Author - Associate Nupur Mehrotra
Data protection laws can be defined as the privacy laws, rules and the policies that ensure that the one's private data is completely protected and there is a reduction in crimes. Private data can be defined as the information which gives identity to the particular person which is usually taken by various government and private organizations.
Under the Indian constitution, the right to privacy was not included in the fundamental rights. But, recently after the landmark judgment of Justice K.S. Puttaswamy vs Union of India the Supreme court has declared the right to privacy as the fundamental right. This was the result of the petition that had challenged the constitutional validity of Indian biometric identity scheme Aadhar. Nine judges declared ‘‘The right to privacy is protected as an intrinsic part of the right to life and personal liberty under the Article 21 and as a part of the freedoms guaranteed by part iii of the constitution''. India does not have any particular law for data protection or data privacy. Although, the laws under the Indian Contract Act, 1872 and Information Technology Act, 2000 deal with data protection.
Information Technology Act, 2000 is involved with the issued relating to the payment of compensation and also with the punishment for the fault of disclosing and misusing one's private data and information without the knowledge of the person. Section 43A of the IT Act 2000 states‘‘ a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected''. The maximum amount of compensation that can be taken from the person is not defined. Information Technology Rules, 2011 notified by the government relates to only ‘Sensitive personal data or information of a person', and this consists of the passwords, financial information relating to the bank account, credit or debit card and also the other ways of payments, biometric information, medical records and history of the person, sexual orientation and finally the physical, physiological and conditions of mental health. If the person dealing with such information fails to maintain security and privacy he/she will be held liable to pay damages to the person. Section 72 A deals if IT Act 2000 states ‘‘ disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract has been also made punishable with imprisonment for a term extending to three years and fine extending to Rs 5,00,000''
Grounds on which the government can interfere with data
Section 69 of IT Act states ‘‘any person, authorised by the Government or any of its officer specially authorised by the Government, if satisfied that it is necessary or expedient so to do in the interest of sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, for reasons to be recorded in writing, by order, can direct any agency of the Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource''. For the safety purpose, the government has blocked various sites.
Penalty for damage to the computer, computer systems, etc., under the IT Act 2000
Section 43 of the IT Act 2000, deals with the penalty regarding the damage to the computer system, etc. and it does not state any maximum amount for the penalty. Section 43 states the following acts attracting penalty-
1. Accesses or secures access to such computer, computer system or computer network;
2. Downloads, copies or extracts any data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
3. Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
4. Damages or causes to be damaged any computer, computer system or computer network, data, computer database or any other programs residing in such computer, computer system or computer network;
5. Disrupts or causes disruption to any computer, computer system or computer network;
6. Denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
7. Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
8. Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
9. Steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage.
If any of the above-mentioned Act in Section 43 is committed than the person has to pay the penalty.
As there is a lot advancement in the information technology and other new digital sources it has become very necessary to make exclusive laws for data protection and ensure that all the organizations comply with those laws to safeguard the private information so that troubles are avoided.