PANJAB UNIVERSITY.
ACKNOWLEDGMENT
I would like to express my special thanks of gratitude to my teacher “DR. AMITA VERMA” who
gave me the golden opportunity to do this wonderful project on the topic ‘Penalties &
Adjudications’, which also helped me in doing a lot of Research and I came to know about so
many new things. I am really thankful to her. I would also like to thank my parents and
friends who helped me a lot in finishing this project within the limited time.
3. INTRODUCTION………………………………… 5
4. SECTION 43…………………………………….. 7
5. SECTION 43 A………………………………….. 14
7. SECTION 46…………………………………….. 19
8. SECTION 47…………………………………….. 21
9. BIBLIOGRAPHY………………………………… 22
Hon’ble Honorable
etc et cetera
LJ Law Journal
Re. Reference
US United States
No. Number
Ors. Others
p. Page
SC Supreme Court
v. Versus
Vol. Volume
3. Indian National Congress (I) v. Institute of Social Welfare , (2002) 5 SCC 685
INTRODUCTION
Cyber Crime means any crime that is committed with the help of computer, computer system,
and computer network or communication device. It is a criminal activity that uses a computer
either as an instrument, target or a means for perpetuating further crimes. Thus, cyber crime
may be defined in simple terms as unlawful act wherein the computer is either a tool or target
or both.
Under Information Technology Act, 2000 Cyber Contraventions refers to a Civil wrong.
Cyber contraventions may be defined as Civil Wrongs where compensation is the remedy.
Cyber Contraventions have been described under Chapter IX in Section 43 to 45 of the
Information Technology Act, 2000.
A cyber contravention is a violation of the cyber law in India that does not result in criminal
proceedings, but may result in civil proceedings. The punishment may range from payment of
compensation or penalty. 2 Basically, Cyber Contraventions are ‘civil wrongs’ for which
compensation is payable by the defaulting party. Cyber offences on the other hand constitute
cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment
and/or fine is prescribed by the Information Technology Act 2000.
1
Dr. Kunwar Vijay Pratap Singh, A Handbook on Cyber Laws & Investigations, Shreeram Law House,
Chandigarh, 1st Ed. (2012), p. 271.
2
http://lawisgreek.com/cyber-laws-what-is-cyber-contravention-and-cyber-offences/
In the scheme of the act, sections 43-45 are the ones that fall in the category of ‘Cyber
contraventions’. These sections address different issues and hence impose variable penalties
on the offenders.
Section 43 is a very important provision in the sense that it identifies ten different causes of
causing damage to computer, computer system or computer network. Likewise, section 43-A
deals with the failure to protect any sensitive personal data or information. The contravener
whether of section 43 and section 43A is liable to pay damages by way of compensation to
the person so affected. It is for the affected person to assess the value of damage caused and
approach the appropriate.
SECTION 43
That is, even repeated attempts or trials to access, whether successful or not will be covered
under this clause. Definition of Access: section 2(1) (a) as given in this act. The important
ingredient of ‘access’ is:
The term covers both physical and virtual access to computer, computer system or computer
network. Physical access means being ‘physically present’ whereas virtual access means
being ‘remotely connected’ using satellite, microwave, terrestrial line or other
communication media.
The aforesaid clause (b) is an attempt by the legislature to introduce elements of copyright
protection in the digital medium. It is about digital content rights. The aforesaid clause (b)
has used specific words, like ‘downloads” ,”copies’ or “extracts” to highlight the ‘software-
hardware’ interface involving a computer, computer system or computer network. Any
unauthorised “downloading”, “coping” or “extraction” of any data, computer database are
specific acts of omissions that shall make the offender liable to pay damages by way of
compensation not exceeding one crore rupees to the person so affected.
This sub clause also takes into consideration unauthorized infringement of data [section 2(o)]
in any form (including computer printouts, magnetic or optical storage media, punched cards,
punched tapes) or data stored internally n the memory of the computer, computer databases.
