companies, these conditions may not be met immediately. But as responsible citizens, business leaders, regulators, teachers and parents, each one of us has a role to play. Of course, the executive, the legislature and the judiciary also have their own roles to play.

To quote Brutus from Shakespeare’s play “Julius Caesar”,

“There is a tide in the affairs of men
Which, taken at the flood, leads on to fortune;
Omitted, all the voyage of their life
Is bound in shallows and in miseries.
On such a full sea are we now afloat,
And we must take the current when it serves,
Or lose our ventures”.

This is very much the situation that much of the world finds itself in at this time. If we in India can rise to the occasion, our continued ascendancy as a power is assured. But there is many a slip between the cup and the lip, and if we squander time and energy on needless and irrelevant issues, it is just as certain that we will not realise our potential. Let us make the right choice.

Image Credits: Photo by Pete Linforth from Pixabay 

Today, the world is on the threshold of a new breed of technologies such as AI/ML, Robotics, IIoT, Blockchain, Cloud, Analytics, Drones and Autonomous Vehicles, the Metaverse etc. Collectively and individually, these technologies have the potential to transform the world as we know it to a much greater degree. Indeed, the next decade may witness the greatest changes driven by technologies in the recorded history of humankind. The reason why it is important to be cognizant of this and take timely action. There are no established leaders in these areas because the sectors, their impact and tech are still evolving.

POST A COMMENT

CERT-IN's Cyber Security Breach Reporting: An Update

The Indian Computer Emergency Response Team (CERT-In) was constituted in 2004 under section 70B of the Information Technology Act, 2000. It is the national nodal agency that responds to cyber security threats within the country and is under the Ministry of Electronics and Information Technology, Government of India. Recently, CERT-In released a direction [1] relating to information security practices, procedures, prevention, response and reporting of cyber security threats.

Key Features of the Cyber Security Breach Reporting Directions 

 

Mandatory Reporting

The direction mandates all service providers, government organisations, data centres, intermediaries and body corporates to mandatorily report within 6 hours of noticing or being brought to notice of any cyber incident. Rule 12(1)(a) of the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 provides for a list of cyber security incidents that needed to be reported mandatorily by these entities mentioned above. The rules had previously listed 10 different types of cyber security incidents which need to be mandatorily reported. Apart from these 10 types, the new direction has also categorised data breaches, data leaks, attacks on IoT, and payment systems, fake mobile apps, unauthorised access to social media accounts and attacks or suspicious activities affecting software/servers/systems/apps relating to big data, blockchain, virtual assets, 3Dand 4D printing, drones as cyber security incidents which should be mandatorily reported. 

 

 

Point of Contact

All service providers, intermediaries, data centres, body corporates and Government organisations shall appoint a point of contact within their organisation, who shall ensure effective coordination with the CERT-In. The name and other details of the point of contact shall be sent to CERT-In and the entity should also ensure that it is updated every now and then when there is a change.

 

 

Log Retention and Data Localisation Requirement

The direction mandates all entities mentioned in the direction to mandatorily maintain and secure logs of their ICT systems for a period of 180 days. All such logs should be stored within the jurisdiction of the country and the same should be handed over to the CERT-In in the event of a cyber security incident or any order or direction from CERT-In.

 

 

Registration of Information

The direction has mandated data centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers to register certain information with CERT-In. All these entities are required to maintain such information for a period of 5 years or longer duration as mandated by law, even after the cancellation or expiration of the registration. The following information is required to be registered with CERT-In:

  • Validated names of subscribers/customers hiring the services.
  • Period of hire, including dates.
  • IPs allotted to/being used by the members.
  • Email address and IP address and time stamp used at the time of registration/on-boarding.
  • The purpose of hiring services.
  • Validated address and contact numbers.
  • Ownership pattern of the subscribers/customers hiring services.

 

KYC Requirement

This decade has witnessed the rise of cryptocurrencies across the globe and most countries, including India, still lack a dedicated framework to regulate this space. These new directions from CERT-In intend to regulate and streamline some aspects of this exponentially expanding sector. The directions mandate that virtual asset service providers, virtual asset exchange providers and custodian wallet providers to obtain KYC information from their customers. Further, these entities are also obligated to record all their financial transactions for a period of 5 years. Entities are also directed to maintain information about the IP addresses along with timestamps and time zones, transaction ID, the public keys, addresses or accounts involved, the nature and date of the transaction, and the amount transferred. 

 

 

Integration into ICT System

The direction calls on data centres, body corporates and government organisations to connect to the Network Time Protocol (NTP) Server of the National Informatics Centre (NIC) or the National Physical Laboratory (NPL) for synchronisation into the ICT system. Moreover, where ICT infrastructure of the entities are scattered in multiple locations, the entities are free to use accurate and standard time sources other than NPL and NIC.

