05 May 2016
On 19 January 2016, the Criminal Justice (Offences Relating to Information Systems) Bill 2016 (the Bill) was published. This will implement the EU Cyber Crime Directive in Ireland. The Bill provides for the introduction of tougher criminal sanctions; enhanced co-operation between competent authorities in EU Member States; and the creation of specific offences aimed at tackling cyber attacks on information systems.
‘Information system’ is given a broad definition in the Bill and includes a device involved in the processing of data and its associated data. The new offences include intentionally and without lawful authority:
Notably for corporates, where an offence is committed by a company and it is proven that it was committed with the consent of an officer of the company, both the company and the officer will be liable.
Maximum penalties of five years imprisonment may be imposed, with a lengthier sentence of up to ten years for the offence of interfering with an information system. If an offence involves identity theft, this will be taken into account as an aggravating factor in sentencing.
Gardaí may, on foot of search warrants, enter, examine, seize and retain anything found at a premises (including computers) which may reasonably form evidence of an offence. Gardaí may also require assistance from persons including the provision of passwords. Obstruction or attempted obstruction of Gardaí, failure to assist as required or the provision of a false name and/or address are all punishable by up to 12 months imprisonment.
The Bill may be amended as it progresses through the legislative process. In the meantime, businesses are likely to welcome a more aggressive approach to tackling cyber attacks and improved co-operation between Member States.