Illustration:
A lady has violated Section 43 of The Information Technology Act,2000 and made
unauthorized access to Gmail accounts of her husband and her father-in law, and
unauthorisedly downloaded/forwarded/printed their emails and chat sessions with others, thus
committing Identity. Theft by using the password belonging to others dishonestly, and
violating the privacy of not only the Complainants, but also of others with whom these chat
sessions were conducted. Given the fact that she gave the evidence only to Police and the
Court, in the Dowry case lodged by her against her husband and in-laws, and did not make It
widely public. Hence the Court ordered that she pay a token fine of Rupees One Hundred to
the State Treasury.3
Surprisingly, the aforesaid clause (b) would term 'access support systems’, like caching
activity as infringement to the digital content rights of an owner. Caching means copying of a
web page/site and storing that copy for the purpose of speeding up subsequent accesses. It
ensures that the load on the servers of on in will be reduced as they can be accessed from the
cached servers. It also means that caching involves duplicating/copying other peoples literary
and artistic work stored in binary files on to the hardware of the PC/server and may constitute
copyright infringement. Caching by its application process reproduces a copy ink another
server that is against the copyright holder's reproduction rights.
Any person who introduces or causes to introduce any computer contaminant or computer
virus into any computer, computer system or computer network shall be liable to pay
damages by way of compensation to the person so affected. Now an affected person is at a
liberty to quantify the losses on account of disruption in its normal (programmed) activity
caused by a computer contaminant or computer virus.
3
http://sapost.blogspot.in/2011/11/beware-of-section-43-of-information.html
VI. SECTION 43 (F) DENIESOR CAUSES THE DENIAL OF ACCESS TO ANY PERSON
AUTHORISED TO ACCESS ANY COMPUTER, COMPUTER SYSTEM OR COMPUTER
NETWORK BY ANY MEANS;
4
Sharma Vakul, “Information Technology Law and Practice”, Third Edition, Universal Law Publishing Co.,
New Delhi,2014,p.120
5
Dr.Rattan Jyoti,Rattan Vijay, “Cyber Laws and Information Technology”, Fifth Edition, Bharat Law House
Pvt.Ltd.,New Delhi,2015,p.264
CASE LAW:
MafiaBoy was the Internet alias of Michael Calce (born 1986), a high school student
from West Island, Quebec, who launched a series of highly publicized denial-of-service
attacks in February 2000 against large commercial websites,
including Yahoo!, Fifa.com, Amazon.com, Dell,Inc., E*TRADE, eBay, and CNN.
On February 7, 2000, Calce targeted Yahoo! with a project he named Rivolta, meaning “riot”
in Italian. Rivolta was a denial-of-service attack in which servers become overloaded with
different types of communications to the point where they shut down completely. At the
time, Yahoo! was a multibillion-dollar web company and the top search engine. Mafiaboy's
Rivolta managed to shut down Yahoo! for almost an hour. Calce's goal was, according to
him, to establish dominance for himself and TNT, his cybergroup, in the
cyberworld. Buy.com was shut down in response. Calce responded to this in turn by bringing
down eBay, CNN, Amazon and Dell.com via DDoS over the next week.6
VII. SECTION 43 (G) PROVIDES ANY ASSISTANCE TO ANY PERSON TO FACILITATE ACCESS
TO A COMPUTER, COMPUTER SYSTEM OR COMPUTER NETWORK IN CONTRAVENTION
OF THE PROVISIONS OF THIS ACT, RULES OR REGULATIONS MADE THEREUNDER;
The aforesaid clause (g) is an attempt by the legislature to create an obligation for the users.
The sweep of the clause is quite broad as it refers to providing any assistance to any person to
facilitate access to a computer, computer system or computer network in contravention of the
provisions of this Act, rules or regulations made thereunder.
It is important to note that the definition of access [section 2(1)(a)] which provides for
gaining entry into, instructing or communicating with the logical, arithmetical, or memory
function resources of a computer, computer system or computer network, very well
articulates technological aspects of access. Any person who provides any assistance to any
6
“MAFIABOY”, https://en.wikipedia.org/wiki/MafiaBoy.
VIII. SECTION 43 (H) CHARGES THE SERVICES AVAILED OF BY A PERSON TO THE ACCOUNT
OF ANOTHER PERSON BY TAMPERING WITH OR MANIPULATING ANY COMPUTER,
COMPUTER SYSTEM, OR COMPUTER
The purpose of the aforesaid clause (h) is to safeguard the rights of a holder of an Internet
Service Provider (ISP) or e-commerce sites by another person.The idea is to prevent theft,
misappropriation, misrepresentation, fraud or forgery of access code/user id/password, etc.,
by a person to the account of another person by tampering with or manipulating any
computer, computer system or computer network.
