Compensation and Penalty in Case of Breach of Data Security under Various Laws

Data protection is an emerging issue. It is inter-related with various rights such as privacy, right to life, right to Internet etc. There is a boundary where the right of individuals over any information, personal in nature starts. Data protection extends to various information such as personal information, information relating to Governmental affairs, strategic details, and so on. Scattered legal protection exists in India. It is available under the following provisions –

Compensation under Indian Contract, 1872 and Specific Relief Act, 1963 on Breach of Contract (including breach of data protection)

Sr.No. Legislation Provision Ground of Grant of Compensation
1. Indian Contract Act,1872 Section 73 Compensation for any loss or damage caused by breach of contract by the other party
2. Specific Relief Act, 1963 Section 21 Compensation in addition or in lieu of specific performance of contract in case of breach of contract

Both Indian Contract Act, 1872 and Specific Relief Act, 1963 provide for compensation in case of breach of contract. They deal with contracts in general.

The following provisions grant compensation and fines in case of breach of data security. Who is liable under these provisions is discussed –

Compensation and Penalty in Case of Breach of Data Security under Various Laws

Sr.No. Statute Relevant Section From whom recoverable Act/Omission constituting breach
1. Information Technology Act,2000 43A Bodies corporate possessing, dealing with or handling any sensitive personal data or information in a computer resource owned, controlled or operated by it Negligence in implementing and maintaining reasonable security practices and procedures to protect sensitive personal data or information.
2. Credit Information Companies (Regulation) Act, 2005 30(2) Against a credit information company etc. in respect of loss caused to him On account of any such disclosure made by anyone of them and which is unauthorised or fraudulent or contrary to provisions of this Act, or practices or usages customary among them.
3. Payment and Settlement Systems Act, 2007 26(4) Person in the capacity of system provider Disclosure of any information prohibited under Section 22

 The introduction of data banks in computers posed a threat to individual privacy and required methods to control the misuse of the technology. The online privacy has gained momentum only after 1990s. The enactment of the Information Technology Act, 2000 was the result of the significant use of IT in various spheres of life. It was an effort to make the online transactions (financial etc.) and activities (emails etc.) safe by providing a framework of punishments.

Offences Concerning Data Breach and Compensation under Information Technology Act, 2000

Offence Who May be Made Liable Relevant Provision Amount of Compensation Which May be Awarded

(In Indian Rupees –INR)

Penalty and Compensation for damage to computer, computer system, etc Any person found guilty of expressed offences 43 to (e),(g), (i),(j) in particular relate with data protection 1,00,00,000
Compensation for failure to protect data by being negligent in implementing and maintaining reasonable security practices and procedures by : Body corporate

possessing, dealing or handling any sensitive personal data or information in a computer resource

43 A 5,00,00,000
causing wrongful loss or Causing wrongful gain to any person

Image from here

 

Bhumika Sharma

She is currently a Research Scholar, (PhD) at Himachal Pradesh University, Shimla. She finds peace in writing and researching on a variety of social issues. She believes in the power of education and awareness to deal with various problems.

Leave a Reply

Your email address will not be published. Required fields are marked *