This article has been written by Manya Manjari, who is pursuing BBA LLB at the Indian Institute of Management, Rohtak. In this article, we will take a brief look at the major data protection laws, the purpose of protecting data, the extent to which our data is safe from the government when the government can interfere with the users’ data, and the recent amendments to the laws in India. The guidelines for data use and protection have also been discussed, along with how India is handling the rapid development of technology and what the proposed legislation targets.
This article has been published by Sneha Mahawar.
Table of Contents
Data protection safeguards sensitive data against loss, manipulation, and misuse. The Hon’ble Supreme Court of India established the right to privacy as a fundamental right under Article 21 of the Constitution of India as part of the right to life and personal liberty in the case of Justice K.S. Puttaswamy v. Union of India (2017), also called the “privacy judgement.” An aspect of the right to privacy known as “informational privacy” has been acknowledged. The court also observed that information about a person and the right to access that information also require the protection of privacy. There are several proposed bills for data protection and the contributions of the Bureau of Indian Standards on data privacy. The Information Technology Act, 2000 (IT Act) and Indian Contract Act, 1872 are currently the data protection legislation in India because there isn’t any special legislation for this matter yet.
Need for data protection laws
The legislation on data protection explains what must be done to make sure that private data is treated ethically and appropriately.
- Data protection laws control the gathering, use, transfer, and disclosure of personal information and the security of that information.
- It gives people access to their data, establishes accountability standards for businesses that process it, and includes redressals for improper or harmful processing.
- Data protection laws also provide remedies for false profiles and fraud that can also be made using stolen information.
- When information falls into the wrong hands, it can jeopardise people’s safety in various ways, including their economic security, physical safety, and personal integrity, so to protect the users from that exploitation, data protection laws are significant.
Need for data protection laws in India
- Millions of Indians use hundreds of applications daily, creating data trails that may be misused to create profiles, target advertisements, and forecast activity and trends.
- In India, the intersection of the different laws for different fields creates ambiguity and it is one of the primary reasons behind the breach of a large amount of data. There is not yet a single codified law in India that pays close attention to all the aspects of data protection and keeps a record for the penalties that should be imposed.
- Countless examples of nonexistent and malfunctioning grievance redressal mechanisms need to be quickly resurrected and reviewed. The enforcement mechanism frequently encounters a number of implementation issues while handling cases related to data breaches and cybersecurity.
- Since India is a nation-state, the data of the citizens is considered a national asset. Depending on India’s security and geopolitical objectives, this national asset may need to be protected and stored within national borders. That would include not only the corporates, but also Non- Governmental Organisations and governmental bodies.
- Despite India being a member to several international organisations that focus on data protection mechanisms like the United Nations Commission on International Trade and the provisions in Directive Principles of State Policies. Article 38 is related to the overall welfare of citizens. Privacy and data protection are essentially related to a welfare state. It also states in Article 51 that in order to create international peace and security, the State should work to promote adherence to treaty obligations and international law.
When can the government interfere with data
The users’ data must be maintained privately and in strict secrecy by any governmental or private institution, organisation, or agency. The government can, however, intercept, monitor, and decrypt information generated, transmitted, received, or stored in any computer resource under the exceptions mentioned in Section 69 of the Information Technology Act, 2000.
Section 69 of the Information Technology Act, 2000, provides that the government may demand the disclosure of any information in the public interest when it leads to illegal activities that compromise the national security, sovereignty, and integrity of India, the defence, the security of the state, its friendly relations, or public order when there are violations of the law or fraud.
The central government may request that any government agency or intermediary limit public access to any information created, sent, received, stored, or hosted on any computer resource under Section 69A for comparable reasons and grounds (as mentioned above). The term “intermediaries” would additionally mean search engines, online payment and auction sites, online marketplaces, and cyber cafés, and also cover telecom service, network service, Internet service, and web hosting providers. However, such requests for limiting access would have to be supported by written justifications.
The central government, for improving data security and for identifying, analysing, and preventing invasion or computer contamination in the nation, may, by notification in the Official Gazette, authenticate any institution of the government to supervise and gather traffic data or information generated, transmitted, or received over any computer resource. Section 69B grants the authority to track and acquire traffic data or information.
