Steps taken in furtherance of Data Protection and Information Security
The main objective of the Information Technology Act, 2000 is to offer legal identification and recognition to transactions carried out by means of electronic statistics/ data exchange and other means of electronic communication, universally referred to as e-commerce, substituting paper-based methods of communication and depository of information to smooth the progress of electronic filing of documents with the Government bureaus. The Act, apart from India, has extra-territorial jurisdiction to swathe any offence or infringement or contravention committed outside India by any person.
The Act shall not apply to the following categories of operation: (a) Any Negotiable Instrument; (b) A Power of Attorney; (c) A Trust; (d) A will including any other testamentary disposition; (e) Any contract for the sale or conveyance of immovable property; and (f) Any other documents or transactions as may be decided by the Central Government.
The economic world of cyberspace at the beginning of the 21st century depends on mutual confidence: confidence on the part of the buyer and seller to conform to legitimate expectations. E-commerce has become an increasingly significant segment of the global economy. Including voluntary codes of conduct, the prerequisite of private adjudication for the resolution of disputes, escrow accounts, agreements between buyers, sellers and credit card companies, amongst others form a part of this rising global virtual economy.
Technology reduces and repeatedly may eliminate the need for physical contact in the formation of legally significant relationships between parties or between an actor and the state acting as regulatory valve.
JURISDICTION OVER CYBERSPACE
The Act prescribes the Central Government the authority to lay down the security procedure in relation to electronic records and Digital Signatures, making an allowance for the nature of the transaction, the rank of sophistication of the Parties with reference to their technological capacity, the degree of transactions and the procedures used in broad-spectrum used for similar types of transactions or communications. If any individual without the authorization of the owner, accesses the owner’s computer, computer system or computer net-work or downloads copies or any extract or introduces any computer virus or damages computer, computer system or computer net work data etc. He/she shall be accountable and liable to pay damage by way of compensation not exceeding Rupees One Crore to the individual so affected. The Act authorises any subscriber (i.e., a person in whose name the Digital Signature Certificate is issued) to authenticate electronic record by attaching his/her Digital Signature.
Fiddling with computer resource documents shall be punishable with imprisonment up to three years or fine up to Rs. 2 lakhs or with both. Correspondingly, hacking with computer system necessitates punishment with imprisonment up to three years or with fine upto Rs. 2 lakhs or with both.
Publishing of information/ particulars/ data, which is obscene in electronic form, shall be punishable with imprisonment up to five years or with fine up to Rs. 1 lakh and for second conviction with imprisonment up to ten years and with fine up to Rs. 2 lakhs.
DATA PROTECTION AND INFORMATION SECURITY
In view of recent apprehensions about the operating provisions in the IT Act related to “Data Protection and Privacy” in addition to contractual agreements between the parties the existing Sections (viz. 43, 65, 66 and 72A) have been revisited and more stringent provisions; amendments, have been incorporated in the Act. Notably amongst these are:
- Section 43(A) is associated to managing/handling of sensitive personal data or information with reasonable security practices and procedures. This section has been introduced to defend and protect sensitive personal data or information, dealt or handled by a body corporate in a computer resource which such company owns, is in command of or operates. If such body corporate is negligent in executing and maintaining reasonable security practices and procedures and in so doing causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the individual so affected.
- Section 72 IT ACT, 2000: If a person is found in ownership and possession of some confidential information like electronic record, book, register, correspondence and he is found disclosing it to any third party without the consent of the person concerned, then he shall be punished with imprisonment for a term which may be up to two years, or a fine which may extend to One Lakh rupees, or with both.
- Section 72A IT Act, 2000: If any person is liable to abide while providing services and under the terms of the contract, has attained access to any material containing personal information about another person, with the intent to cause wrongful loss or wrongful gain disclosed the information, without the person’s consent or in breach of a lawful contract, shall be punished with imprisonment for a term which may extend to two years or with fine which may extend to five lakh rupees or with both.