Q.1) What is E-commerce?

Explain different types of E-commerce with

suitable examples.
1) E-Commerce is an area which is not so ancient to be defined in the Indian
context and to the World as well, but it is emerging constantly with the
development and the changing demands of the Society, as a whole.
2) The business conducted is totally through the electronic medium using
the Internet as the medium enabling large firms to come together and do
business all over the world, while managing it from a certain part,
enabling firms to establish and enhance their market posi on, allowing a
cheaper and efficient distribu on chain of their products and services.
3) Business to Business (B-B) A business-to-business model also known as e-
biz involves exchange of one ‘s products, services, or informa on to an
intermediate buyer who then exchanges it with the final customer or
consumer. The distribu on and procurement of services is fulfilled by way
of ecommerce. A wholesaler might place an order on the company
website and sell it through physical retail stores.
4) Business to Consumer (B-C) This mode of e-commerce involves
transac on occurring between a company and a consumer. This model
deals directly with customers without enabling any mediator to intervene.
The product can be finalized by the customer and place an order directly
through the company’s website or applica on without any intermediator
or marketplace.
5) Consumer to Consumer (C-C) Some portals enable consumers to
communicate their needs and obtain the same without the interference
of the third party besides a pla orm provided by the third party charging
some flat fee. It makes easy for strangers to trade with each other. Online
auc on, where one party posts an item for sale and the other bids to
purchase the same.
6) Consumer to Business (C-B) It involves consumers to provide services to
the businesses and crea ng value for them. Consumers decide on their
own what to pay and businesses decide whether to accept or not. The
consumers can do the same by providing reviews and feedbacks and ideas
in the development of the businesses thereby crea ng value to the
business concerned.
Q.2) What is E-contract? Discuss E-contract Act 1872.
1) An e-contract (electronic contract) is an agreement that is created,
transmi ed, and executed digitally, recognized by law as valid and enforceable.
It involves electronic records such as emails, online forms, or digital signatures.
Here’s a breakdown of key points:
 Legal Recogni on: E-contracts are valid as long as they meet the legal
criteria for offers, acceptance, and considera on.
 Originator and Addressee:
o The originator is the person or system that sends the electronic
record. The addressee is the person or system receiving it.
o The electronic record is a ributed to the originator if it is sent by
them or their authorized agent.
 Acknowledgment of Receipt:
o This refers to the confirma on that an electronic record has been
received. It can be communicated through automated systems or
as agreed by the par es.
o In some cases, the record may not be considered sent un l it is
acknowledged by the addressee.
 Time and Place of Dispatch and Receipt:
o Dispatch occurs when the electronic record leaves the originator’s
system.
o Receipt happens when the record enters the addressee's
designated or actual receiving system.
2) The Indian Contract Act, 1872 governs all contracts in India, including e-
contracts. Though the act was created before the advent of electronic contracts,
its principles apply to e-contracts as well. Under this act:
 Offer, acceptance, and considera on are essen al elements for any
contract, including e-contracts.
 E-contracts are valid and enforceable as long as they meet the condi ons
set out in the Indian Contract Act, such as lawful object, free consent, and
capacity of par es.
Q.3) Write key IT requirements of SOX and HIPAA.
The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping
audi ng and financial regula ons for public companies
1) SOX (Sarbanes-Oxley Act):
 Data Accuracy and Integrity: SOX mandates that companies must ensure
the accuracy and integrity of their financial records, which includes
implemen ng IT controls to prevent unauthorized access, altera on, or
destruc on of financial data.
 Internal Controls and Audi ng: IT systems must have proper internal
controls to ensure that financial repor ng is transparent and auditable.
Regular audits of IT systems are required to verify compliance.
 Access Control: SOX requires strict access controls over systems
containing financial data, ensuring only authorized personnel can access
or modify cri cal financial informa on.
 Data Reten on: Companies must establish data reten on policies,
ensuring that electronic records related to financial transac ons are
securely stored for at least five years.
2) HIPAA Act
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law
that is adopted as United States legisla on that offers data privacy and security
protec ons for protec ng medical informa on. This Act has been implemented
by cybera acks on health insurers and providers, including several health data
breaches and ransomware a acks. On August 21, 1996, President Bill Clinton
signed the federal law.
 Privacy Rule: IT systems must ensure the confiden ality of Protected
Health Informa on (PHI), limi ng access to authorized individuals only.
 Security Rule: IT infrastructure must include administra ve, physical, and
technical safeguards to protect electronic PHI (ePHI) from breaches,
ensuring the integrity, confiden ality, and availability of the data.
 Data Encryp on: HIPAA requires sensi ve health data to be encrypted
during transmission and storage to prevent unauthorized access.
 Audit Controls: Organiza ons must implement systems to record and
examine ac vity in IT systems that store or transmit ePHI, allowing for
monitoring of access and use.
 Data Breach No fica on: In case of a data breach affec ng ePHI, HIPAA
mandates that affected individuals and authori es be no fied promptly,
along with steps taken to mi gate the impact.
Q.4) Explain the objec ves and features of IT ACT 2000
A legal framework proposed by the Indian Parliament, the Informa onal
Technology Act of 2000, is the primary legisla on in India dealing with
cybercrime and electronic commerce. It was formulated to ensure the lawful
conduct of digital transac ons and the reduc on of cybercrimes, on the basis of
the United Na ons Model Law on Electronic Commerce 1996 (UNCITRAL
Model).