Any person who charges the services availed of by a person to the account of another person
by tampering with or manipulating any computer, computer system, or computer network
shall be liable to pay damages by Way of compensation to the person so affected.
Illustration:
Theft of Internet Hours In order to constitute theft under section 378 of IPC, five ingredients
are essential:
From the point of view of an accountholder of an Internet account the important question is,
would 'theft of Internet hours' constitute theft as defined under section 378 of IPC? Would it
mean that the 'Internet hours' constitute a moveable property?
It was held by the Supreme Court in Avtar Singh v. State of Punjab7, that though electricity is
not movable property within the meaning Of section 378, IPC, and as such its dishonest
abstraction cannot be regarded as theft under section 378, yet by a legal fiction created by
section 39 of the, Indian Electricity Act, 1910, such act should be deemed to be an offence of
theft and punished under section 379, IPC, read with section 39 of the Electricity Act, 1910.
The prosecution in cases of theft of electricity however, has to be launched only at the
instance of a person named in section 50 of the Electricity Act.
Keeping in view the aforesaid judgment it may be argued that though the `Internet hours' is
not a movable property within the meaning of section 378 ,IPC yet by a legal condition
created by section 43(h) of the Information Technology act.
7
AIR 1965 SC 666.
It takes into account any activity, which may result into destruction, deletion or alteration of
any information residing in a computer resource or diminishes its (computer resource) value
or utility or affects it (computer resource) injuriously by any means.
The aforesaid clause (i) in a way identifies 'computer related contraventions'. One may find
the subject-matter of clause (i) and previous section 66 (of old Act) somewhat similar. The
only difference is that under clause (1) "intention or knowledge" is not an essential
ingredient.
(a) Whoever,
It involves an invasion of right and diminution of the value or utility of one's information
residing in a computer resource. The contravener may not have contemplated this when he
destroyed, deleted or altered any information in a computer resource. Hacking involves
mental act with destructive animus. It is the essence of this contravention that the contravener
must have caused (or attempts to cause) destruction or alteration of information residing in a
computer resource or diminish its value or utility or affect it injuriously by any means in
order to make out a contravention under clause (i), it necessary to show that there was
wrongful loss or damage to the public or any person. The word wrongful' means prejudicially
affecting a party in some legal right.
It takes into account any activity, which may result into stealing, concealing, destruction or
alteration of any computer source code used for a computer resource with an intention to
cause damage.
The essence of this contravention is that the contravener must have caused (or attempts to
cause) stealing, concealing, destruction or alteration of any computer source code. The term
"computer source code" has been defined in the Explanation (v) attached to the aforesaid
section as:
",..the listing of programmes, computer commands, design and layout and programme
analysis of computer resource in any form".
Interestingly, this clause (j) has added "intention" on the part of the contravener to cause
damage. This is ,the only clause under section 43 which falls in the category of 'pre-
mediated’ cyber contravention. An act is intentional if it exists in idea before it exists in fact,
the idea realizing itself in the fact because of the desire by which it is accompanied. 8
Under the section 43, the presumption is that any given computer, computer system or
computer network under the control of the owner/incharge at any given place or time is a
secure system. Any access without permission of the owner or any, other person who is
incharge of such computer, computer system or computer network (or computer resource)
shall attract penalty under the said provision.
An affected party under section 43 has a right to seek damages from the wrongdoer by
compelling him to pay for the damage done. The remedy lies in tort. The purpose of the law
of tort is to adjust losses and offer compensation for tortuous liability. It was held by the
Supreme Court in Rajkot Municipal Corpn. v. Manjulben Jayantilal Nakum9: that the law
could not attempt to compensate all losses. Such an aim would not only be overambitious but
might conflict with basic notions of social policy. Society has no interest in mere shifting of
loss between individuals for its own sake. The loss, by hypothesis, may have already
occurred, and whatever benefit might be derived from repairing, the fortunes of one person is
exactly offset by the harm caused through taking that amount away from another. The
economic assets of the community do not increase and expense is incurred in the process of
realization.