 

Non-compliance

In the event that the above-mentioned entities fail to adhere or comply with these directions issued by CERT-In, they shall be punishable with imprisonment for a term which may extend to one year or with a fine which may extend to one lakh rupees or with both under subsection (7) of section 70B of the IT Act, 2000.

 

Conclusion

These new directions issued by CERT-In have acknowledged the concerns of end-users, who were kept in the dark regarding their data and the process undertaken by a corporate body in the event of a data breach or leak. The directions have also touched upon the latest technological developments like cloud services, virtual assets, and online payments, which are yet to be completely regulated by the government. When compared with the CERT rules 2013, the new directions have an expanded scope and applicability as well as a significantly increased compliance bracket for entities.

The European Union enacted the EU Directive on Security of Networks and Information Systems (called the NIS Directive), which supervises the cyber security of European markets. Unlike the present directive, the scope and applicability of the NIS directive are much larger. Certain critical sectors such as energy, transport, water, health, digital infrastructure, finance, and digital service providers such as online marketplaces, cloud and online search engines are all required to comply with these directives.

CERT-In has provided the entities with a 60-day window to comply with the directions. The increased compliance requirements and the added cost that comes along with such compliance will make smaller entities anxious. Hence, the effectiveness of these directions can only be judged with the passage of time. Significant concern can also be placed on the fact that these new directions will merely add to the compliance burden rather than improve the cyber security environment of the country.

References:

[1] https://www.cert-in.org.in/Directions70B.jsp

Image Credits: Image by Pete Linforth from Pixabay

These new directions issued by CERT-In have acknowledged the concerns of end-users, who were kept in the dark regarding their data and the process undertaken by a body corporate in the event of a data breach or leak. The directions have also touched upon the latest technological developments like cloud services, virtual assets, and online payments, which are yet to be completely regulated by the government. When compared to the CERT rules 2013, the new directions have an expanded scope and applicability and a significantly increased compliance bracket for entities.

POST A COMMENT

New Labour Codes : How to Prepare for the Challenges Ahead?

A couple of years ago, India’s Parliament approved four new Labour Codes that cover important areas such as Wages, Social Security, Industrial Relations and Occupational Safety and Health. Labour reforms have been a long-pending agenda item for successive governments. The creation of these codes was aimed at modernizing, rationalizing and strengthening India’s arguably archaic labour-related laws. The new codes are also intended to attract investments into various sectors and make it easier to do business in India.

Although the Central Government notified these four new Labour Codes in September 2020, even now, a majority of states have not notified rules; less than half the states have even come up with draft rules. There has been some talk in recent days that the government may decide to implement the new codes effective 1 July. While this has not been officially confirmed, the inevitability of the implementation of the new codes makes it important for state governments to quickly come up with their draft rules and allow time for consultation so that loopholes and lacunae can be plugged before they come into effect. There will naturally be protests against the new laws because any change causes pain by forcing people outside their zones of comfort.

Once the new labour codes come into effect, two key changes will occur that will directly impact employees and organizations:

Working hours: It is expected that working hours may increase from the current 9 hours a day to 12 hours a day. The flip side, however, is that employees will need to work only four days a week, instead of the current five.

Take-home salary: The new wage code stipulates that an employee’s “basic salary” must be at least 50% of the total salary. This will cause changes to allowances and other perquisites that are widely used for tax planning purposes. A higher Basic Salary also means that deductions towards retirement benefits such as provident fund and gratuity will increase. In turn, this will reduce the net take-home salary for employees. However, this also means that employees will accumulate a much larger corpus of money when they retire, in effect, trading off current consumption with future security.

Adapting to this change will require companies to revisit policies, employment terms and contracts and even operating procedures. It may require fresh investments in amenities for workers and other employees at factories, construction sites, stores etc. New compliance requirements will arise, which means that business leaders, HR teams and those responsible for compliance must gear up to ensure that the organisation remains compliant with the new set of rules. This task becomes more difficult because the new codes have amalgamated a number of laws. For example, four laws have been amalgamated into the Wage Code, three into the Industrial Relations Code, nine into the Social Security Code and thirteen laws into the Occupational Safety, Health and Working Conditions Code, 2020.

Organizations must also keep in mind that these new codes will need to be implemented in tandem with hybrid ways of working. Even when employees were required to work for only 9 hours a day, there have been many instances of individuals (across industries and companies) working for 14 hours a day in a “work from home” model. Care must be taken to ensure that work-life balance is not further damaged by the extended working hours that the new codes provide for.

