Secretary 2. ………eSecretary
a real time transformation
Indian corporate world on 18th February 2006 entered into a new era of e-governance. On this day Ministry of Company Affairs has launched its MCA21 programme in Coimbatore.
MCA21 is probably the first e-governance programme of any ministry having largest stakeholders and reaching to almost all corners of India. `Tsunami’ has hit all the shores of Indian corporate world.
Company Secretary profession is the most concerned profession of this e-governance programme. Company Secretaries are expected to play a greater role in this process. They need to involve themselves in training, implementation, certification and facilitation processes of MCA21.
Company Secretaries needs to be IT savvy to remain in the competition. Profession is now more demanding and needs adoption of techno legal approach. MCA21 process has opened up new avenues for the professionals. They may be in the form of providing training, doing processing, implementation and certification and to act as facilitator and single service point. Any new opportunity does have the inherent risk attached to it.
The provisions of the Information Technology (IT) Act govern use of technology in the business process. IT Act prescribes, regulates, monitor the technical process embedded in any business. Therefore understanding the IT laws of India is a must for any processional, who is consulting or helping businesses to grow. Understanding the potential exposure to risk out of use of technology is become a first priority of the professional.
It is therefore very vital for all of us to understand important concepts and impacts of Information Technology Act 2000
Information Technology Act 2000 came into existence on 17th October 2000 to provide legal recognitions to electronic transactions, electronic communication, electronic data interchange, digital signatures, e-governance, electronic records and to regulate cyber crimes.
One of the basic objectives of this Act is to facilitate electronic filing of documents with the government authorities. This is the basis for introduction of electronic filing system partially under the Income Tax Act, DGFT and fully under the Companies Act. In near future we may witness more departments like Excise, Sales tax coming under electronic filing.
Section 5 of the IT Act provides the recognitions to digital signatures. Digital signature is the identity of a person in eworld.
Digital signature is process whereby sender authenticates the document by putting his digital signature. He also protects the document by encoding it and the receiver who is having the Public Key supplied by the sender, decrypts the documents and read the same.
Digital signature is not a signature or impression or mark. it is a unique pair of key provided by the certifying authority. No person other than the originator can use the said pair of keys. In easy terms, application of private key is known as affixing a digital signature to the document or form. Digital signature protects the document from tampering and gives the authenticity, integrity and attribution to the document and also gives extreme speed to the transaction. Non-repudiation is the important feature of digital signature, which does not allow the originator to disown the data or document.
Now with the help of such recognition of digital signature any person can sign the document or form without taking print out of it and at any time and at any place. Boundaries are not the barriers now. Postal department or documents transport system is not a hurdle now.
IT Act has established the offices of Certification Authorities to enroll, validate issue, publish, revoke or suspend the digital signatures. The set of rules were prescribed under the Act for Certification Authorities.
Section 35 of the Act prescribes the process of getting the digital signature. Verification of identity of the person applying for digital signature is the important step to be carried out by the Certification Authorities.
Section 73 of the Act provides for imprisonment and penalty for publishing digital signature certificates false in certain particulars.
Secure Digital Signature
Section 15 of the IT Act prescribes the secure digital signature. If it is possible by application of security procedure to verify that
(a) the digital signature affixed is unique to the subscriber;
(b) it is capable of identifying the subscriber;
(c) it is created in a manner or using means under the exclusive control of the subscriber and is link to electronic record and would be invalidated upon alteration of such record
then such digital signature shall be deemed to be a secure digital signature.
It therefore mandatory that in each electronic transaction we use only the secure digital signature. It is essential to apply, enroll, process and download digital signature from own computer to qualify it as a secure digital signature.
After downloading the protection of digital signature is very important to avoid misuse of it. Because of non-repudiation it will be very difficult for the originator to prove that he has not used the digital signature. Immediate communication to the Registration Authority upon loss of digital signature token is very essential.
The central government has the power to make rules in respect of digital signatures i.e. to prescribe the type of signature, manner and format of affixation, manner and procedure for identification of affixing digital signature, control and security process, any other matter to give legal effect to digital signature. Therefore we observe different types and forms and methods of digital signatures for different purposes.
Section 3 of the IT Act provides legal recognition to electronic records by way of affixing the digital signature.
“Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche;
Company secretary can now make revolutionary changes in his traditional function of maintenance of records.
Section 4 of the IT Act provides legal recognition to electronic records. Records prescribed under any act or statue can be maintained in the electronic form.
Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is—
(a) rendered or made available in an electronic form; and
(b)accessible so as to be usable for a subsequent reference.
Section 4 has the overriding effect on provisions of any other law requiring maintenance of records and documents. Therefore all secretarial records and statutory registers can be maintained in electronic form after complying with the specified norms.
Section 7 of the IT Act provides for the compliance of following conditions to maintain the records in electronic form.
(a) the information contained therein remains accessible so as to be usable for a subsequent reference;
(b)the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
(c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record:
Security of electronic record is the important aspect. Section 14 of the IT Act prescribes that; where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.
Secured Electronic Process
MCA21 is a secured electronic process for complying the provision under the Companies Act, 1956 and rules made there under.
The system has been developed under the provisions of section 6 of the IT Act. Said section provides for electronic filing of forms and applications, issue and grant of licenses, sanctions and approvals and issue of receipt or payment of money.
