In this article, Ashima Bhargava of Amity Law School, Lucknow put forth the legal actions which can be taken on data theft.
The rapid growth of information technology in this modern world is possessing great challenges before the law. One such challenge is the threat of ‘DATA THEFT’. It is a kind of an act which is defined as an illegal copying of any valuable data from an individual or any other organisation without his knowledge or consent.
Data is a very valuable asset. In today’s world, it is an important part of the call centres and the I.T. companies. It is a kind weapon or we can say a kind of a tool for the corporates to capture large market shares. Since data has become an important part of this new era, the responsibility of the I.T. industries has risen. They are always under a threat what will happen if their data is leaked because the companies spend millions of money to compile or buy data from the market. Their profit usually depends upon the security of such data.
Understanding data theft
The major issue regarding data theft is its international character. The data of the country is being leaked by the foreign countries and then there are a lot of manipulations and ultimately the consequences of such things are felt in India. Also, there are a lot of lack of coordination between the different agencies on how to tackle such situations. So here we need to find out whether there are any specific laws or any legal actions which need to be taken to prevent such activities. Does India have sufficient laws? In the Information Technology Act 2000, there are certain laws which deal with such crimes. Therefore , here we will be discussing the legal actions that can be taken if any such thing happens.
Legal actions to take on data theft
If we compare ourselves with any person who is very active in this day-to-day world of business and information technology, one thing always pops up in our mind that what will we do if our data is lost, if someone takes it through hacking or by using our wifi connections. Another question arises in our mind that how the law can help us cope with this kind of situation. What about any legal actions, if they can be taken? Does Indian law is competent enough to help us?
To begin with this, we do have specific laws by which we can proceed to the court for imposing the restrictions on any person who is responsible for the same. So, for now, I will be talking about the laws which are there to help us in punishing that particular person.
SECTION 43 OF THE INFORMATION TECHNOLOGY ACT, 2000 (Penalty and compensation for damage to the computer or the computer system)
If any person without the permission of the owner or the any other person who is the incharge of the computer, computer system or any computer network
- If he accesses or secures access to such computer, computer network or any computer system,
- If he downloads, copies or extracts data from any computer based information from any computer network,
- If he introduces or causes to introduce any computer contaminant, or a virus into a computer, computer system, or a computer network,
- If he damages the computer, computer system, or a computer network,
- If he disrupts or causes disruption of any computer, computer system, or a computer network,
- If he denies any person who has a right to access that computer, computer system, or a computer network,
- If he destroys, deletes any information from the computer to which he has no right to access,
He shall be liable to pay for damages by the way of compensation which would not exceed more than one crores rupees to the person who has heavily affected.
Section 66 of the Information Technology Act, 2000 (Computer-related offences)
Whoever intentionally or knowingly conceals, destroys, or alters or causes another, intentionally or knowingly to conceal, destroy or alter any computer source code for a computer, computer based programming, computer network, when the computer source code is required to be kept or maintained by law for the time being in force shall be punishable with imprisonment upto three years or with fine which may extend to two lakh rupees or with both.
If any person, dishonestly or fraudulently, does any act which is inconsistent with the provisions of section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both.
Section 75 of the Information Technology Act, 2000 (Act to apply for the offence committed outside India)
If an offence is committed outside India, irrespective of a person’s nationality, if the act or conduct constituting the offence involves computer located in India, the person shall be made liable.
Section 378 of the Indian Penal Code
Although the section deals with the movable property only and data is itself an intangible so it doesn’t come under theft but since the data is stored in the floppy, hard disk etc so such things act like a medium and medium is a movable property and if that medium is stolen, the person can be made liable for such act.
Data theft and misuse when offshoring data to India
As the number of companies is growing in India, they are becoming more centralized and using less expensive information, consequently, they are now turning to offshore outsourcing to fulfill many of their of their business and human resources processes. So in order to protect the companies from the becoming the victim of data theft, there are some preventive measures. In this wake of concern of data security and privacy in India, the NASSCOM (National Association of Softwares and Service Companies), one of the most recognized organisation in the Information Technology sector has put in several measures to control such data theft and misuse of the same. Like if a company has to deal with the data theft, they will file a complaint in the police station or the Cybercrime centres but what if the company believes that the police or the cybercrime centre does not possess such capacity to help the company then they will go to the CBI or the Central Board of Investigation, it is an independent body, autonomous body who has themselves trained the cybercrime units. They will look into the matter cautiously and come up with a value judgement. The company can also file a criminal complaint under the information technology act. Upon the receipt of the complaint, the controller of the certifying authorities investigates allegations and can order for the punishment of an offender under the provisions of the IT Act.
How to file a complaint on data theft
To file a complaint if data theft takes place, here are the following measures:
- First of all, for the cyber complaint, write an application to the head of the cyber cell.
- Provide the following things in the application:
- Email address
- Phone number
- In case of hacking or say Data theft, the following details are required for cyber cell complaint:
- Logs of the server
- A hard copy and soft copy of the defected page
- If the data of the defected site is compromised you will need a soft copy of the original data as well as the compromised data.
- Control mechanisms details of access in which you have to tell who has accessed your computer.
- If you have any doubt or you are feeling suspicious about anyone, then you have to provide the list of those suspicions.
- You can file a complaint from any of the cyber cells of the city or you can directly mail at their respective websites. Here is the complete information of the prominent cyber cells of the country. You can refer this link for the same.
How can companies prevent its employees or former employees to prevent them from committing data theft?
If the employees or the former employees of the company steals the data, the company has authority to punish them under section 66A of the Information Technology Act, 2005 which penalises or imprisons on those who commit computer related offences like damage to computer system or network or steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage.
Moreover, the provision of Non-Disclosure-Agreement is also one of the ways in which the company can stop its employees or former employees from stealing the data. By signing an NDA, the employees are legally by means of a contract bound not to disclose data and other relevant information of the companies to third parties outside the course of business.
These are the laws which are applicable in today’s era for the prevention of data theft. Though these laws have been made by the legislature there is no proper implementation of these laws. Neither the executory body nor the caretakers have taken these laws seriously. On the other hand, when we talk about the citizens, they are even hardly aware of these laws. This has lead to a lot of increasing cyber crimes including data theft in the I.T. sector. So it is the sheer need to make these people aware of these laws and direct the concerned authority for proper implementation and lodging proper complaints and providing justice to the victims. It is a common responsibility of the government and judiciary to seriously look into the laws and take strict actions if these laws are being violated in any form, be it by any person like the police officer, and common man, just anyone. Therefore in my article, I have just made an attempt to make the people aware of these legal actions that can be taken towards data theft.