Cyber Security Laws For Data Protection

Cybercrime has increased in the last few years, including phishing, data theft, and fraud. According to Statista's Cybersecurity Outlook, the cost of cybercrime globally is anticipated to increase over the next five years, going from £6.92 trillion in 2022 to £19.56 trillion by 2027. According to Cyber Crime Magazine, cybercrime includes "data damage and destruction, theft of money, lost productivity, theft of intellectual property, theft of personal and financial data, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm." 

As more people use the internet for both professional and personal purposes, there are more potential chances for cybercriminals to take advantage of. Simultaneously, attacker strategies are improving, with more tools accessible to help scammers. As a result, the cybercrime rate is likely to intensify. This emphasizes the need for individuals and organizations to prioritize cyber security essentials, leading to the development of more effective legal frameworks and strict cybercrime laws.

Let's delve deep into understanding the cybercrime laws and what improvements can be expected in the future to combat the risk of cybercrimes in India. 

Table of Contents

1) What is Cyber Security law? 

2) Why are Cyber Security Laws important? 

3) Types of Cyber Security laws 

  a) The Data Protection Act 2018(DPA) 

  b) The Privacy and Electronic Communications Regulations  

  c) Computer Misuse Act 1990 

  d) Network and Information Systems Regulations 2018 (NIS Regulations) 

  e) The Telecommunications (Security) Act 2021 

  f) The IT Act and the Information Technology (Amendment) Act 2008 

4) Conclusion 

To find out how to create an action plan for a Cyber Security strategy, register for our CCNA Cybersecurity Operation Training Course right away! 
 

What is Cyber Security law? 

Cyber Laws, also referred to as internet laws, are legal informatics rules that govern software, e-commerce, information security, and the digital transfer of information. It covers various related topics, including Internet access and usage, freedom of speech, and privacy. The usage of the internet raised important security and privacy concerns. Intelligent criminals have been known to carry out unauthorised operations and potential fraud using cutting-edge techniques.  

There is a significant need to protect against them, and the best way to do so is to impose a Cyber Security Strategy. By holding these criminals responsible for their malicious deeds and imposing the proper punishment determined by the federal government, these regulations and laws are designed to protect individuals and businesses online.   

Why are Cyber Security Laws important? 

Cyber laws are essential for using the internet and have several functions. Most of these regulations are designed to safeguard users from falling victim to cybercrimes, while some are intended to control how people use the internet and computers more generally. Cyber Laws cover these three key areas: 

1) Fraud: Cyber laws protect users from falling victim to online fraud. They are around to stop crimes like identity and credit card theft. These laws further warn that anyone who attempts to conduct such fraud will face federal and state criminal charges. 

2) Copyright: In addition to banning copyright infringement, cyber laws also enforce copyright protection. They grant people and organisations the right to safeguard and earn profits from their unique creations. 

3) Defamation: Cyber laws are also enforced in online defamation cases, which protects people and companies from false claims made online that could damage their reputations.  

Types of Cyber Security laws 

Now, let’s take a look at the types of Cyber Security laws: 

1) The Data Protection Act 2018(DPA)  
 

The Data Protection Act of 2018 regulates how organisations, companies, or the government may handle your personal information. The UK implemented the General Data Protection Regulation (GDPR) through the Data Protection Act of 2018. The "data protection principles" are a strict set of guidelines that must be followed by everyone using personal data. They have to confirm that the data is: 

1) Used fairly, lawfully, and openly  

2) Used for specific, outlined purposes  

3) Used in a way that is adequate, relevant, and limited to only what is necessary 

4) Kept up to date when necessary 

5) Kept for no longer than is necessary  

6) Handled in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, access, loss, destruction, or damage 

The Act protects sensitive information along with the following rights: 

1) Be aware of how your data is used 

2) You can access your data 

3) Have incorrect data updated 

4) Can erase data 

5) Prohibit processing of your data 

6) Data portability (reuse and get data as per your requirement) 

7) Object to data manhandling 

2) The Privacy and Electronic Communications Regulations 2003  
 

The Data Protection Act (DPA), the UK General Data Protection Regulation (UK GDPR), and the Privacy and Electronic Communications Regulations (PECR) are the laws that regulate how you conduct your electronic marketing, such as via phone or email. If you run phone or similar directories or use cookies on your website, the restrictions will also impact you. 

Obtaining consent before placing cookies on a user's computer and, in some situations, getting the customer's consent before sending them electronic marketing are important aspects of the legislation. You are not permitted to distribute marketing materials to anyone who has chosen not to receive them. 

You must do the following to comply with the regulation: 

a) Make sure you have the customer's permission before contacting them via phone, fax, or email with electronic marketing. 

b) When you engage in marketing, be clear about who you are. 

c) When sending marketing materials or messages, provide the proper contact information so that the person or organisation receiving the marketing can get in touch with you. This should be a freephone, postal, or email address. 

