Data protection under Indian Law
Our constitution has provided the law relating to privacy under the scope of Article 21. Its interpretation is found insufficient to provide adequate protection to the data. In the year 2000, effort has been made by our legislature to embrace privacy issues relating to computer system under the purview of IT Act, 2000. This Act contains certain provisions which provide protection of stored data. In the year 2006, our legislature has also introduced a bill known as ‘The Personal Data Protection Bill’ so as to provide protection to the personal information of the person.
Under IT Act, 2000
Section 43
This section provides protection against unauthorized access of the computer system by imposing heavy penalty up to one crore. The unauthorized downloading, extraction and copying of data are also covered under the same penalty. Clause ‘c’ of this section imposes penalty for unauthorized introduction of computer viruses of contaminants. Clause ‘g’ provides penalties for assisting the unauthorized access.
Section 65
This section provides for computer source code. If anyone knowingly of intentionally conceals, destroys, alters or causes another to do as such shall have to suffer a penalty of imprisonment or fine up to 2 lakh rupees. Thus protection has been provided against tampering of computer source documents.
Section 66
Protection against hacking has been provided under this section. As per this section hacking is defined as any act with an intention to cause wrongful loss or damage to any person or with the knowledge that wrongful loss of damage will be caused to any person and information residing in a computer resource must be either destroyed, deleted, altered or its value and utility get diminished. This section imposes the penalty of imprisonment of three years or fine up to two lakh rupees or both on the hacker.
Section 70
This section provides protection to the data stored in the protected system. Protected systems are those computers, computer system or computer network to which the appropriate government, by issuing gazette information in the official gazette, declared it as a protected system. Any access or attempt to secure access of that system in contravention of the provision of this section will make the person accessed liable for punishment of imprisonment which may extend to ten years and shall also be liable to fine.
Section 72
This section provides protection against breach of confidentiality and privacy of the data. As per this, any person upon whom powers have been conferred under IT Act and allied rules to secure access to any electronic record, book, register, correspondence, information document of other material discloses it to any other person, shall be punished with imprisonment which may extend to two years or with fine which may extend to one lakh rupees or both.
Law of contract
These days’ companies are relying on the contract law as a useful means to protect their information. The corporate houses enters into several agreements with other companies, clients, agencies or partners to keep their information secured to the extent they want to secure it. Agreements such as ‘non circumvention and non-disclosure’ agreements, ‘user license’ agreements, ‘referral partner’ agreements etc. are entered into by them which contains confidentiality and privacy clauses and also arbitration clauses for the purpose of resolving the dispute if arises. These agreements help them in smooth running of business. BPO companies have implemented processes like BS 7799 and the ISO 17799 standards of information security management, which restrict the quantity of data that can be made available to employees of BPO and call centers.
Indian Penal code
It imposes punishment for the wrongs which were expected to occur till the last decade. But it failed to incorporate within itself the punishment for crimes related to data which has become the order of the day.
The Personal Data Protection Bill, 2006
Upon the footprints of the foreign laws, this bill has been introduced in the Rajya Sabha on December 8th 2006. The purpose of this bill is to provide protection of personal data and information of an individual collected for a particular purpose by one organization, and to prevent its usage by other organization for commercial or other purposes and entitle the individual to claim compensation or damages due to disclosure of personal data or information of any individual without his consent and for matters connected with the Act or incidental to the Act. Provisions contained in this Act are relating to nature of data to be obtained for the specific purpose and the quantum of data to be obtained for that purpose. Data controllers have been proposed to be appointed to look upon the matters relating to violation of the proposed Act.
Conclusion
On comparing the Indian law with the law of developed countries the proper requirement for the Indian law can be analyzed. Data are not of same utility and importance; it varies from one another on the basis of utility. So we require framing separate categories of data having different utility values, as the U.S have. Moreover the provisions of IT Act deal basically with extraction of data, destruction of data, etc. Companies cannot get full protection of data through that which ultimately forced them to enter into separate private contracts to keep their data secured. These contracts have the same enforceability as the general contract.
Despite the efforts being made for having a data protection law as a separate discipline, our legislature have left some lacuna in framing the bill of 2006. The bill has been drafted wholly on the structure of the UK Data Protection Act whereas today’s requirement is of a comprehensive Act. Thus it can be suggested that a compiled drafting on the basis of US laws relating to data protection would be more favourable to the today’ requirement.
Being one of the most concerned topics of discussion in the modern era, legislatures are required to frame more stringent and comprehensive law for the protection of data which requires a qualitative effort rather than quantitative.
Bibliography
Praveen Dalal, Data Protection Law in India
Asian School of Cyber Laws, study material on Diploma course of Cyber Laws.
http;//rajyasabha.nic.in/bills-ls-rs/2006/XCI_2006.pdf
https://164.100.24.208/ls/bills-ls-rs/2006/96_2006.pdf
https://www.niscair.res.in/ScienceCommunication/ResearchJournals/rejour/jipr/jipr2k6/jipr_mar06.asp
https://en.wikipedia.org/wiki/Data_Protection_Act
CAclubindia