Information Technology Act, 2000
On October 17, 2000, the Information Technology Act of 2000 was passed. It is the main Indian legislation governing e-commerce and cybercrime issues. The legislation was passed to uplift e-governance, provide legal backing for online transactions, and fight cybercrime. The primary goal of the law is to facilitate legal and reliable digital, computerised, and online operations and lessen or eliminate cybercrimes.
The international organisation United Nations Commission On International Trade Law (UNCITRAL) adopted the UNCITRAL Model Law on Electronic commerce (E-commerce) ,1996 to bring legal consistency across several nations and it prompted the Government of India to enact legislation for India based on the guidelines provided in UNCITRAL, which was later revised and approved by the Ministry of Electronics and Information Technology and came to be known as the Information Technology Act of 2000. India became the twelfth nation to modify its cyber laws.
Scope of the Act
The Information Technology Act, 2000 is applicable all over India and also has extraterritorial jurisdiction, which applies to cybercrimes conducted outside India. If an Indian system or network is included, regardless of the offender’s country, it would be dealt with under the Act.
Objectives of the Act
- To give legal status to all operations conducted electronically, whether through data interchange, other electronic communication, or e-commerce, as compared to the previous paper-based manner of communication.
- To validate digital signatures as legal proof of any information or documents requiring legal verification.
- To enable the electronic submission of papers with government departments and agencies.
- To make electronic data storage easier in India.
- To approve and make it easier for banks and other financial organisations to transfer money electronically.
Salient features of the Act
The salient features of the Act are as follows:
- There are 94 Sections in the Act, divided into 13 Chapters and 4 Schedules.
- All smart contracts made over secure electronic means are legally validated under it.
- The Act keeps the required security precautions in check and a legal framework for digital signatures using cryptosystem was also added.
- Electronic records have been authenticated.
- There are also provisions for setting up a Cyber Regulations Advisory Committee to advise the Controller and the central government.
- The Act permits senior police officers and other officials to enter any public space and make arrests for offences covered by the Act without a warrant.
- Powers of attorney, negotiable instruments, wills, and other similar documents are not subject to the regulations contained in this Act.
- Finally, this act outlines the numerous cybercrimes and violations, defines them, and specifies the associated penalties.
- The IT Act of 2000 was amended by IT Amendment Act, 2008. As a result, all types of communication tools and computer resources were now included in the scope and ambit of the IT act 2000.
Amendments to the IT Act in 2008
The use of devices and the internet has rapidly increased, which has led to new types of crimes like sending offensive emails and messages, child pornography, cyberterrorism, posting overtly sexual online material, video voyeurism, information leakage by intermediaries, and e-commerce scams like data theft and cheating by false representation, also known as phishing. So, the Information Technology Act of 2000 was needed to incorporate punitive measures. Cybersecurity, data protection, and the adoption of security methods and processes relating to these uses of online means have taken on greater significance due to the rise of digital information services like e-governance, e-commerce, and e-transactions. Furthermore, safeguarding critical information infrastructure is essential for maintaining public health, safety, the economic and national security; as a result, it has become vital to designate such infrastructure as a safeguarded system to prevent illegal access.
Amendments in Definitions
- The word “Digital” has been changed to “Electronic” in the definition section, among other notable changes. As indicated above, this modification broadens the scope of the IT Act beyond digital media, making it more technologically neutral as the creation of an electronic signature does not need any particular technological procedure. It would clearly refer to only online transactions even if they were.
- A new definition has also been inserted for “intermediary.”
- The inclusion of “cell phones, personal digital assistants,” and other similar devices in the definition of “communication devices” defines its clear-cut applicability.
- Another crucial addition that will impact the new Data Protection regulations provided under the Information Technology Act, 2008 is the broad definition of “cyber security” which now includes safeguarding data and equipment from unauthorised access, usage, publication, etc.
Major amendments in legislation
Sending offensive information over a communication device through an online device is prohibited by Section 66A of the Information Technology (Amendment) Act, 2008. This includes dangerous and inappropriate messages as well as messages that are misleading or inaccurate but are transmitted with the intent to “cause irritation, discomfort, fear, hindrance, humiliation, harm, criminal intimidation, hostility, hatred, or ill will” even while the sender is aware of their falsity.