Business organizations with offices and production facilities in multiple locations spread across a number of states will need to be extra careful to ensure compliance with every state’s laws. Enterprises considering M&A will need to evaluate the costs of compliance with the new labour codes as part of their due diligence and strategic/financial assessment during valuation. Expert advice will be needed to minimize the pain that will inevitably accompany the transition. But given the intent of the new labour codes, it is fair to say that if they are backed by pragmatic rules, they will surely play a key role in accelerating the country’s economic growth in the years ahead.

Image Credits: Photo by Pop & Zebra on Unsplash

Adapting to this change will require companies to revisit policies, employment terms and contracts and even operating procedures. It may require fresh investments in amenities for workers and other employees at factories, construction sites, stores etc. 

POST A COMMENT

Are Reservations Adequate to Foster Diversity & Inclusion?

                                                   Non-inclusion and lack of diversity are a painful reality that needs to be urgently addressed. 

It is beyond dispute that in different parts of the world – India included – discrimination continues to exist, although constitutional provisions and a number of other laws explicitly prohibit such actions. Several factors such as race, caste, gender, economic status, religion, complexion and other aspects of physical appearance, mental abilities, sexual identity, education, linguistic skills, etc., are used to make distinctions between people that lead to various decisions. Sometimes, the inferences made are limited to an individual’s mind, but often they influence decisions that impact someone else’s life. 

In India, this challenge is visible right from the primary school level and continues till the individual’s retirement and perhaps death. Educational institutions have been directed to ensure affirmative actions to reduce the inequalities in access to and the right to education. This takes the form of reservations of seats based on specific criteria. The government as well as public and private sector organisations have reservations based on various considerations. Certain constituencies too have been identified as “reserved”, which means candidates must come from a specified caste/tribe, etc.

There is no doubt that families, organisations and countries can progress on all fronts only if there is broad societal representation. Countries that are able to achieve this will develop faster- not just in terms of economic indicators, but also in equally critical areas such as health, education, justice, environment, women’s safety, child welfare, etc. But are reservations sufficient to achieve this lofty objective?

Reservations do not Account for “Intersectionalities”

 

I believe that our experience so far in India does not support the notion that reservations are adequate or even the best option. They may be necessary, but are far from being an effective solution in practise because of the reality of “intersectionality”. An individual may not qualify for a reservation based on caste, but what if s/he comes from an Economically Weaker Section of society? Which criterion gets primacy between caste and gender? Unless a priority is determined, it is likely that caste-based reservations will benefit men more than women (from the same caste).

Even in the corporate context, reservations largely manifest during the intake of talent at the entry-level. At more senior levels, the talent pool is largely skewed towards males, who benefit from privilege in various forms (including not being impacted to the same extent by parenting responsibilities). In turn, this reduces the likelihood that women will be able to break the glass ceiling. There are shining exceptions of women who have overcome all odds, but that is more due to their individual abilities, hard work and possibly the good fortune of having excellent mentors and visionary leaders than to an environment that consciously recognises and empowers merit, irrespective of other criteria.

Fostering Diversity and Inclusion Needs More Than Just Reservations

 

A multi-pronged approach is needed to address the issue of diversity and inclusion. The central government (and state governments as necessary) needs to formulate national or state policies across sectors in order to consciously recognise and address the realities of the multiple intersectionalities that prevail in our society. While some of these elements may be conscious individual choices, most of them are “historical” or the result of factors outside an individual’s control. This means reservations must account for various elements that can co-exist and not treat them as discrete. This is easier said than done and may require experiments to figure out what works best. But, in order to reap the benefits of our demographic dividends, we must act now!

However, formulating policies is not enough, as is evident from so many other facets of our society. The key lies in ensuring that the policies are complied with not just in letter, but also in spirit. Multiple stakeholders need to be consulted, so that different views are factored in. Indeed, this is where diversity and inclusion must begin.

Private and public-sector organisations are key stakeholders in an attempt to raise diversity and inclusion in India. These organisations must consciously train their people at all levels to value diversity of thought, opinion and lived experiences. This means changing how meetings are conducted (e.g., by giving everyone the opportunity to speak and not pushing the leader’s views and opinions down everyone’s throats). It means coaching leaders to encourage diverse talent pools to make decisions around promotions, key projects etc. It means walking the talk and rejigging the organization’s rewards systems to recognise and reward diversity that translates to business value. 

“Diversity” should not be limited to gender; it must cover as many elements as possible, including, for example, generational differences. This will become an increasingly important area. It means ensuring that offices are built/modified to provide access to people with disabilities and appropriate amenities. Business/HR leaders must rethink their visions to consciously bring out elements of diversity and inclusion. Genuine efforts must be made to eliminate gender pay gaps, even if it means a hit to the P&L account. All this is not something that can be easily legislated, although some indicators can perhaps be brought under the ESG umbrella.

