Stages of Cyber Civil Cases in Indian

STAGES IN a Cyber CIVIL Case / Suit in India-

(Plaintiff Means whoever files the case )
By Advocate Prashant Mali(@CyberMahaGuru)

1. Plaintiff has to file the plaint complying the provisions in all respect as contemplated under

Order 4 r/w Order 6 and 7 of the code.

2. Plaintiff  has to issue summons within 30 days from the institution of suit.

3. After the service of summons defendant has to file his written statement within 30 days

from the receipt of summons as per Order 8 R 1 of the code

4. No further time exceeding 90 days after date of service of summons be extended

for filing written statement as per proviso to Order 8 R 1 of the code.

5. Within 10 days from the filing of written statement court has to examine the parties so

as to explore the possibilities of compromise in between the parties and to refer the matter of settlement under section 89 of the code.

6. If parties fail to compromise the matter then court has to keep the matter for discovery

and inspection  within the time span of 7– 10 – 10 – 3 days, as per Order 11 of the code.

7. Then to adjourn the matter for admission within the time span of 15 days as per Order 12

of the code.

8. Then parties have to file the original documents prior to framing of issues within

the time span of 7 days, as per Order 13 of the code.

9. Court has to frame the issues within 15 days as per Order 14 of the code.

10. Parties have to file the list of witnesses within 15 days from the date of framing of issues as per

Order 16 of the code.

11. Plaintiff has to issue summons to the witnesses either for adducing evidence or for production of documents within 5 days of filing of list as per Order 16 R 1(4) of the code.

12. Parties have to settle the date of evidence as per Order 16 of the code.

13. Plaintiff has to file the affidavits of all his witnesses within 3 adjournments as per Order 18 R 4 r/w Order 17 of the code.

14. Court has to exhibit the documents considering their proof and admissibility with a reasoned order as per proviso to Order 18 R 4(1) of the code.

15. Cross examination of the plaintiff and his witnesses on day to day until all the witnesses in

attendance have been examined as per Order 18 R 4 (2) r/w Order 17 R2 (a) of the code.

16. Defendant has to issue summons to the witnesses either for adducing evidence or for

production of documents as per Order 16 R 1 (4) of the code.

17. Defendant has to file the affidavits of all his witnesses within 3 adjournments as per Order 18 R 4 r/w Order 17 of the code.

18. Court has to exhibit the documents considering their proof and admissibility with a reasoned order as per proviso to Order 18 R 4(1) of the code.

19. Cross examination of the defendant and his witnesses on day to day until all the witnesses in

attendance have been  examined as per Order 18 R 4 (2) r/w Order 17 R2 (a) of the code.

20. Parties have to conclude their arguments within 15 days from the completion of their

respective evidence as per Order 18 R 2 (3A) of the code.

21. Court has to delivered judgment forthwith or on or before 30 days and not exceeding 60 days

from the date of conclusion of the arguments as per Order 20 R 1 of the code.

The party in whose favor the judgement is passed is known as decree holder, and the party against whom the judgement is passed is called the judgement debtor.

Review of judgement

If a party is not satisfied with the judgement, then it can file an application for review of the judgement. If the court feels there are not sufficient grounds for the review, then it may reject the application. The court may also reject the application if it was based on some new evidence unless strict proof is provided that the party was earlier unaware of it. Also, when a application for review is received by the court, it shall send a notice to the other patty in order for him/her to appear and present his side. If the application is granted and a judgement has been passed, it cannot be reviewed further. 

Appeal

A party may appeal in appellate court against the original decree. A memorandum needs to be filed in the appellate court specifying the grounds of objection. The appellant may be required to provide the security for cost. The court may accept, reject, or send back the appeal to the appellant for modifications. If the appellate court finds sufficient cause for stay on the execution of decree, then it may order to do so. If the appellate courts accepts the appeal it shall send a notice to the lower court (whose decree is being appealed) so that it can dispatch the records relevant to the case to the appellate court. The appellate court will send notices for the day of the hearing and will rehear the case. The appellate court may confirm, vary, or reverse the original decree in its judgement. 

Execution of Decree

If the judgement-debtor needs to pay money, he can submit it in the court or outside the court as well. If the payment is made outside of the court then an evidence of the payment needs to be produced. When a payment is made then judgement-debtor needs to send an acknowledgement to the decree-holder. If the judgement debtor fails to comply to the decree then the decree holder may file an application for execution of decree. The application needs to be filed in the place of judgement-debtor's residence. The decree holder may request the court to assist him by either delivering the property, arrest or detention of person, or any other relief granted in the decree. 

The judgement debtor is issued a notice to show cause against execution. If no satisfactory response is shown for the show cause notice, then the court may issue orders to execute the decree. In case of payment of money, the court may order the detention of judgement-debtor in civil prison or sale of judgement-debtor's property. In issues related to movable property, it may be seized and delivered to the other party.

Note: everything above in ideal situations😄

Apply for compensation upto Rs.5 Crores to adjudication Officer (IT Secretary of the state) and Above that to respective High Courts of the state.

cyberlawconsulting@gmail.com

Author: Prashant Mali @CyberMahaGuru

What is Sensitive Personal Data or Information in India ?

What is Sensitive Personal Data or Information in India ? 