Section 67 and 67A
The vast volume of “obscene” content shared online has long gathered attention in India. So it should be no surprise that obscenity is forbidden offline and online in the nation. Section 67 and 67A of the IT Act, which forbids obscene and sexually explicit information, have proven to be crucial measures to control it.
The Central Government may restrict content under Section 69A of the IT (Amendment) Act, 2008, if it deems that any such content threatens the sovereignty, security, integrity, or defence of the state, public order, friendly relations with foreign states, or attempts to incite the commission of a crime related to any of those as mentioned earlier. An independent set of rules called “Information Technology Rules (Blocking of Access of Information by Public Rules), 2009” has been notified for the enforcement of Section 69A, and it is called the Blocking Rules.
Section 77A and 77B
According to Section 77A of the ITA, 2008, all offences under this Act—aside from those that carry a life sentence or a sentence of more than three years in prison, involve enhanced punishment, negatively impact the socioeconomic standing of the nation, or involve offences against women or minors under the age of 18—can now be combined into a single offence.
The intermediaries in India are subject to regulation under Section 79 of the Information Technology Act, 2008. This section gained notoriety primarily due to the notorious IT Rules, or Intermediary Guidelines Rules, created under the power of the central government to make rules under Sections 87(1) and 87(2)(zg).
A “safe harbour” feature in Section 79 of the Act exempts intermediaries from responsibility for the actions of third parties under certain circumstances. This provisional immunity is granted to intermediaries under Section 79(1) of the Act with respect to any information, data, or communication connection made available or hosted by them on behalf of a third party. For Example: If a person or bot puts up any illegal content on Facebook, Facebook by “safe harbour” provision would escape liability by claiming that they had no knowledge about such activities.
Sections 79(2) and 79(3) of the Act apply to these exemptions. Essentially, circumstances, where the intermediary engages in technological, automated, or passive activities, are covered by Section 79(2). In order for Section 79(2) to be applicable, intermediaries must not be aware of or in charge of the data being sent or stored.
Additionally, the “notice and takedown” system envisioned by Section 79(3)(b) mandates that the intermediary remove illegal information as soon as it has actual knowledge of its existence.
The tremendous growth in internet usage has, however, resulted in an uptick in criminality, including child pornography, cyberterrorism, publishing sexually explicit information online, and video voyeurism. So, these provisions were needed to be included in the Information Technology Act, 2000.
Development of data protection legislations in India
The Supreme Court of India has established the right to privacy and data protection as a fundamental right in the case of Justice K.S. Puttaswamy (Retd.) v. Union of India (2017), and the present legislative framework for privacy outlined in the Information Technology Rules, 2011 (IT Rules, 2011) which governs the “collecting, receiving, possessing, storing, dealing, handling, retaining, using, transferring, disclosing sensitive personal data or information, security practices and procedures for handling personal information”. However this provision is considered to be insufficient as it fails to address among other issues, the misuse of data collected from children, breaches of data by corporations outside India and the limited scope of the definition of sensitive data.
It was insufficient on four levels:
- First, the existing model assumed that privacy is a statutory right rather than a fundamental one and does not apply to the state’s processing of individual data.
- Second, it understood only a few data types that must be shielded.
- Third, it imposed few responsibilities on data controllers, which can also be waived by contract.
- Fourth, there were few punishments for the violators.
Personal Data Protection Bill, 2018
The Justice Srikrishna Committee, tasked by the Ministry of Electronics and Information Technology (MeitY) with drafting data protection legislation for India, came out with the initial proposal of the legislation, the Personal Data Protection Bill, 2018. The government enacted this plan and presented it in Lok Sabha, but it was sent for further modification for the following reasons:
- The new provision on data localisation may be the part that generated the greatest public controversy. The law mandates that data fiduciaries keep “at least one serving copy” of customer information on an Indian server or data centre. The only rationale for such a rule is to make it simple for law enforcement to get this information.
- This brings up the bill’s second issue: it permits the processing of personal data in the interests of state security if permitted and in accordance with legal procedure. It also allowed for the processing of personal data for the detection, investigation, and prosecution of any crime or other legal infraction. Given India’s inadequate laws prohibiting state monitoring, the state’s access to all personal data presents a serious danger to the right to privacy.