The problem is complex, and so it does not lend itself to simplistic, formula-based solutions. All stakeholders must have alignment in their thinking so that there is concerted action in various spheres. This alone will enable the world to ensure that diversity and inclusion moves from the ivory towers to the realm of daily life.

Image Credits: Photo by Andrew Moca on Unsplash

A multi-pronged approach is needed to address the issue of diversity and inclusion. The central government (and state governments as necessary) need to formulate national/state policies across sectors in order to consciously recognise and address the realities of the multiple intersectionalities that prevail in our society. While some of these elements may be conscious individual choices, most of them are “historical” or the result of factors outside an individual’s control. This means reservations must account for various elements that can co-exist and not treat them as discrete.

POST A COMMENT

Cryptocurrency and Money Laundering: Deciphering the Why and the How

The financial sector continues to revel in the advancement of disruptive technological innovations. Due to the attractive rates and fees, ease of access and account setup, variety of innovative products and services, and improved service quality and product features, financial technology is attracting more customers and investors today.[1] Despite the numerous advantages of these sectoral transformations, it is impossible to deny that the digitization and ease with which the internet has enabled all of us to function effectively in our day-to-day work has also created a space for virtual crimes.

Amidst the pioneering fintech revolution, cryptocurrency has emerged as a modern financial technology that can be used to easily launder money. Despite rapid market fluctuations and an uncertain legal status, cryptocurrency continues to captivate Indian investors, who are undeterred and unbothered by the associated risks of cyber fraud.

This article will explore how the crypto market nurtures a convenient and fertile ground for money laundering activities.

 

Cryptocurrency and India

 

The Indian regulatory market has had a hot and cold relationship with cryptocurrency over the years. The RBI, vide Circular DBR.No.BP.BC.104/08.13.102/2017-18 dated April 06, 2018[2], restricted all crypto transactions. However, in 2020, the Supreme Court effectively struck down the ban. As a result, the RBI stated in Circular DOR. AML.REC 18/14.01.001/2021-22 that banks and financial institutions cannot cite the aforementioned circular to warn their customers against dealing in Virtual Currencies. However, it did state that, “Banks, as well as other entities addressed above, may, however, continue to carry out customer due diligence processes in line with regulations governing standards for Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) and obligations of regulated entities under the Prevention of Money Laundering Act (PMLA), 2002, in addition to ensuring compliance with relevant provisions under the Foreign Exchange Management Act (FEMA) for overseas remittances.”[3]

At present, while the talks of implementing comprehensive legislation governing cryptocurrencies have fizzled out, the Union Budget 2022 brought digital currencies under the tax net. As of 2022, the crypto asset market in India stands at an approximated evaluation of 45,000 Crores and 15 million investors[4].

However, it is pertinent to note that it is transactions, not investments, in the digital currency that pose an issue. In India, the Enforcement Directorate discovered over 4,000 crores of such illegal cryptocurrency transactions in 2021. As per the 2022 Crypto Crime Report by blockchain data firm Chainalysis[5], cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021, $6.6 billion in 2020 and $10.9 billion in 2019. Furthermore, the study discovered that at the moment, darknet market sales or ransomware attack profits are virtually derived in cryptocurrency rather than fiat currency, thus significantly contributing to the data. 

Money laundering, terror financing, drug dealing, and other criminal activities are all done using cryptocurrency transactions. Although these transactions are recorded on a blockchain and are traceable, criminals use mixers and tumblers to make it difficult for a third party to track them.

 

The Laundering Mechanism

                           

                                    Eurospider Information Technology AG, “Mixers Tumbler Example,” fig.

For clarity, refer to the above image. Using the OHNE mixer, A sends 20 bitcoins to B, U sends 15 bitcoins to V, and X sends 5 bitcoins to Y. These are single-layer transactions that are simple to trace and identify.

The transaction takes place in a different way in the second image, where the MIT mixer is used. For the sake of brevity, let us consider a single layer of mixer being used. In real life, the number of mixers used is in the thousands. Here, A sends 20 bitcoins to M1, U sends 15 bitcoins to M2 and X sends 5 bitcoins to M3. In the next stage, B receives 20 bitcoins from M2, V receives 15 bitcoins from M1, and Y receives 5 bitcoins from M1. The difference we must notice is that B, V, and Y are receiving the same number of bitcoins as in picture one, but not from A, U and X, respectively. Because there is no information about A sending bitcoins to B, U sending bitcoins to V, or X sending bitcoins to Y, these transactions are not single-layered and are impossible to trace. Hence, making the transaction anonymous.

