96. Information Technology Act for HR – Emails, HRMS & Biometrics: Understanding Digital Systems Under the IT Act

Understanding IT Act Definitions Through an HR Lens

Before moving into application and decision-making, it is important to spend time on some of the definitions under the Information Technology Act. These are terms that are easy to overlook because they appear simple, but they carry practical implications for how HR works with technology in the workplace.

These definitions are not theoretical. They apply directly to the systems, tools, and communication methods that HR uses every day. When understood properly, they help HR practitioners strengthen how digital systems are used, how communication is framed, and how accountability is established.

The Concept of “Addressee” in Digital Communication

One of the first definitions to understand is the concept of the addressee. At a basic level, the addressee is the person to whom a message is intended to be delivered. While this sounds straightforward, it becomes significant when applied to digital communication, especially emails.

In most workplace emails, multiple recipients are included in the communication. However, not all of them serve the same purpose. The people listed in the “To” field are the intended recipients — the individuals expected to act on the communication or respond to it. Others may be included in copies purely for information.

This distinction becomes important from a legal perspective because emails are no longer treated as simple communication tools. They are considered electronic records and can be used as legal documents. When sending HR communications, notices, or instructions, identifying the correct addressee helps strengthen the clarity and validity of the communication.

For HR practitioners, this means consciously deciding who the communication is addressed to, rather than treating all recipients in the same way.

What Constitutes a Communication Device

Another important definition is that of a communication device. While the term may appear obvious, it is defined broadly.

Any device that can be used to send, receive, or transmit text, audio, video, images, or data is considered a communication device. This includes phones, tablets, and similar digital tools used in everyday work.

What this means in practice is that communication sent through these devices is not informal or outside the scope of regulation. Whether HR communicates through email, messaging platforms, or mobile devices, those communications form part of the digital record framework.

For HR, this expands the scope of responsibility beyond formal systems, requiring awareness of how communication happens across various devices.

Revisiting the Meaning of Computers and Systems

While the terms “computer”, “computer system”, and “computer network” are commonly understood, their practical scope is often underestimated in workplace contexts.

In addition to traditional computers, several other tools fall within this definition. Biometric systems, HR portals, VPN access systems, and shared drives all qualify as part of computer systems or networks. These are not standalone tools; they form part of a broader digital environment where data is captured, processed, and stored electronically.

This means that systems used by HR for attendance, records, and communication are not simply support tools. They are part of legally recognised digital infrastructure.

Understanding this helps HR practitioners recognise that actions carried out within these systems are part of regulated digital processes.

Understanding the Concept of Computer Resources

The term “computer resource” further expands what falls under the scope of technology. It includes software, databases, data, and networks — essentially all elements that support digital systems and processes.

These resources are what allow organisations to store and manage information, execute workflows, and support communication. From HR’s perspective, this includes employee data, documents, and records handled through digital platforms.

Recognising these elements as resources emphasises that they are not incidental to operations. They are integral to how the organisation functions, and therefore require controlled usage and careful handling.

Cybersecurity: Beyond Systems to Data Protection

Cybersecurity is another concept that most organisations are familiar with. Training sessions, awareness programmes, and discussions around cyber threats are common across workplaces.

However, it is important to understand what cybersecurity actually involves. At its core, cybersecurity means protecting not only the devices and systems being used, but also the information stored within them.

This includes:

• Computers and devices
• Networks and systems
• Data stored and processed within those systems

The responsibility therefore extends beyond protecting hardware. It also includes ensuring that information remains secure, unaltered, and accessible only to authorised individuals.

Cybersecurity Is Not Just an IT Responsibility

A common misconception is that cybersecurity is the responsibility of IT teams alone. While IT teams implement systems, controls, and infrastructure, the actual use of those systems lies with employees.

This is where HR plays a role.

Workplace systems are used by employees every day. How these systems are accessed, how credentials are used, and how communication takes place are all dictated by user behaviour. As a result, cybersecurity cannot be effectively maintained without aligning employee behaviour with system controls.

HR policies and practices influence that behaviour.

The Role of HR in Governing Digital Behaviour

Since digital systems are primarily used by employees, HR becomes responsible for ensuring that employee behaviour aligns with organisational expectations.

This includes:

• How systems are accessed
• How credentials are handled
• How communication tools are used
• How policies apply to digital behaviour

These expectations cannot remain limited to IT policy documents. They must be reflected within HR policies, practices, and daily functioning.

HR must ensure that employees understand not only how to use systems, but how to use them correctly.

Building Clarity Through Definitions

The purpose of understanding these definitions is not academic. It is practical.

When HR practitioners understand what constitutes an addressee, a communication device, a computer system, or a computer resource, they are better equipped to handle communication, manage systems, and guide employee behaviour.

This clarity reduces ambiguity. It ensures that actions taken within digital environments are deliberate rather than assumed.

Closing Perspective

The digital workplace operates through systems, but it is sustained through behaviour. While technology defines what is possible, it is the way people use that technology that determines outcomes.

For HR practitioners, this means moving beyond viewing technology as a separate function. It requires recognising that definitions under the IT Act directly influence how HR communicates, manages systems, and enforces policies.

Understanding these foundational concepts is the first step in building that alignment. Once these are clear, the next step is to ensure that everyday HR practices reflect the reality of operating in a digitally governed workplace.