Section 9 in The Information Technology (Procedure And Safeguard For Monitoring And Collecting Traffic Data Or Information) Rules, 2009
9. Prohibition of monitoring or collection of traffic data or information without authorisation
.-(1) Any person who, intentionally or knowingly, without authorisation under sub-rule (2) of rule 3 or sub -rule (1) of rule 4, monitors or collects traffic data or information, or attempts to monitor or collect traffic data or information, or authorises or assists any person to monitor or collect traffic data or information in the course of its occurrence or transmission at any place within India, shall be proceeded against, punished accordingly under the relevant provisions of the law for the time being in force.(2)The monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely: -(i)installation of computer resource or any equipment to be used with computer resource; or(ii)operation or maintenance of computer resource; or(iii)installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;(iv)accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or(v)accessing stored information from computer resource for the purpose of-(a)implementing information security practices in the computer resource;(b)determining any security breaches, computer contaminant or computer virus;(c)undertaking forensic of the concerned computer resource as a part of investigation or internal audit; or(vi)accessing or analysing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the servicesprovided by the intermediary.(3)The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions as specified under sub-rule (2).(4)The details of monitored or collected traffic data or information shall not be used or disclosed by intermediary or person in-charge of computer resource or any of its employees to any person other than the intended recipient of the said information under sub-rule (2) of rule 4. Any intermediary or its employees or person in-charge of computer resource who contravenes the provisions of this rule shall be proceeded against and punished accordingly under the relevant provisions of the Act or any other law for the time being in force.