Criminals use a similar method to send money using cryptocurrencies. Consider the following scenario to gain a better understanding: A, B, C, and Z are cryptocurrency users who keep their coins in their digital wallets. They use the same mixing service to make transactions. A, B, and C are law-abiding citizens, while Z is a criminal involved in drug trafficking. A has to pay X a certain amount of money. X is paid, but the bitcoins he received were deposited by Z, a drug trafficker. When X received the payment, he had no idea that the bitcoins he had were dirty bitcoins and had been used for illegal activities. This is a straightforward explanation of how dirty bitcoins are making their way through the market, paving the way for money laundering. 

 

What can be done?

 

The International Monetary Fund (IMF) has released a report titled “Global Financial Stability Report”[6] which discusses the following details about how cryptocurrencies should be regulated, considering their increasing market capitalization and the growing exposure of banking and financial systems to crypto assets:

  1. Implementation of global standards applicable to crypto-assets should be the key focus area of national policies.
  2. Regulators should identify and control the associated risks of crypto assets, specifically in areas of systemic importance.
  3. Coordination among national regulators is key for effective enforcement and fewer instances of regulatory arbitrage.
  4. Data gaps and monitoring of the crypto ecosystem for better policy decisions should be prioritised by the regulators.

The report also discusses how stablecoins and decentralized finance pose a significant risk to the crypto market and the overall economy if they are not properly regulated and supervised by issuers.

  1. Regulations should be proportionate to the risk and in line with those of global stablecoins.
  2. Coordination is a must, to implement requisite recommendations in the areas of acute risks, enhanced disclosure, independent audit of reserves, and fit and proper rules for network administrators and issuers.

The report also discusses the importance of managing macro-financial risks through:

  1. Enactment of de-dollarization policies, including enhancing monetary policy credibility.
  2. Formulating a sound fiscal position with effective legal and regulatory measures and implementing central bank digital currencies
  3. Reconsidering Capital Flow Restrictions with respect to their effectiveness, supervision, and enforcement

However, according to the report, cryptoization would make finance more cost-effective, quick, and accessible.

There is also an intergovernmental organisation known as the Financial Action Task Force, which is constantly updating its recommendations to maintain legal, regulatory, and operational methods for combating money laundering, terrorism financing, proliferation, and other threats to the integrity of the international financial system. The Financial Action Task Force (FATF) recently released a compliance framework recommending that all anti-money laundering rules that traditional financial systems follow be applied to stable coins, cryptocurrency, and virtual asset service providers. Even though identifying the source of such funds and keeping track of who is the beneficiary of such funds is difficult, countries are still being encouraged to develop provisions that provide for due diligence, record keeping, and the reporting of suspicious transactions.[7]

 

The Legislative Way Forward for India

 

At present, there is no comprehensive legislative framework to govern fintech advancements encompassing blockchain and cryptocurrencies. At best, the present regulatory framework is a patchy, cross-networked arrangement that demands careful deliberations in alignment with the evolving technological innovations in the sector.

The Information Technology Act, 2000:

While the legislation successfully addresses issues like identity theft, hacking, and ransomware and provides a means to tackle the issue of extraterritorial jurisdiction, it is safe to conclude that the serpentine considerations of blockchain cannot be comprehended and addressed by the Act.

The Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering Rules, 2005

The offences listed in Parts A, B and C of the PMLA Schedule attract the penalties enumerated under the Act.

Part A categorises offences under: Indian Penal Code, Narcotics Drugs and Psychotropic Substances Act, Prevention of Corruption Act, Antiquities and Art Treasures Act, Copyright Act, Trademark Act, Wildlife Protection Act, and Information Technology Act.

Part B enlists offences under Part A with a valuation of Rs 1 crore or more.

Part C exclusively deals with trans-border crimes.

Recently, the Enforcement Directorate attached proceeds of crimes amounting to Rs 135 crores in 7 cases in which the usage of cryptocurrency for money laundering activities was flagged by the authorities.[8]

However, it is pertinent to note that the offences recognised under the respective parts of the schedule only comprise the offences under the current framework of legislation, which is at present not equipped to regulate any segment of cryptocurrency transactions and digital currency operations in the country. 

Foreign Exchange Management Act, 1999

Even though the Act specifies procedures to conduct cross-border and foreign exchange transactions, it fails to identify the role of technology as an instrumental enabler of such transactions at present. However, it is interesting to note that it empowers the RBI to establish a regulatory framework to address the same.

