David Stanton (Cork East, Fine Gael) | Oireachtas source

I thank the House for its public consideration of this legislation and the opportunity to take Committee and Remaining Stages of the Criminal Justice (Offences Relating to Information Systems) Bill today. It is a relatively short Bill but it is important legislation designed to counter cybercrime, in particular that involving information systems and their data, and the timeframe and offences and penalties for this kind of activity. I am pleased to recall that Senators generally welcomed and broadly supported this legislation on Second Stage, displaying a shared determination to combat cybercrime against communications and information infrastructure which is so vital to us all in the modern world.

I bring forward one Government amendment to the Bill, which is technical in nature, together with a number of minor consequential amendments. Therefore, I propose to take the three amendments together, dealing with the main amendment first and then outlining the consequential revisions.

The main amendment is No. 3 on the list of amendments and relates to section 9 which deals with the liability of corporate bodies for offences under the Bill and is designed to give effect to Article 10 of the EU directive on attacks against information systems which this Bill seeks to transpose. Following further consultation with the Office of the Attorney General, it has been found necessary to revise section 9 to ensure Article 10 is correctly provided for and fully transposed, in particular Article 10.2 which relates to the liability of a body corporate for the commission of an offence by a relevant person under its authority due to a lack of supervision or control by the body corporate.

Section 9(1) gives effect to Article 10.2 of the directive. Section 9(2) provides for a defence for a body corporate in respect of subsection 9(1) if it can prove that it took all reasonable steps and exercised all due diligence to avoid the commission of the offence. Section 9(3) clarifies that where an offence under the Act is committed by a body corporate, liability shall rest with the person acting on behalf of the corporate body as well as the corporate body itself. This is essentially the wording of the original section 9 which is being replaced by this new provision. Section 9(4)(a) preserves the common law doctrine on corporate criminal liability which the Attorney General's Office has advised encompasses obligations under Article 10.1 of the directive and is broader in scope. Hence, it is not considered necessary or desirable to legislate for the narrower provision in Article 10.1. Section 9(4)(b) provides that criminal proceedings may also be taken against perpetrators, inciters of or accessories to offences under the Act. Section 9(5) provides a definition of "relevant person", as referenced in subsection 9(1), and includes a definition of "subsidiary".

I will turn now briefly to the two small consequential amendments to the main amendment to section 9. The first consequential amendment is to section 1 which deals with interpretation, and involves including the offence created under subsection 9(1) in relation to bodies corporate, as outlined earlier, within the definition of "relevant offence" in section 1(1). This is necessary to ensure an offence under section 9(1) comes within the broader framework relating to relevant offences under the Bill. References to "relevant offence" have particular significance in relation to the operation of this legislation, such as in section 7 relating to search warrants, section 9(1) itself relating to relevant offences committed by a corporate body due to lack of supervision or control, and section 10 which deals with jurisdiction.