[ DATA PROTECTION LAWS IN INDIA ]

Sensitive Personal Data or Information though not directly defined in The Section 2 of The IT Act, 2000. But the definition which has force of law is  defined under the section 3  of  THE INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011 made by Central Government In exercise of the powers conferred by clause (ob) of sub­section (2) of section 87 read with section 43A of the Information Technology Act, 2000 (21 of 2000). Section 3 reads as 

3.    Sensitive personal data or information.—

 Sensitive personal data or information of a person means such personal information which consists of 

 information relating to;―

(i)  password;

     (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;

       (iii) physical, physiological and mental health condition;

       (iv) sexual orientation;

       (v) medical records and history;

       (vi) Biometric information

      (vii) any detail relating to the above clauses as provided to body corporate for providing service; and

      (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

        provided that, any information that is freely available or accessible in public domain or furnished under  the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as  sensitive personal data or information for the purposes of these rules. 

        To enlarge this definition further 

Definition’s of

1.   Data

2.   Information

3.   Personal Information 

4.   Body corporate

Have to be added to the definition of “Sensitive Personal Data or Information” as legislature have defined them separately.

Section 2(1)(o) of The IT ACT,2000 Defines "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

Section 2(1)(v) of The IT ACT,2000 Defines "Information" as

        "Information" includes data, message, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated micro fiche; 

Section 2(1)(i) defines Personal Information as “Personal Information” means any information that  relates to a natural person, which, either directly or indirectly, in combination with other information  available or likely to be available with a body corporate, is capable of identifying such person.

        "Body Corporate" is defined under Explanation (i) of The Section 43-A of The IT Act, 2000 as "Body corporate" means any company and includes a firm, sole proprietorship or other  association of individuals engaged in commercial or professional activities; 

      

       So the full length definition of Sensitive Personal Data or Information would be 

       Sensitive personal data or information of a person means any information that  relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities, is capable of identifying such person  which consists of  data, message, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated micro fiche relating to;―

         (i)  password;

        (ii) financial information such as Bank account or credit card or debit card or   other payment instrument details ;

        (iii) physical, physiological and mental health condition;

        (iv) sexual orientation;

        (v) medical records and history;

        (vi) Biometric Information

        (vii) any detail relating to the above clauses as provided to body corporate for providing service; and

       (viii) any of the information received under above clauses by body corporate for processing, stored or  processed under lawful contract or otherwise:

        provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as 

       sensitive personal data or information for the purposes of these rules. 

       Also, reading carefully clause (viii) above the further intention of legislature could also be found out that Information any information that is NOT freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall  be regarded as sensitive personal data or information for the purposes of these rules. 

       even though presence of the word shall gives it a directive meaning.

       So the questions could be :

if someone lays hand on my mobile phone  CDR(Call Data Record) illegally and finds out  whether i am calling which Specialist Doctor or psychiatrist or Specialist Lab like Thyrocare e.t.c does it reveal my medical record or history or Mental health condition or it gives certain conclusion to the  person who has illegally procured  my CDR. 

 I feel Yes !!

        If i am calling my banker or my stock broker or private equity guy or any lender or investor isn't the CDR revealing it all my financial details.

 I feel Yes !!

       CDR (call data record) thus falls under definition of Sensitive Personal Data or Information under the IT Act, 2000

Other Examples of Sensitive Personal Data would be:

1.   Pathology Lab Reports.

2.   Sex determination test.

3.   Height or Weight of the person

4.   Bank Statement.

5.   Credit card /Debit card Statements.

6.   Cheque or Demand Draft or Pay order or echeque details

7.   PIN Number

8.   DIN Number

9.   Secret Question to reveal password

10. Electronic keys e.t.c

The Supreme Court of India has interpreted the right to life to mean right to dignified life in Kharak Singh case especially the minority judgment of Subba Rao, J. In Gobind v. State of M.P, Mathew J.,

delivering the majority judgment asserted that the right to privacy was itself a fundamental right, but subject to some restrictions on the basis of compelling public interest. Privacy as such interpreted by our Apex Court in its various judgments means different things to different people. Privacy is a desire to be left alone, the desire to be paid for

ones data and ability to act freely.

Right to privacy relating to a person’s correspondence has become a debating issue due to the technological developments. In R.M. Malkani v. State of Maharashtra, the Supreme Court observed that, the Court will not tolerate safeguards for the protection of the citizen to be imperilled by permitting the police to proceed by unlawful or irregular methods. Telephone tapping is an invasion of right to privacy and freedom of speech and expression and also Government cannot impose prior restraint on publication of defamatory materials against its officials and if it does so, it would be violative of Article 21 and Article 19(1)(a) of the Constitution. In Peoples Union for Civil Liberties v. Union of India the Supreme Court held that right to hold a telephonic conversation in the privacy of one’s home or office without interference can certainly be claimed as right to privacy. In this case the Supreme Court had laid down certain procedural guidelines to conduct legal interceptions, and also provided for a high-level review committee to investigate the relevance for such interceptions.

Conclusion :

So if Body Corporate Do not follow reasonable security practices to safe guard Sensitive Personal Data or Information of all the data they possess have to pay severe compensation to the entity/ person whose data so gets compromised.

Sensitive Personal Data or Information though defined in the IT Rules of 2011under The IT Act, cannot be construed strictly as it is said law lies in its interpretation and history has shown interpretation differs in different times .The definition cannot be strictly construed for two reasons. One because the definition encompasses various words which are defined separately and cognizance have to be taken to arrive at intentions of the legislature and society at large and Second because what can be sensitive to one person at one time cannot be sensitive to other person at different timings. As today if we get Call Data Records of Harshad Mehta or Nathuram Ghodse even though the data so obtained would remain personal but not sensitive coz of time has passed by and so is relevance.