The Payment and Settlement Systems Act, 2007

The PSS Act was enacted with the objective of establishing a regulatory framework for banks and ancillary financial institutions, designating RBI as the nodal authority. Section 4 of the Act states that no payment system shall operate in India without the prior due authorization of the RBI.

Apart from the above-mentioned legislation, regulators like SEBI, Ministry of Electronics and Information Technology (MeitY), Insurance Regulatory and Development Authority of India (IRDAI), and Ministry of Corporate Affairs (MCA) have also undertaken initiatives to implement specialised guidelines. While these regulations deal with the contemporary issues of payments, digital lending and global remittances, none of them has managed to find a concrete ground for effectively supervising and regulating cryptocurrency transactions backed by blockchain in the current volatile ecosystem.

At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Furthermore, initiatives should be taken to ensure transparency of such transactions, establish secure authentication transactions for the exchanges and tighten the legislative noose on cyber security systems in the country. Additionally, establishing a centralised statutory body and local self-regulatory bodies across the sovereign, and implementing an extensive centralised framework is also imperative. The current scheme of criminal activities in virtual space transcends geographical boundaries, hence it is crucial for global policymakers to implement mechanisms to ensure coordination and collaboration by institutionalising inter-governmental bodies.

References: 

[1] ‘The Current Landscape Of The Fintech Industry – Fintech Crimes’ (Fintech Crimes, 2022) <https://fintechcrimes.com/the-landscape-of-fintech-in-year-2020/> accessed 9 February 2022.

[2] https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=11243&fn=2&Mode=0

[3] https://rbi.org.in/Scripts/NotificationUser.aspx?Id=12103

[4] https://timesofindia.indiatimes.com/business/india-business/union-budget-2022-no-crypto-bill-listed-this-budget-session/articleshow/89265038.cms

[5] https://go.chainalysis.com/rs/503-FAP-074/images/Crypto-Crime-Report-2022.pdf

[6] ‘Global Financial Stability Report’ (2021) <https://www.imf.org/en/Publications/GFSR/Issues/2021/10/12/global-financial-stability-report-october-2021> accessed 11 February 2022.

[7] ‘VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS’ (2021) <https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf> accessed 11 February 2022.

[8] https://economictimes.indiatimes.com/news/india/ed-investigating-7-cases-of-cryptocurrency-usage-in-money-laundering-attaches-rs-135-crore/articleshow/90200012.cms

 

Image Credits: Photo by Bermix Studio on Unsplash

At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Further, initiatives should be undertaken to ensure transparency of such transactions, establish secure authentication transactions of the exchanges and tighten the legislative noose on cyber security systems in the country.

POST A COMMENT

IS17428 -A New Privacy Assurance Standard in India

Recently, Aditya Birla Fashion and Retail Ltd (ABFR) faced a major data breach on its e-commerce portal. As per the reports, personal information of over 5.4 million users of the platform was made public. The 700 GB data leak included personal customer details like order histories, names, dates of birth, credit card information, addresses and contact numbers. Additionally, details like salaries, religion, marital status of employees were also leaked.  Forensic and data security experts were pro-actively engaged to implement the requisite damage-control measures and launch a detailed investigation into the matter.[1] This demonstrates the need to have wider awareness and establish standardized protocols for personal data management. 

The battle of data protection and privacy currently stands at a juxtaposition with a flourishing data economy. 2021 was a watershed moment in the privacy & data protection dialogue in the country. The need for comprehensive data protection law was louder than ever and there were major initiatives on the legislative and executive front.

In June of 2021, the Bureau of India Standards (BIS) introduced IS 17428 for data privacy assurance. It is a privacy framework designed for organisations to handle the personal data of individuals that they collect or process. The certification provided by BIS for IS 17428 can be deemed as an assurance extended to the customers/users by the organizations of well-implemented privacy practice. The BIS being a statutorily created standard-setting body of our country will bring some welcome change in our data management.  

IS 17428 is divided into 2 parts[2]:

  • Part 1 deals with the Management and Engineering parameters that are mandatory for an organization to comply with. This part provides for establishing and cultivating a competent Data Privacy Management System.
  • Part 2 deals with the Engineering and Management guidelines which enable the implementation of Part 1. These guidelines are not mandatory in nature but a reference framework for an organization to implement good practices internally.

 

The Context – Privacy & Data Protection laws in India

 

The Data protection bill was expected to be tabled in parliament back in 2019 but was postponed due to the ongoing pandemic. The country was hoping to pass the bill last year, however, it was sent to the Joint Parliament Committee (JPC) for perusal. The JPC made its report on the bill public in the month of December 2021.

