In today's world, data has become Property
of every person.
Data includes personal data (name, age, date of birth etc.) and sensitive
personal data (passwords, financial information, health parameters etc.). In
this era of online surfing, shopping, trading etc., numerous companies collect
and process data for various purposes like analyzing & determining the cause of
problems, decision making. Such companies handling data needs to be cautious and
prevent any breach. Breach can be caused through negligent release of data in
the public domain or not having proper available measures to prevent computer
and /or data hacking.
Unauthorized third parties can use data for unlawful activities like
cyber-squatting, phishing, misusing personal information (identity theft).
Therefore, it is vital to protect data. Before, we delve into the question of
consequences of data breach, we shall look into few points on how to protect
data and obligations under law.
Secured IT Infrastructure:
This means using systems having secured network connection and strong anti-virus
software. Along with this, it is extremely important that the systems and
software are regularly updated, periodically tested with maintenance of audit
trail of all changes.
Compliance with Laws/ Rules & Regulations:
Data protection is governed by Information Technology Act, 2000 and Information
Technology (Reasonable Security Practices and Procedures and Sensitive Personal
Data of Information) Rules, 2011. The law requires that, before collecting and
processing data it is imperative of any company/ person to take the consent of
the data owner and inform the purpose of collecting the same. The law also
It is the obligation of a company to provide terms and condition and privacy
policy where it is expressly mentioned that the company shall collect, handle
and process data. Further, if the company transfers the data to any third party,
the same should be expressly captured in the policy.
Companies should enter into a Non-disclosure Agreement (NDA) where any personal
or sensitive personal information is disclosed. The company receiving the
information shall not disclose the information unless it is under statutory
obligation. Further, after the termination, the company receiving the
information should provide a certificate confirming destruction of the personal
data and ensure that the data is not in use.
Companies handling such personal and sensitive personal information should also
have agreement with its employees. The agreement must expressly mention that
employees have to maintain the privacy and confidentiality. Additionally, the
data must be safeguarded at the time of termination of the employment agreement.
Consequences of Data Breach:
Information and Technology Act, 2000 prescribes
punishments for breach of data & unauthorized use of data.
Companies possessing, handling, dealing & processing data have statutory duty to
protect data from breach. Where the company is negligent in doing so by not
maintaining proper security measures and causing gain to any person, such
company shall be liable to pay compensation to the affected individual/
Section 72 of the Information & Technology Act, 2000 prescribes the punishment
of maximum 2 years & penalty of Rs, 1,00,000/- for breach of data or
unauthorized use of data by any third party.
It is unlawful of a service provider performing under a contract to disclose any
private and confidential information without the consent of other party. The
punishment prescribed for such an act is imprisonment of 3 years or fine of Rs,
5,00,000 or both.
The Act also applies to person outside India operating through a computer system
or network in India.
Companies which protects data of its customers and have secured network
connections gains customer trust, increases finances and revenues, builds brand
value and good reputation in the market.
- Section 2 (1)(o) of Information Technology Act, 2000
- Rule 3 of Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data of Information) Rules, 2011.
- Section 43 A of Information Technology Act, 2000.
- Section 72 A of Information Technology Act, 2000.
Award Winning Article Is Written By: Ms.Jyotsna Jain
Authentication No: SP26210533397-18-920