- Last but not least, the draft law established a regulatory framework that was not independent enough: the regulatory system was heavily under the influence of the central government and was susceptible to being captured by businesses. On the proposal of an independent commission, the proposed legislation granted the central government the right to nominate members of the data protection authority. Five years were a very little period for a new institution to learn the ropes and obtain the independence it needs to function as an efficient regulator, yet that is how long the appointment could last.
Personal Data Protection Bill, 2019
This was followed by the Personal Data Protection Bill, 2019, which was later withdrawn amid promises of a replacement measure that would adhere to India’s extensive legal system, keeping in mind the other 81 suggested modifications by the Joint Parliament Committee.
Data Protection Bill, 2021
The Data Protection Bill, 2021, was a single law put out by the committee that would cover both personal and non-personal datasets. The report’s recommendation to move toward total localization of data was under question. A data protection authority had also been suggested in the withdrawn bill. As it develops the framework for the cross-border transfer, accountability of entities processing data, and potential remedies for unauthorised and harmful processing, it had also recommended to explicitly stating the flow and usage of personal data as well as defending the rights of individuals for whom the personal data are processed.
Digital Personal Data Protection Bill (DPDP Bill, 2022)
Every digital processing of private information is now subject to the Digital Personal Data Protection Bill (DPDP Bill, 2022). This would cover both personally identifiable information gathered online and offline that has been converted to digital form for handling. This bill will affect the legal safeguards offered to customers of Indian start-ups doing business abroad, affecting their competitiveness. This viewpoint is further supported by the bill, which exempts the majority of its safeguards from applying to data fiduciaries in India who process personal data belonging to citizens of India. This draft is expected to be presented to the parliament for clearance in the upcoming session of the parliament in 2023.
Comparison of the Digital Personal Data Protection bill with previous bills
Territorial Implementation of the Bill
The territorial implementation of the law, is that the Bill also addresses handling personal data gathered by data controllers on Indian soil and used to provide products and services there. The previous laws were limited to India and had no provisions for any offence committed outside the territory of India.
Digital Personal Data Protection Bill 2022, which was released, to up to Rs 500 crore. The previous laws were limited to a maximum fine amount of Rs 250 crore. The government increased the fine amount for breaking the rules outlined in the new DPDP bill to make sure that the offenders comply strictly with the laws.
Right to be forgotten
Prior to this, the Union Government’s adjudicating officer had to authorise a request to be forgotten before the right could be used. The right to be forgotten for processing, which was previously restricted to disclosure, has been expanded according to the recommendations made in the Data Protection Bill, 2021.
Right to access data
According to the Srikrishna Report, a data fiduciary could enforce the substantive duties of a data fiduciary by exercising rights to confirmation and access. The PDP Bill incorporated the 2018 bill’s requirements while also granting the data principal the right to access all of the data fiduciaries with whom their personal data had been shared in one location. In accordance with the Data Protection Bill, 2021, the data subject has the option to choose a legal heir or legal representative as their nominee, who will be able to exercise their rights to confirmation and access as well as their right to be forgotten in the case of their passing.
Most data protection laws designate specific types of personal data as “sensitive personal data ” due to the higher risk of harm that may be caused by its unauthorised processing like biometric information, health information, genetic information, etc. So, clear consent will be required before processing, and data protection impact assessments are required, giving this personal data a higher level of safety as per the DPDP bill 2022. In PDP Bill, 2019, consent was made a significant part of the Act, and it even mentioned the provision for withdrawal. And before that in 2018 the JPC suggested a change in the consent as it had to be explicitly taken.
Regulation of Non-Personal Data
The DPDP Bill 2022 lays down the provision of laying down rules every year for the processing of non-personal data, whereas the PDP Bill, 2019 permits the central government to ask any data fiduciary to give the record for non-personal data. And the prior, PDP Bill, 2018 made no mention of this provision at all.
Bureau of Indian Standards on data privacy
A separate organisation that regulates data, the Bureau of Indian Standards (“BIS”), has released new standards for data privacy assurance, namely the IS 17428. BIS was established as a national standards authority. It is designed to give enterprises a privacy assurance foundation to set up, carry out, keep up with, and constantly enhance their data privacy management system. It is an accreditation that companies may use to reassure their clients and staff about their privacy policies. It can also be strategically employed to set a company apart from its rivals in the market to control standardisation, conformity evaluation, and quality control of both goods and services in India.