Also, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 had been implemented back in 2011, primarily to safeguard the sensitive personal data of individuals that are collected, processed, transferred, or stored by any organisation and enumerate security practices. The rule lays down certain practices and procedures to be followed by a stakeholder while dealing with sensitive personal data. International Standard IS/ISO/IEC 27001 is one such acceptable standard.

Later ISO27701 was specifically introduced that focused on Privacy Information Management.  However, our Indian enactment has not specifically endorsed any such standards though Standards formulated by the industry association that is approved and notified by the Central Government are also deemed appropriate.  In this background, BIS introducing a standard is a welcome initiative as it will help in bringing uniformity in terms of the implementation of privacy practices across Indian industries.

Components of Part 1 of IS 17428[3]

 
Development of Privacy Requirements:

While developing the privacy requirements of the organisation in relation to the data collected or processed, the organisation has to take into consideration various factors such as jurisdiction, statutory requirements and business needs.

Personal Data Collection and Limitation:

The organisation is permitted to collect the personal information of the individuals, provided the same has been consented to by such individuals.

Privacy notice: 

The organisation is bound to provide a notice to individuals while collecting information from them and when such collection is through an indirect method employed by the organisation, then it is the duty of the former to convey by the same in an unambiguous and legitimate means.

The contents of a privacy notice at the minimum should include the following[4]:

  • Name and Address of the entity collecting the personal data
  • Name and Address of the entity retaining the personal data, if different from above
  • Types and categories of personal data collected
  • Purpose of collection and processing
  • Recipients of personal data, including any transfers
Choice and Consent:

As mentioned earlier, while collecting information, the organisation should get the consent of the individual at the initiation of the process while offering such individuals the choice of the information that they consent to disclose. This entire process should be done in a lawful manner and according to the privacy policies implemented by the organisation.

Data Accuracy: 

The data collected by the organisation should be accurate, and in case it is inaccurate, it should be corrected promptly.

Use Limitation: 

The data collected by the organisation should be used for the legitimate purpose for which it was agreed upon and it shall not be used for any other purposes.

Security: 

The organisation should implement a strict security program to ensure that the information collected is not breached or compromised in any manner.

Data Privacy Management System: 

The organisation is required to establish a Data Privacy Management System (DPMS). The DPMS shall act as a point of reference and baseline for the organisation’s privacy requirements/objectives.

Privacy Objectives: 

The privacy objective of the organisation shall be fixed and set out by the organisation itself. While determining the objectives the organisation shall also look into various factors such as the nature of business operations involving the GDPR processing of personal information, the industry domain, type of individuals, the extent to which the processed information is outsourced and the personal information collected. Moreover, the organisation shall also ensure that the objectives are in alignment with its privacy policy, business objectives and the geographical distribution of its operations.

Personal Data Storage Limitation: 

The organisation shall be allowed to retain the information collected from the individual only for a specific time period as required by the law or the completion of the purpose for which it was collected in the first place. The individual shall have the right to delete their personal information from the organisation database upon request.

Privacy Policy: 

The organisation shall create and implement a privacy policy that shall determine the scope and be applicable to all its business affiliates. The senior management of the organisation shall be in charge of the data privacy function. Moreover, the privacy policy should be in consonance with the privacy objectives of the organisation.

Records and Document Management

The organisation shall keep a record of its processing activities which shall, in turn, ensure responsibility towards the compliance of data privacy. The possible way to achieve such a standard is to lay out procedures that help to identify various records. While laying out procedures, the organisation shall take into consideration certain factors such as a record of logs that demonstrate affirmative action and options chosen by individuals on privacy consent and notice, evidence of capture events related to access or use of personal information, and retention period of obsolete documents.

Privacy Impact Assessment: 

A privacy impact assessment shall be carried out by the organisation from time to time. Such an assessment shall help in estimating the changes and the impact that they can possibly have on the data privacy of the individuals.

Privacy Risk Management

The organisation shall put in place and document a privacy risk management methodology. The methodology shall determine how the risks are managed and how the risks are kept at an acceptable level.

Grievance Redress:  

A grievance redressal mechanism shall be established by the organisation to handle the grievances of the individuals promptly. The organisation shall ensure that the contact information of the grievance officer shall be displayed or published and that they have the channel of receiving complaints from the individuals. Moreover, the organisation shall also make it clear as to the provision for escalation and appeal and the timelines for resolution of the grievance.

Periodic Audits: 

The organisation shall conduct periodic audits for the data privacy management system. The audit shall be conducted by an independent authority competent in data privacy, internal or external to the organization, at a periodicity appropriate for the organization, at least once a year.

Privacy Incident Management: 

Privacy breaches and data privacy incidents shall be reported regularly and the organisation shall come up with a mechanism to manage such incidents. The process shall involve identifying the incident at the first stage and investigating the root cause, preparing analysis and correcting the incidents in the second stage. The last stage is basically informing the key stakeholders including Data Privacy Authority about the breach or incident.