The bill of this law was passed in the Budget by a group of Parliament members,
headed by the then Minister of Informa on Technology and signed by the
President on 9 May 2000. It finally came into effect on October 17.
The following are the main objec ves of the Informa on Technology Act of 2000
that you should know:
 Promote efficient delivery of government services electronically or
facilitate digital transac ons between firms and regular individuals
 Impose penal es upon cybercrimes like data the , iden ty the ,
cyberstalking and so on, in order to create a secure cyber landscape
 Formulate rules and regula ons that monitor the cyber ac vity and
electronic mediums of communica on and commerce
 Promote the expansion and foster innova on and entrepreneurship in the
Indian IT/ITES sector
The features of the IT ACT 2000 are:
 The provisions of this Act are implemented by the Central Government to
regulate electronic commerce and penalise cybercrime.
 The Act states the roles and responsibili es of intermediaries as well as
condi ons under which their liability can be exempted.
 The Informa on Technology Act is associated with CERT-In (Indian
Computer Emergency Response Team), a nodal agency that is responsible
for cybersecurity and cyber incident response.
 There have been 2 amendments associated with this Act, addressing the
technological advancements, implementability concerns and anomalies.
Q.5) Discuss about intellectual property aspect in cyber law.
The prolifera on of digital technology and the internet has transformed various
aspects of business, industry, and daily life. This transforma on has also given
rise to complex issues related to the protec on of Intellectual Property Rights
(IPR) in the digital realm. Intellectual Property (IP) encompasses crea ons of the
human mind, including inven ons, literary and ar s c works, and symbols used
in commerce. The rapid advancement in technology presents unique challenges
to tradi onal IP laws, which were not originally designed to address digital and
online environments.
Intellectual Property Rights
Intellectual Property refers to crea ons of the intellect for which exclusive rights
are recognized. The primary types of Intellectual Property include:
 Copyright: Protects original works of authorship such as books, music, and
so ware.
 Patents: Protects inven ons and innova ons that are novel, non-obvious,
and useful.
 Trademarks: Protects symbols, names, and slogans used to iden fy goods
or services.
 Design Rights: Protects the visual design of objects that are not purely
u litarian. Each of these IP rights serves to protect the creator's interests
and ensure that their crea ons are not used without permission.
With the advent of technology, the scope of intellectual property has expanded.
Digital technologies, including the internet, have facilitated the crea on,
distribu on, and consump on of intellectual property in ways that were
previously impossible. However, this has also led to new forms of infringement
and misuse, which tradi onal IP laws struggle to address adequately.
Q.6) Discuss about the legal framework for electronic data interchange law
rela ng to electronic banking.
1) The legal framework for Electronic Data Interchange (EDI) and electronic
banking focuses on ensuring the security, reliability, and legal
enforceability of digital transac ons. Below are the key points related to
this legal framework
2) EDI refers to the computer-to-computer transfer of commercial data in
standardized formats, facilita ng seamless business transac ons,
including electronic banking.
3) The UN defines EDI as a transfer method for commercial transac ons and
highlights the need for legal frameworks to standardize these digital
exchanges globally, par cularly for cross-border transac ons.
4) This approach involves crea ng detailed statutory and regulatory
frameworks. For example, Public Key Infrastructure (PKI) licensing
schemes are established to manage and verify the use of digital
signatures, ensuring trust and security in electronic banking.
5) Rather than building comprehensive legal frameworks, this approach
focuses on mee ng certain security criteria, allowing flexibility in how
organiza ons secure electronic transac ons. It ensures that essen al
security standards are maintained without being overly restric ve.
6) This approach facilitates the use of digital signatures in electronic banking
by establishing technical standards and prac ces. Digital signatures play a
crucial role in electronic banking, providing non-repudia on and data
authen ca on. Legal frameworks are designed to recognize digital
signatures as legally valid and enforceable.
Q.7) Explain PCI compliance.
PCI compliance is compliance with The Payment Card Industry Data Security
Standard (PCI DSS), a set of requirements intended to ensure that all companies
that process, store, or transmit credit card informa on maintain a secure
environment.
It was launched on September 7, 2006, to manage PCI security standards and
improve account security throughout the transac on process.
An independent body created by Visa, MasterCard, American Express, Discover,
and JCB, the PCI Security Standards Council (PCI SSC) administers and manages
the PCI DSS. Interes ngly, the payment brands and acquirers are responsible for
enforcing compliance, rather than the PCI SSC.
The PCI DSS is the cornerstone of the council, as it provides the necessary
framework for developing complete payment card data security systems &
processes that encompasses preven on, detec on, and appropriate reac on to
security incidents.
PCI Compliance standards mean that your systems are secure, and your
customers can trust you with their sensi ve payment card informa on; trust
leads to customer confidence and repeat customers.
PCI Compliance improves your reputa on with acquirers and payment brands
just the partners your business needs.
PCI Compliance is an ongoing process that aids in preven ng security breaches
and payment card data the in the present and in the future; PCI compliance
means you are contribu ng to a global payment card data security solu on.
Q.8) State any 10 sec ons with descrip on, penal es and implica ons of IT
ACT 2008 in detail.