The Bureau of Indian Standards has published two Indian Standards, which are IS 17428- Data Privacy Assurance [Part 1] Engineering and Management Requirements and IS 17428- Data Privacy Assurance [Part 2] Engineering and Management Guidelines.
IS 17428: Data Privacy Assurance [Part 1] Engineering and Management Requirements
This part talks about the requirements of any organisation. For an organisation to properly define its role and obligations, the IS Requirements give fundamental definitions of “data controller,” “data processor,” “personal information,” “sensitive personal information, processing, consent,” etc., so that institutions can comply with them accordingly.
IS 17428: Data Privacy Assurance [Part 2] Engineering and Management Guidelines
It gives specific, suggesting approaches that help in carrying out these standards. It provides fundamental standards for technical design and information management and is lawful. The IS Guidelines offer in-depth advice on the methods and best practices to follow in order to comply with the IS requirements. The IS Guidelines additionally outline important facets to take into account for network infrastructure security and privacy.
Features of the new standards for data privacy
- During the development life cycle of any product, service, or solution, the business must consider specific technical and design criteria.
- The organisation’s privacy needs to consider the relevant jurisdiction, like verifying and testing the relevant data privacy control before and during development.
- Additionally, the company must set up certain privacy management procedures.
- Duties like- the types of personal data and outsourcing regulations; the types of private information and leasing regulations; describing its organisational structure, roles, and procedures for responsibility, communication, and governance;
- A list of such material and its flow- impose privacy regulations, determine the data retention duration and keep records of documentation and logs, create a technique for privacy effect assessments, create a grievance redressal framework that identifies the grievance officer, make their information public, and establishes processes for submitting and escalating complaints.
- Improve the knowledge of the organisation’s personnel who handle personal information.
Why India needs a new codified data protection law
- India has seen huge technological advancements and is at par with other countries, but it lags with definite and stringent laws which address all the recent changes in the way our data is handled. Over the last two decades, countries like the USA, China and many more have adopted new laws for data protection. India currently lags uniform legislation. The times require India to adopt new laws so that it can walk hand in hand with other countries.
- The current Information Technology Act, 2000 is moderately handling India’s data protection issues, yet it is not very strict as it falls short in implementing the provisions properly. Data Protection with strict implementation is currently a requirement of India.
- Spamming is also an issue that has recently taken prevalence where a user receives a large number of the same messages, repeatedly and clutters their inboxes. The USA and several European countries have laws punishing the sender of these spams but India has no mention of it. Laws addressing recently arising problems are the need of the hour.
- Online transactions also need to be addressed specifically, as it is currently being regulated by RBI norms, which should be addressed by relevant laws, which necessitates new laws on data protection in India even more.
- Technology is outdated even before it is introduced, and it stands corrected in the situation India is in right now. There are several provisions like online banking, publication rules, cyber defamation, cyber terrorism, cryptocurrency and NFTs that are in dire need of being addressed by proper legislation so that issues related to them can be resolved.
State of Tamil Nadu v. Suhas Katti (2004)
In the case of State of Tamil Nadu v. Suhas Katti (2004), the victim filed a complaint under Sections 67 of the IT Act and 469 and 509 of the Indian Penal Code, 1860. In order to humiliate the woman, the accused posted pornographic remarks about the victim in a number of groups. In order to harm her reputation, he also disclosed her mobile number and opened a fraudulent account in her name. According to the aforementioned Sections, the court found the accused guilty.
This case is significant because it encouraged citizens all around the nation to come forward and report incidents of online abuse.
Amar Singh v. Union of India (2011)
The petitioner in this case of Amar Singh v. Union of India (2011) claimed that his telecom service provider had secretly recorded his calls. According to him, the alleged monitoring violated his basic right to privacy under Article 21 of the Indian Constitution. The service provider said that it was carrying out the directives of the authorities (the government of NCT). In light of Sections 69, 69A, and 69B of the IT Act, 2000, this case is significant. The Court noted that a telecom service provider carries out a public-facing activity. It has a natural need to behave sensibly and responsibly. Additionally, it was held by the court that the service provider must confirm the legitimacy of any government orders “to tap phones” when they include serious errors. In order to avoid unlawful call interception, the court further ordered the central government to establish specific directives and rules.