Want to become proficient in presenting a Cyber Security strategy? Sign up for our Cyber Security Awareness Course!   

3) Computer Misuse Act 1990
 

Electronic records are related to the Computer Misuse Act of 1990 law because it defines three offences for unauthorised access to computer software: 

1) Unauthorised use of computer resources 

2) Unauthorised entry to commit a crime or help in one 

3) Interference with computer operations committed either intentionally or unintentionally, etc. 

Criminal offences with a "significant link" to the UK may be prosecuted under the Act. Any of the following situations could apply: 

1) The offender was in the UK when the offence was committed 

2) The intended target PC was in the UK 

3) The offender assisted in committing the offence by using a server located in the UK 

4) The crime damaged the UK significantly (or posed a threat of doing so) 

The following are prohibited by the Computer Misuse Act and are punishable by law: 

a) Access to data kept on a computer without authorisation or with harmful intent 

b) Malicious use of computers in crime or injury 

c) Altering, deleting, or encrypting data 

d) Assisting in computer misuse, such as providing information 

4) Network and Information Systems Regulations 2018 (NIS Regulations) 
 

The Network and Information Systems Regulations 2018 act came into force on 10 May 2018. This act offers legal measures to improve the general level of security (both cyber and physical resilience) of network and information systems, essential for the delivery of digital services (online marketplaces, online search engines, cloud computing services), as well as essential services (transport, energy, water, health, and digital infrastructure services).

The following are subject to the NIS Regulations:

a) OES (Operators of Essential Services)- in the UK's energy, transportation, health, and water sectors

b) DSPs (Digital Service Providers) are broken down into three groups:  

   1) Online search engines 

   2) Online marketplaces 

   3) Cloud computing services 

The NIS regulations require OESs and DSPs to take appropriate technical and organisational measures, including preventing and minimising the impact of any incident on the users. 

Requirements for OES and DSPs to protect data for the users:

a) Ensure service continuity by taking the necessary precautions to prevent and lessen the effects of any incidents. 

b) Ensure service continuity by taking the necessary precautions to prevent and lessen the effects of any incidents. 

c) Secure the network and information systems and take technical and organisational measures appropriate to the risk. 

d) Notify the regulator of any security incident that has a significant impact. 

5) The Telecommunications (Security) Act 2021 
 

The Telecommunications (Security) Act, which the government describes as among the strongest telecom security laws in the world, aims to improve security across all key UK mobile and internet networks. The Telecommunications (Security) Act controls the place of manufacture of the hardware and software used at phone mast sites and telephone exchanges. In addition, it imposes a higher requirement on CSPs to protect against attacks that could disable their networks or cause the loss of sensitive data.

Regulations for the act:

a) To protect the data handled by their networks and services and safeguard the crucial operations that allow them to manage and operate their networks and services. 

b) To protect the hardware and software upon which their networks and services rely for monitoring and analysis. 

c) The ability to recognise unusual behaviour, a "deep understanding" of the threats they face, and regular reporting to their boards. 

d) Consider supply chain risks, understand and regulate who has access to their networks and services, and change how they are run. 

According to digital infrastructure minister Matt Warman, “Our broadband and mobile networks are essential to our way of life, and we are aware of the harm that cyberattacks on critical infrastructure can cause. By implementing one of the toughest telecom security regimes in the world, which protects our communications against present and future threats, we are stepping up protections for these crucial networks”. 

With our Cyber Security Risk Management course, you will learn how modern cyber-attacks are performed. 

6) The IT Act and the Information Technology (Amendment) Act 2008 
 

The IT act includes provisions for electronic data protection. The IT act penalises ‘cyber contraventions’ (section 43(a) -(h)) and “cyber offences’ (sections 63-74). This act was passed to offer a legal framework for e-commerce activity and sanctions for computer misuse. It also addresses data protection and Cyber Security concerns.

The information Technology Rules (the IT Rules) 

a) The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal data or Information) Rules require users to maintain certain specified security standards for sensitive personal information. 

b) The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, restricts content of a particular nature on the internet. It governs the role of intermediaries, including social media. It is applicable for keeping a user's online personal data safe. 

c) The Information technology (Guidelines for Cyber Cafe) Rules require cybercafes to register with a registration agency and maintain a log of users’ identities and internet consumption.  

d) The Information Technology (Electronic Service Delivery) Rules allow the government to state that some services, such as applications, certificates, and licenses, can be delivered electronically. 
 

Conclusion

As our reliance on technology increases, network and information system failures have a more significant impact and provide more possibilities for cyber breaches. Critical network and information systems must be secured to protect our residents, businesses, and public services. This blog has made it easier for you to understand the new Cyber Security laws and the rules put in place to help prevent cyberattacks.   

Sign up for Cyber Security Training to learn how to ensure Cyber Security practices!