Data Subject’s Request Management: 

The organisation shall develop a mechanism to respond to requests from individuals concerning their personal data. This process shall include the means to verify the identity of the individual, provision access to the information and the means to update the information.

 

How IS 17428 would help in Privacy and Data Protection? 

 

The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (RSPP and SPDI rules) had been the only law for organisations to follow. The rules did not prescribe or detail any specific requirements or standards in relation to personal data management and in the absence of formulated standards for the protection of the sensitive personal data of individuals, industry bodies were struggling to have uniform procedures. 

This being the case, introducing specific standards for personal data management will bring more clarity and will help companies to adhere to an approved standard prescribed by a government agency. Moreover, principles narrated in this standard are in accordance with the Internationally recognised privacy principles and will help Indian companies to proffer confidence when dealing with their commercial counterparts.

Introduction of record and document management, risk assessment and data subject request management are a few of the aspects that bring onerous responsibilities on companies making them more accountable and transparent.  These aspects have laid down procedures and mechanisms for an organisation to improve their privacy management, for example, introducing processes such as verification of identity, access to information, evidence of capture events of consent and retention period of obsolete documents.

 

The proposed data protection legislation and the IS 17428

 

The IS 17428 standard has been inspired primarily from the principles dictated from OECD privacy principles, GDPR and ISO27701. The proposed data protection legislation on the other hand has many divergences from the above instruments in many respects. For Instance, the IS standard has an elaborate description provided for the privacy objective of the organisation and the factors that need to be taken into account. Most of these objectives are covered under Sections 22 and 23 of the draft Bill but nevertheless, the standard has recommended a few other factors such as geographical operation, industrial domain and type of individuals as specific factors to be taken into consideration while drafting the privacy objectives. How much discretionary privacy standards can be created, what is allowed freedom for industries in this regard is unclear.

Section 28 of the draft bill talks about the records and document management of the data collected or processed and the standard covers almost every bit of the section. In addition to the consideration mentioned under the bill, the standard goes forward and echoes the need to establish a policy on the preservation of obsolete policies and process documents. Data and record-keeping should be for a defined period. The majority of other legislation prescribes an average of 7 years of data-keeping. Keeping any data beyond such a reasonable period may not serve many purposes. Why this standard has prescribed such obsolete data retention is again unclear.

The standard could be made effective by only having an enactment for data protection legislation in place. For instance, the grievance redressal mechanism, though the standards do envisage an appeal mechanism, they do not establish appeal machinery. This part of the standard can be put to use only after the Data Protection Authority as per section 32 is constituted. The standard also calls for an investigative process in the event of any breach or compromise of data. The organisation is welcome to conduct an onsite or internal investigation into the breach or incidents, but once again an independent authority to investigate in a legitimate and fair manner is required.

In short, I am afraid, has it failed to take into account the special requirements contemplated under the PDPB, 2019 which may eventually become the law of the country thereby, once this law is enacted, this standard will also be required to be modified. The government has not made any announcement as per the RSPP and SPDI rules, that IS 17428 is an appropriate standard certifying the compliance of personal data management. In the absence of such explicit endorsement, the ambiguity continues as to whether the adoption of this standard is sufficient compliance under the said rules.

Finally, with the Data protection bill around the corner, the Data Protection Authority envisaged being constituted under the legislation which shall have the power to issue code, guidelines, and best practices for protecting the privacy of data subjects. How IS 17428 standards framed by the BIS will be looked at by the DPA or the proposed rule will offer a different set of practices shall be an interesting development to observe.

References:

[1] https://economictimes.indiatimes.com/industry/cons-products/fashion-/-cosmetics-/-jewellery/abfrl-faces-data-breach-on-its-portal/articleshow/88930807.cms

[2] The IS 17438 was established on November 20, 2020 and notified in the official gazette on December 4, 2020. Please see the notification available at: https://egazette.nic.in/WriteReadData/2020/223869.pdf (last visited Jan 18, 2022).

[3] Supra note 2.

[4] Sub-clause 4.2.2 of the IS Requirements: “Privacy Notice”.

 

 

Photo Credits:

Image by Darwin Laganzon from Pixabay 

Introduction of record and document management, risk assessment and data subject request management are a few of the aspects that bring onerous responsibilities on companies making them more accountable and transparent.  These aspects have laid down procedures and mechanisms for an organisation to improve their privacy management, for example, introducing processes such as verification of identity, access to information, evidence of capture events of consent and retention period of obsolete documents.

POST A COMMENT