Hence, it is important that the adjudicating officer [section 46] under the Act must follow ,the
law of tort principles while granting damages by way of compensation. Further, it is
obligatory to note that section 43 is the 'heart-of-the-matter' of this Act. One must be creative
enough to interpret this section vis-a-vis various cyber contraventions. An attempt has been
made to articulate the scope of this section.
8
Supra note 4.
9
(1997) 9 SCC 552.
SECTION 43 A
This provision is applicable for the wrong committed by the Body Corporate. It is important
to note that Section 43 A was inserted by Information Technology (Amendment) Act, 2008.
It provides for compensation for failure to protect data by a Body Corporate.
Explanation (iii) to Section 43 A Sensitive Personal Data or Information means such personal
information as may be prescribed as sensitive by the Central Govt. in consultation with such
professional bodies or associations as it may deem fit.
Sensitive personal data or information of a person means such personal information which
consists of information relating to;—
(i) password;
(ii) financial information such as Bank account or credit card or debit card or other
payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for
providing service; and
(viii) any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise:
Provided that, any information that is freely available or accessible in public domain or
furnished under the Right to Information Act, 2005 or any other law for the time being in
force shall not be regarded as sensitive personal data or information for the purposes of these
rules.
10
http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
(1) The body corporate or any person who on behalf of body corporate collects, receives,
possess, Stores, deals or handle information of provider of information, must provide
a privacy policy for handling of or dealing in personal information including sensitive
personal data or information and ensure that the same are available for view by such
providers of information who has provided such information under lawful contract.
Such policy must be published on website of body corporate or any person on its
behalf and must provide for:
(i) Clear and easily accessible statements of its practices and policies.
(ii) Type of personal or sensitive personal data or information collected.
(iii) Purpose of collection and usage of such information.
(iv) Disclosure of information including sensitive personal data or information.
(v) Reasonable security practices and procedures.
(1) Body corporate or any person on its behalf shall obtain consent in writing through letter
or Fax or email from the provider of the sensitive personal data or information regarding
purpose of usage before collection of such information.
(2) Body corporate or any person on its behalf shall not collect sensitive personal data or
information unless —
(a) The information is collected for a lawful purpose connected with a function or
activity of the body corporate or any person on its behalf; and
11
Dr. Kunwar Vijay Pratap Singh, A Handbook on Cyber Laws & Investigations, Shreeram Law House,
Chandigarh, 1st Ed. (2012), p. 287.
12
http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
13
http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
(3) While collecting information directly from the person concerned, the body corporate or
any person on its behalf snail take such steps as are, in the circumstances, reasonable to
ensure that the person concerned is having the knowledge of —
(4) Body corporate or any person on its behalf holding sensitive personal data or information
shall not retain that information for longer than is required for the purposes for which the
information may lawfully be used or is otherwise required under any other law for the time
being in force.
(5) The information collected shall be used for the purpose for which it has been collected.
(6) Body corporate or any person on its behalf permit the providers of information, as and
when requested by them, to review the information they had provided and ensure that any
personal information or sensitive personal data or information found to be inaccurate or
deficient shall be corrected or amended as feasible: Provided that a body corporate shall not
be responsible for the authenticity of the personal information or sensitive personal data or
information supplied by the provider of information to such boy corporate or any other
person acting on behalf of such body corporate.
(7) Body corporate or any person on its behalf shall, prior to the collection of information
including sensitive personal data or information, provide an option to the provider of the
information to not to provide the data or information sought to be collected. The provider of
information shall, at any time while availing the services or otherwise, also have an option to
withdraw its consent given earlier to the body corporate. Such withdrawal of the consent shall
be sent in writing to the body corporate. In the case of provider of information not providing
or later on withdrawing his consent, the body corporate shall have the option not to provide
goods or services for which they said information was sought.
(8) Body corporate or any person on its behalf shall keep the information secure as provided
in rule 8.
(9) Body corporate shall address any discrepancies and grievances of their provider of the
information with respect to processing of information in a time bound manner. For this
purpose, the body corporate shall designate a Grievance Officer and publish his name and
contact details on its website. The Grievance Officer shall redress the grievances or provider
of information expeditiously but within one month ' from the date of receipt of grievance.
