Data theft is defined in Section 43 (b) of the Information Technology Act, 2000 (IT Act) as follows: “If any person without permission of the owner or any other person who is in charge of a computer, computer system of computer network, downloads, copies or extracts any data, computer database or information from such computer, computer system or computer network. It is the term used when any information in the form of data is illegally copied or taken from a business or other individual without his knowledge or consent.”
In the era of information technology (IT), data is an important raw material for all businesses, including brick and mortar companies, business process outsourcing units, banking, media and IT companies. Data has become an important tool as well as a weapon for corporates to capture larger market share. Given its importance, data security has become a big concern for all businesses. Data theft and piracy are huge threats that are forcing companies to spend millions of rupees on data analytics. In many cases, the bottom-line of a business depends on the security of its data. A recent episode of the popular television series, Game of Thrones, had kindled a huge discussion on data theft. Let us look at some of the issues involved in data security
Mobility-related Issue: The problem with data theft is that it has no international borders. For example, a computer system may be accessed in the US, its data manipulated in China and the consequences of that action felt in India. The fact that cyber criminals can operate across different sovereignties, jurisdictions, laws and rules is an issue in itself. Collection of evidence, in such circumstances, is complex. It requires investigations to be conducted in three different countries which may not even be on talking terms with one another; poor technical know-how of our cops only adds to the woes. Lack of coordination between various investigating agencies and navigating the extradition process of various countries is another headache. The absence of specific laws to deal with the crime of data theft is, however, the biggest problem; it allows a culprit to get away by picking and choosing from various legal loopholes, even after being caught.
Our Data Protection Laws: Data theft has emerged as one of the major cyber crimes worldwide. India does not have specific laws to deal only with data protection, but we have the IT Act. Here are a few Sections of this Act that are significant.
Section 43 (b) of the IT Act provides protection against unauthorised downloading, copying, extracting information, data or a database, by imposing heavy civil compensation which could run into crores of rupees. Section 43 (c) provides for compensation in case of unauthorised introduction of computer viruses or other contaminants. Clause (i) provides compensation for destroying, deleting or altering any information residing on a computer or diminishing its value.
Data is an intangible asset whose value could run into millions of dollars, but Section 43 does not quantify the compensation to be paid. Hence, a complainant is dependent on the mercy of our courts and the intelligence of his lawyer.
Section 66 of the Act protects against data theft, while Section 72A deals with the punishment for disclosure of information in breach of a lawful contract. Both these Sections provide for a penalty that includes imprisonment of up to three years or fine of up to Rs5 lakh or both. In a recent judgement, Canara Bank Vs CS Shyam & Another, the Supreme Court (SC) held that service details of an employee also amount to ‘personal information’ and cannot be furnished even under the Right to Information Act. Similarly, in another case, it was held that an employer couldn’t use, or ask for, bank statements of an ex-employee. These two cases are an indicator of the rights of individuals, even before the recent SC upheld right to privacy as a fundamental right.
So, the next time you plan to copy or download data from the computers or network of your friends, clients, teachers or employers, please remember that your actions can put you behind bars for up to three years. And you could lose even more, if a compensation claim suit is also filed in a civil court. Corporates, as victims of data theft, have the option of filing both, a civil and criminal case, simultaneously with injunction remedies.