File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Practical Aspects of Data Protection in India

In today's world, data has become Property of every person. Data[1] includes personal data (name, age, date of birth etc.) and sensitive personal data[2] (passwords, financial information, health parameters etc.). In this era of online surfing, shopping, trading etc., numerous companies collect and process data for various purposes like analyzing & determining the cause of problems, decision making. Such companies handling data needs to be cautious and prevent any breach. Breach can be caused through negligent release of data in the public domain or not having proper available measures to prevent computer and /or data hacking.

Unauthorized third parties can use data for unlawful activities like cyber-squatting, phishing, misusing personal information (identity theft). Therefore, it is vital to protect data. Before, we delve into the question of consequences of data breach, we shall look into few points on how to protect data and obligations under law.

Secured IT Infrastructure:

This means using systems having secured network connection and strong anti-virus software. Along with this, it is extremely important that the systems and software are regularly updated, periodically tested with maintenance of audit trail of all changes.

Compliance with Laws/ Rules & Regulations:

Data protection is governed by Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011. The law requires that, before collecting and processing data it is imperative of any company/ person to take the consent of the data owner and inform the purpose of collecting the same. The law also requires that a company shall provide a privacy policy to its customers.

It is the obligation of a company to provide terms and condition and privacy policy where it is expressly mentioned that the company shall collect, handle and process data. Further, if the company transfers the data to any third party, the same should be expressly captured in the policy.

Companies should enter into a Non-disclosure Agreement (NDA) where any personal or sensitive personal information is disclosed. The company receiving the information shall not disclose the information unless it is under statutory obligation. Further, after the termination, the company receiving the information should provide a certificate confirming destruction of the personal data and ensure that the data is not in use.

Companies handling such personal and sensitive personal information should also have agreement with its employees. The agreement must expressly mention that employees have to maintain the privacy and confidentiality. Additionally, the data must be safeguarded at the time of termination of the employment agreement.

Consequences of Data Breach:

Information and Technology Act, 2000 prescribes punishments for breach of data & unauthorized use of data.[3]

Companies possessing, handling, dealing & processing data have statutory duty to protect data from breach. Where the company is negligent in doing so by not maintaining proper security measures and causing gain to any person, such company shall be liable to pay compensation to the affected individual/ customer.

Section 72 of the Information & Technology Act, 2000 prescribes the punishment of maximum 2 years & penalty of Rs, 1,00,000/- for breach of data or unauthorized use of data by any third party.

It is unlawful of a service provider performing under a contract to disclose any private and confidential information without the consent of other party. The punishment prescribed for such an act is imprisonment of 3 years or fine of Rs, 5,00,000 or both.[4]

The Act also applies to person outside India operating through a computer system or network in India.

Companies which protects data of its customers and have secured network connections gains customer trust, increases finances and revenues, builds brand value and good reputation in the market.

  1. Section 2 (1)(o) of Information Technology Act, 2000
  2. Rule 3 of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011.
  3. Section 43 A of Information Technology Act, 2000.
  4. Section 72 A of Information Technology Act, 2000.

    Award Winning Article Is Written By:�Ms.Jyotsna Jain

    Awarded certificate of Excellence
    Authentication No: SP26210533397-18-920

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly