September 2020

India has no dedicated cybersecurity law. The IT Act, read with the rules and regulations framed thereunder, deals with cybersecurity and the cybercrimes associated therewith. As discussed in question 1.3, the ‘body corporate’ that handles sensitive personal data or information (SPDI) must implement “reasonable security practices and procedures” by maintaining a comprehensive documented information security programme. This programme should include managerial, technical, operational and physical security control measures that are commensurate with the nature of information being protected. In this context, the SPDI Rules recognise the International Standard IS/ ISO/ IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements” as one such approved security standard that can be implemented by a body corporate for the protection of personal information.

As mentioned in question 1.1, the RBI has issued several cautionary advisories in the form of press releases (issued on 24 December 2013, 1 February 2017 and 5 December 2017) to users, holders, investors, traders and similar parties that deal in virtual currencies, highlighting the potential financial, operational, legal, customer protection and security-related risks associated with dealing in virtual currencies.

Blockchain came into vogue in 2008 as the underlying technology for Bitcoins, which has been hailed as the world’s first decentralized cryptocurrency. In the words of its creator (who used the pseudonym ‘Satoshi Nakamoto’), Bitcoin was created since there was a need for “an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party“1.

A blockchain, as its name suggests, is a virtual chain made of blocks, where each block contains information. Alternatively, it can be described as a digital ledger, where each block of data represents a distinct transaction on the ledger, with the transactions occurring across a decentralized peer-to-peer network. This peer-to-peer network consists of a network of computers (each called a “node”) connected together, which allows the participants in the blockchain to transfer information across the internet without the need to involve any centralised third party.