Everything You Should Know About Section 66A of the IT Act and Cybersecurity Policy

In the digital era, cybersecurity is more important than ever. From individuals to businesses, cyber threats are growing at an alarming rate, making it essential to have strong cybersecurity policies in place.

While India had laws like Section 66A of the IT Act to regulate online speech, its misuse led to this Act being repealed. With rising cyber threats, businesses and individuals are turning to cyber insurance in India for protection. But what does this mean, and how can a cyber insurance plan help? Let’s break it down.

Section 66A of the Information Technology Act, of 2000, was a provision in Indian law that aimed to penalize the sending of offensive messages through electronic communication. Introduced in 2009, it defined several categories of punishable offences related to digital communication, including:

• Sending grossly offensive messages: Any information deemed grossly offensive or having a menacing character.

• False information: Sending information known to be false with the intent to annoy, inconvenience, or intimidate others.

• Deceptive emails: Sending emails designed to mislead recipients about the origin of the message.

The penalties under Section 66A included imprisonment for up to three years and fines for those found guilty of violating its terms.

The Supreme Court of India repealed Section 66A in 2015 in the landmark Shreya Singhal v. Union of India case. The primary reasons for its repeal were:

1. Lapping Indian Penal Code (IPC) 1860

Many of the offences Section 66A covered were already punishable under the Indian Penal Code (IPC) 1860. There was no need for an additional law that essentially duplicated existing criminal provisions.

2. Identifying Culprits and Victims

The law was broad and unclear on defining the actual victim and offender in digital interactions. This ambiguity led to arbitrary arrests and unnecessary legal trouble.

3. Misuse Across the Nation

Authorities widely misused Section 66A to suppress dissent, leading to wrongful arrests. Many people faced charges for expressing their views online, which raised concerns over free speech violations.

With increasing cyber threats, businesses need proactive measures to safeguard their digital assets. Here’s how they can do it:

1. Keep Software Updated

Outdated software is a hacker’s playground. Companies should regularly update their security systems, firewalls, and applications to patch vulnerabilities.

2. Password Policies

Weak passwords are a leading cause of cyber breaches. Businesses should implement strict password guidelines, including multi-factor authentication (MFA), to strengthen security.

3. Employee Training

One of the biggest security risks is human error. Businesses must conduct regular cybersecurity policy awareness training to educate employees on identifying phishing emails, safe password practices, and handling sensitive data securely. 

4. Outsource Cybersecurity

Not all businesses have the resources for in-house security teams. Outsourcing cybersecurity to experts can help monitor threats and mitigate risks in real-time.

5. System Security Plan (SSP)

Having a well-documented System Security Plan (SSP) can help businesses outline their security protocols. This plan should include incident response strategies, risk assessments, and compliance measures.

Despite the best security measures, cyber incidents can still occur. This is where cyber insurance in India plays a crucial role. Businesses and individuals can benefit from a cyber insurance plan that offers financial protection against cyberattacks, data breaches, and fraud.

Repealing Section 66A of the IT Act was a step towards protecting free speech, but businesses and individuals must remain vigilant against cyber threats. Implementing a strong cybersecurity policy and investing in cyber security insurance are essential steps for protecting digital assets. Among the various options available, SBI General Insurance offers comprehensive cyber insurance plans tailored for businesses and individuals, ensuring peace of mind in an increasingly digital world.

1. Usually, which companies can opt for a cybersecurity policy?

Any business dealing with sensitive customer data, online transactions, or digital records should consider a cybersecurity policy. This includes financial institutions, e-commerce platforms, IT firms, and healthcare providers.

2. Does cyber security insurance allow hiring a lawyer for post-cyber attacks?

Yes, most cyber security insurance plans cover legal expenses, including hiring a lawyer to manage legal proceedings after a cyberattack.

Disclaimer: The above information is indicative in nature. For more details on the risk factor, terms and conditions, please refer to the Sales Brochure and Policy Wordings carefully before concluding a sale.