Corporate criminal liability: the case of Baazee.com

Corporate criminal liability is an important item on the agenda of legislators and legal practitioners, yet it has not been defined under any statute, rule or regulation in India. In general terms, it refers to the imposition of criminal liability on a company or its employees for an illegal act. The Indian law on corporate criminal liability is not confined to the general criminal law under the Indian Penal Code (IPC), 1860, but is scattered across several statutes, including the Negotiable Instruments Act, 1881, and the Information Technology (IT) Act, 2000.

Broadly speaking, the IT Act categorizes cyber crimes in three groups. The first category includes wrongs such as damage to computers and computer systems. These acts or omissions are not subject to criminalization and mens rea (criminal intent) does not apply; but they are subject to the liability principle, attracting penalties in the form of fines. The second category covers tampering with computer source documents and hacking, in which mens rea is an integral part of the offence. The third category deals with acts or omissions such as breach of confidentiality and privacy, which incur criminal liability under the vicarious liability principle.

The IT Act requires all Indian companies to have an IT security policy which covers a range of areas including the role and responsibility of employees, security parameters, authorized data access and retention and authentication of electronic records. Further, both a company and its officials can be made liable for contravention of the provisions.

Priti Suri is the proprietor of PSA where Neeraj Dubey is an associate.