(1) Disclosure of sensitive personal data or information by body corporate to any third party
shall require prior permission from the provider of such information, who has provided such
information under lawful contract or otherwise, unless such disclosure has been agreed to in
the contract between the body corporate and provider of information, or where the disclosure
is necessary for compliance of a legal obligation: Provided that the information shall be
shared, without obtaining prior consent from provider of information, with Government
agencies mandated under the law to obtain information including sensitive personal data or
information for the purpose of verification of identity, or for prevention, detection,
investigation including cyber incidents, prosecution, and punishment of offences. The
Government agency shall send a request in writing to the body corporate possessing the
sensitive personal data or information stating clearly the purpose of seeking such information.
The Government agency shall also state that the information so obtained shall not be
published or shared with any other person.
(2) Notwithstanding anything contain in sub-rule (1), any sensitive personal data on
Information shall be disclosed to any third party by an order under the law for the time being
in force.
(3) The body corporate or any person on its behalf shall not publish the sensitive personal
data or information.
(4) The third party receiving the sensitive personal data or information from body corporate
or any person on its behalf under sub-rule (1) shall not disclose it further.
A body corporate or any person on its behalf may transfer sensitive personal data or
information including any information, to any other body corporate or a person in India, or
located in any other country, that ensures the same level of data protection that is adhered to
by the body corporate as provided for under these Rules. The transfer may be allowed only if
it is necessary for the performance of the lawful contract between the body corporate or any
person on its behalf and provider of information or where such person has consented to data
transfer.
14
http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
15
http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
Section 44. Penalty for failure to furnish information, return, etc.- If any person who is
required under this Act or any rules or regulations made there under to-
(a) furnish any document, return or report to the Controller or the Certifying Authority
fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and
fifty thousand rupees for each such failure;
(b) file any return or furnish any information, books or other documents within the
time specified therefor in the regulations fails to file return or furnish the same within
the time specified therefor in the regulations, he shall be liable to a penalty not
exceeding five thousand rupees for every day during which such failure continues;
(c) maintain books of account or records, fails to maintain the same, he shall be liable
to a penalty not exceeding ten thousand rupees for every day during which the failure
continues.
Section 45: Residuary penalty.-Whoever contravenes any rules or regulations made under
this Act, for the contravention of which no penalty has been separately provided, shall be
liable to pay a compensation not exceeding twenty-five thousand rupees to the person
affected by such contravention or a penalty not exceeding twenty-five thousand rupees.
Section 46 of the Act grants the Central Government the power to appoint an adjudicating
officer to hold an enquiry to adjudge, upon complaints being filed before that adjudicating
officer, contraventions of the Act. The adjudicating officer may be of the Central
Government or of the State Government [section 46(1) of the Act], must have field
experience with information technology and law section 46(3) of the Act] and exercises
jurisdiction over claims for damages up to 5,00,00,000 [see section 46(1A) of the Act]. For
the purpose of adjudication, the officer is vested with certain powers of a civil court [section
46(5) of the Act] and must follow basic principles of natural justice while conducting
adjudications [see section 46(2) of the Act]. Hence, the adjudicating officer appointed under
section 46 is a quasi-judicial authority.
In addition, the quasi-judicial adjudicating officer16 may impose penalties, thereby vesting
him with some of the powers of a criminal court [section 46(2) of the Act], and award
compensation, the quantum of which is to be determined after taking into account factors
including unfair advantage, loss and repeat offences [section 47 of the Act]. The adjudicating
officer may impose penalties for any of the offences described in section 43, section 44 and
section 45 of the Act; and, further, may award compensation for losses suffered as a result of
contraventions of section 43 and section 43A. The text of these sections is reproduced in the
Schedule below. Further law as to the appointment of the adjudicating officer and the
procedure attendant on all adjudications was made by Information Technology (Qualification
and Experience of Adjudicating Officers and the Manner of Holding Enquiry) Rules, 2003.17
The section 46(1) makes it very clear that for the purpose of adjudging under this Chapter
[Chapter IX: Penalties and Adjudication] whether any person has committed a contravention
of any of the provisions of this Act or of any rule, regulation, direction or order made
thereunder, there shall be an adjudicating officer for holding an inquiry in the manner
prescribed by the Central Government.