Shreya Singhal v. Union of India (2015)
In the landmark case of Shreya Singhal v. Union of India (2015), two ladies were held by the police for reportedly making inappropriate and disrespectful remarks on Facebook over the appropriateness of announcing a bandh in Mumbai following the passing of a political leader.
According to Section 66A of the Information Technology Act of 2000 (ITA), the police could make the arrest of a person if that information was sent through a computer resource or communication device with the intent to cause “annoyance, inconvenience, danger, insult, injury, hatred, or ill will.”
The entire Section 66A was declared unconstitutional by the Supreme Court of India on the grounds that its intended protection against annoyance, inconvenience, danger, obstruction, insult, injury, and criminal intimidation went beyond the bounds of reasonable restrictions under Article 19(2) of the Indian Constitution.
Justice K.S. Puttaswamy (Retd) v. Union of India (2017)
The nine-judge bench of the Supreme Court of India in the case of Justice K.S. Puttaswamy (Retd) v. Union of India (2017) upholds the right to privacy as a right which is protected by the Constitution of India. According to this case, the government’s plan for a standard biometric identity that would be needed for accessing government services and benefits was contested in the suit, which was initiated by retired Judge K.S. Puttaswamy. The government made the claim that the Constitution did not specifically guarantee the right to privacy. As stated by the court, privacy is a basic right or freedom protected by Article 21, which states that “No person shall be deprived of his life or personal liberty except according to procedure established by law.”
Praveen Arimbrathodiyil v. Union of India (2021)
The Union Government published a set of regulations in 2021. Using the authority granted to it by Section 87 of the IT Act of 2000, the Information Technology (Intermediaries Guidelines) Rules, 2011, are replaced by these regulations. The government aims to control internet streaming services, social media intermediaries, and digital news outlets through these regulations. According to these regulations, social media intermediaries must adhere to the laid down internal grievance redressal process. In circumstances of significant offences, these intermediaries are also compelled to provide the government with the details of the person who sent the offensive communication. Under the guidelines, intermediaries who violate them forfeit the protection granted to them by Section 79 of the IT Act.
As stated in the guidelines, intermediaries who violate them forfeit the protection granted to them by Section 79 of the IT Act. The regulations also mandate that the digital news media establish an internal grievance redressal system and adhere to an ethical code of conduct. In this case, several companies, including WhatsApp, Quint, LiveLaw, and the Foundation for Independent Journalists, have contested these regulations. The outcomes of the judgement will impact the future direction of Indian law in information technology, for which the petition is currently pending before the Supreme Court for listing.
The year 2021 marked a turning point for the nation regarding privacy and data protection. There were many legislative and executive measures requirements in response to the urgent need for comprehensive data protection laws. It is undeniable that India has a long way to go before determining what will work best for a nation such as ours, particularly where data privacy is not well recognised. However, India has tried and continues to make several attempts to give these laws and regulations legislative authority. However, it is significant to inform individuals about data privacy, rights, and framework and bring about relevant provisions for the governance of the same.
Frequently Asked Questions (FAQs)
Where is the IT Act 2000 not applicable?
The IT Act 2000 does not apply to the implementation of a power of attorney, the establishment of a trust, the implementation of a will, the sale or transfer of a real estate or any interest, as well as any other type of document execution or transaction that the government may list in the Official Gazette.
What is the current scenario of the Data Protection Bill?
The Data Protection Bill was recently inviting suggestions from users in India and the Ministry of Electronics and Information Technology (MeitY) is working on the draft to make this bill a panacea for all the matters relating to Data Protection in India. It is also expected to be presented in the following budget session of the 2023 session of Parliament.
What restrictions does the Information Technology Act have?
Currently, numerous types of cybercrimes, including cyberstalking, cyber fraud, chat room abuse, theft of internet time, and others, are not covered by this Act. The IT Act of 2000 does not address privacy or content control, which is crucial given the dangers the internet presents.
What is the Digital Personal Data Protection Bill 2022?
The DPDP, or Digital Personal Data Protection Bill, is the latest proposed bill, which contains all the suggested amendments and also addresses several provisions that were not added before. It has not yet been approved, but it is said to be significant legislation that addresses recent technological developments.
- https://articles.manupatra.com/article-details/Information-Technology-amendment-Act -2008-An-Overview
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: