Laws concerning computer security in Sri Lanka

"Cyber security isn’t easy, but it comes down to three basic principles."

protect, detect and respond

What is the computer security

  Computer security is the safeguard put in place for computer systems to prevent unauthorized access, theft, or abuse of sensitive data. Many procedures are in place and are often used, mostly to secure computer systems and networks and stop any hostile activity.

The importance of computer security

  The secure processing and storage of sensitive information, such as medical records, financial data, and corporate data, is ensured by computer security. All parts of a computer system are kept discreet, secure, and readily available thanks to cyber security. Computer security is crucial for the following reasons:

• To safeguard personal data
• to safeguard organization assets
• In order to prevent data theft
• To stop malware and viruses
• Refraining from Unauthorized Access

How sri lanka act in this matter?

  The Computer Crimes Act No. 24 of 2007 provides for the identification of computer crimes and stipulates the procedure for the investigation and enforcement of such crimes. The Bill was presented in Parliament and debated on 23rd August 2005 and extensively revised by the Parliamentary Standing Committee "B". It became law in May 2007 and was approved by the Speaker of the House on July 9, 2007. Sri Lanka has become the first country in South Asia to become a state party to the Council of Europe Convention on Cybercrime. Sri Lanka's accession to the Budapest Cybercrime Convention was the fastest in the Council of Europe.Here we are gives you conclutions about two laws and key policies.
  Let's see them.

The Computer Crimes Act no. 24 of 2007

  The Computer Offences Act No. 24 of 2007 lays out the procedure for looking into and prosecuting such offences and makes it possible to find computer crimes. The Computer Crimes Act No. 24 of 2007's main goal is to make attempts at unauthorized access to a computer, computer program, data, or piece of information illegal. Regardless of whether the criminal has permission to access the computer, it also includes a clause to address unlawful computer usage.
  The Act would be applicable where:-

• While inside or outside of Sri Lanka, a person commits an offense under the Act.
• At the time of the incident, the computer, computer system, or information impacted by the conduct that violates this Act was either inside or outside of Sri Lanka.
• Sri Lanka was the location of the facility or service, such as a computer storage or information processing service, that was used to commit an offense under this Act.
• The state or a person residing in Sri Lanka or outside of Sri Lanka suffers the loss or damage as a result of the commission of an act prohibited by the Act.

  The Sri Lankan Computer Crime Act includes a wide variety of substantive offenses, which may be generally divided into the following two types of offenses.
  They include:

• Computer-related crimes (crimes including the use of computers as a tool for theft, fraud, etc.)
• Cybercrimes that compromise the availability, confidentiality, and integrity of a computer system or network (also includes the introduction of Viruses, worms etc)

The Electronic Transactions Act no. 19 of 2006

  The Model Law on Electronic Commerce (1996) and the Model Law on Electronic Signatures, both published by the United Nations Commission on International Trade Law (UNCITRAL), serve as the foundation for the Electronic Transactions Act No. 19 of 2006. (2001).
  The Act's goals are as follows:

• to make domestic and international electronic commerce easier by removing legal obstacles and creating legal certainty;
• to promote the use of trustworthy forms of electronic commerce;
• to make it easier to file documents electronically with the government and to encourage the effective provision of government services using trustworthy forms of electronic communications;
• to increase public confidence in the law. Due to this, electronic communication is now recognized as a legitimate form of communication on a formal and legal level (emphasis added)

Finally

  Major ICT legislation have been drafted with the assistance of ICTA, and significant policy reforms have been implemented to support e-transformation and ICT development. Institutional arrangements were also put in place, such as Sri Lanka CERT. Additionally, strategic alliances and collaborations positioned Sri Lanka's ICT growth on the global stage.
  Currently, the Government is pursuing a strategy based on the adoption of a private sector-inclusive data protection code of practice, with the potential for the code to be given statutory status through regulations issued under the 2003 Information and Communication Technology Act. As a result, this strategy might be viewed as a self- or co-regulatory strategy.