This section further provides that provisions of any law will be treated as complied if such filing, issue, grant of license, sanction or approval and issue of receipt or payment of money is effected in electronic form.
Thus the MCA21 process has got the legality even before amending the provisions of the Companies Act.
Retention of Electronic Record
MCA21 process has created a database and repository to maintain the entire registry records at one place. The information stored in it is a record as per provisions of the Companies Act.
Section 7 of the IT Act grants the legal recognitions to electronic records to be maintained under the provisions of any act. The essential conditions to be satisfied are
(a) the information contained therein is accessible and usable for subsequent references;
(b) the originality of the electronic record is maintained;
(c) the details of which will facilitate the identification of the origin, destination, date and time of dispatch or receipt.
Attribution of Electronic Record
Attribution to any electronic record is the essence of any valid legal transaction. Electronic record should be attributed to originator.
Section 11 of the IT Act provides that attribution of electronic record to originator is possible only if it was sent by the originator himself or by the person authorised by the originator or by the system programmed by or on behalf of the originator.
Therefore MCA21 process requires the signer of the form to attribute that he has been authorised to sign the eform. It is also essential to use the originator’s or authorised person’s system and login for submission of electronic record or document.
Automated replies generated by the system will qualify for attribution, if they are generated from the system programmed by the originator. Therefore all the electronic unsigned communications received from the MCA are valid communications.
Acknowledgement of receipt of electronic record is provided under section 12 of the IT Act.
Use of technology has triggered off the issue of IPR protection and use of license software. We need to respect the IP rights of others and need to use only license software. We do not know who is watching us on the net and collecting our system information and checking whether we are using the licensed software. If we wish to be a facilitator or Certified Filing Center for MCA21 then first priority is to have the license software.
Electronic payment by using the credit card/ debit cards or through Internet banking facility is inherent part of any electronic transaction. We need to be extremely careful while using the electronic payment facilities. We need to all the time protect our money. Utmost care is therefore essential. Avoid giving your credit card or its number to anybody. The owner should only make use of credit card.
Certification of eforms
Certification of eforms to be done very carefully. You need to affix your digital signature as a part of your certification. Protect your signature all the time from misuse. Keep propose backups of the eforms and documents that you certify.
Penalties and Offences
IT Act has prescribed heavy penalties for various wrong actions, which a person unknowingly commits in his daily interaction with the computers, use of Internet, visit to web sites. It is very essential to understand following sections of the IT Act.
Section 43: Penalty for damage to computer, computer systems etc.
Any person without permission of the owner or incharge of the computer or computer system or network
(a) accesses such computer or system or network;
(b) download or copy or extract any data or information;
(c) introduce or causes the introduction of the virus ;
(d) damage or cause damages ;
(e) disrupts or causes disruption ;
(f) denies or causes denial of access to any person authorized to access;
(g) provide any assistance to any person to facilitate access ;
(h) charges the services availed by any person to the account of another by tampering or manipulating
shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person affected.
Section 44 provides for the penalty for failure to furnish information, returns, documents, maintenance of documents and books under the act.
Section 45 is a residuary section provides for compensation not exceeding twenty five thousand rupees or a penalty not exceeding twenty five thousand rupees.
Section 65: Tampering with the computer source document
Section 66: Hacking with computer system
Section 67: Publishing of obscene information in electronic form
Section 69: failure to extend the facility and technical assistance to decrypt the information to government or government agency.
Section 70: Securing access or attempts to secure access to a protected system
Section 71: Making misrepresentation or hiding of any material facts
Section 72: Breach of Confidentiality and privacy
Section 73: Publishing digital signature certificate false in certain particulars
Section 74: Publication of digital signature for fraudulent or unlawful purpose
Section 75 This act applies to offences and contraventions committed outside India irrespective of the nationality of the person involved and also include offences and contraventions committed outside India using or from a computer, system or network located in India.
Section 76 provides for confiscation of computers, floppies, disks, accessories etc involved in offence by a regulator.
Section 77: Penalty or confiscation prescribed under the act shall not prevent the imposition of any other punishment under any other act.
Section 78: Police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under the act.
Section 85 Offences by the Companies: Any person who was incharge of, and was responsible to, the company for conduct of business of the company as well as the Company shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly. Few exceptions to it were provided in the section.
Amendments made in other acts
IT Act, for smooth implementation and functioning made amendments to Indian Penal Code, Indian Evidence Act, Bankers Books Evidence Act and Reserve Bank of India Act.
Rules notified under the Act
The Information Technology (Certifying Authorities) Rules, 2000
The Cyber Regulation Appellate Tribunal (Procedure) Rules, 2000
Information Technology (Use of electronic records and digital signatures) Rules, 2004.
Information Technology (Security Procedure) Rules, 2004.
With an objective to review the Information Technology Act, 2000, in the light of the latest developments and to consider the feedback received for removal of certain deficiencies in the Act, Hon’ble Minister for Communications and Information Technology set-up an Expert Committee under the Chairmanship of Shri Brijesh Kumar to review the present Information Technology Act and to suggest amendments. The committee has submitted its recommendations in the month of August 2005. These recommendations are under consideration of the government.
Peaceful and real time transformation of Secretary to eSecretary is possible only by observing rules of the game and following the IT Act prudently.