It is obligatory to note that the Central Government as per the Gazette Notification for
Information Technology Rules, 2003 under the short title "Qualification and Experience of
16
Indian National Congress (I) v. Institute of Social Welfare ,“ where law requires that an authority before
arriving at a decision must make an enquiry, such a requirement of law makes the authority a quasi-judicial
authority"(2002) 5 SCC 685
17
http://cis-india.org/internet-governance/blog/analysis-of-cases-filed-under-sec-48-it-act-for-adjudication
maharashtra.
Adjudicating Officer and Manner of Holding Enquiry" vide Gazette Notification G.S.R.
220(E), dated 17th March, 2003 has notified 'Scope and Manner of Holding Inquiry' [rule 4]
While adjudging the quantum of compensation under this Chapter, the adjudicating officer
shall have due regard to the following factors, namely:-
(a) the amount of gain of unfair advantage, whenever quantifiable, made
as a result of the default;
(b) the amount of loss caused to any person as a result of the default;
(c) the repetitive nature of the default.
The Chapter is self-contained code. It also lays down factors for adjudging the quantum of
compensation. Since, the amount of compensation is not to exceed rupees five crore, it is
important that the adjudicating officer must create an objective framework to arrive
'reasonably' at the compensation amount. The task of the adjudicating officer is to measure
the cost of contravention (default) in terms of monetary value. It is basically a 'cause, effect
and compensation' approach. It covers provisions of section 43(a) to (j), section 43A, section
44 and section 45. The idea is that the defaulter has to make good of be losses.While deciding
the quantum of compensation, it is mandatory for the adjudicating officer to calculate the
'cost of default' under three different heads:(a) gain of unfair advantage i.e., estimated trade
loss; (b) the actual 'monetary loss' caused to any person as a result of the default; and (c) the
repetitive nature of the default (recurring default cost), if any.
Further, it is obligatory to note that the term "compensation" as stated in the Oxford
Dictionary, signifies that, which is given in recompense, ana equivalent rendered. "Damages"
on the other hand constitute the sum of money claimed or adjudged to be paid in
compensation for loss or injury sustained, the value estimated in money, of something lost or
withheld. The term "compensation" etymologically suggests the image of balancing one thing
against another; its primary signification is equivalence, and the secondary and more
common waning is something given or obtained as an equivalent1. "Compensation" is a
return for the loss or damage sustained. Justice requires that it should be equal in value,
although not alike in kind . The adjudicating officer has an important role to play. He has not
only the trappings of a quasi-judicial authority but also has the power of a court to give a
decision or a definitive judgment which has finality and authoritativeness which are essential
tests of a judicial pronouncement. The adjudicating officer, therefore, possesses all the
attributes of a court. 18
18
Supra note 4,p.139
BIBLIOGRAPHY
STATUTORY COMPILATIONS
1. THE INFORMATION TECHNOLOGY ACT, 2000.
DICTIONARIES
1. BRYAN A. GARNER, BLACK’S LAW DICTIONARY (8th ed. 2001).
2. OXFORD ENGLISH DICTIONARY, (2nd ed. 2009).
3. WEBSTER’S NEW INTERNATIONAL DICTIONARY (1926).
WEBSITES
1. http://lawisgreek.com/cyber-laws-what-is-cyber-contravention-and-cyber-offences/
2. http://sapost.blogspot.in/2011/11/beware-of-section-43-of-information.html
3. https://en.wikipedia.org/wiki/MafiaBoy
4. http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
5. http://cis-india.org/internet-governance/blog/analysis-of-cases-filed-under-sec-48-it-act-
for-adjudication maharashtra.
6. http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
7. http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
8. http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
9. http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf
BOOKS
1. Kunwar, Vijay, A Handbook on Cyber Laws & Investigations, Chandigarh: Shreeram
Law House, 1st ed. (2012).
2. Sharma, Vakul, “Information Technology Law and Practice”, 3rd ed., New Delhi:
Universal Law Publishing Co., 2014.
3. Jyoti, Rattan, “Cyber Laws and Information Technology”, 5th ed., Delhi: Bharat Law
House Pvt. Ltd., 2015.