Chapter-IV to VIII-No comments

CHAPTER-IX: PENALTIES AND ADJUDICATION

Section 43(1): Section 43(1), as per the committee, covers two issues relating to “Data Protection and Privacy”: (1) unauthorized access to a computer system, (2) unauthorized downloading/copying of data. The other sections that deal with the “Data Protection and Privacy” are Section 65, Section 66, and Section 72 of IT Act 2000.

It is interesting to note that the “overall scheme” of the sections dealing with contraventions, offences and compounding of the offences shows the “concern” of the Committee to make IT Act a “tiger without teeth”. Firstly, there is a difference between the expressions “penalty” and “compensation”. The former is definitely more deterrent. It seems the Committee was already under the impression that the penal provisions of the Act must be eliminated completely. This exercise will never guarantee a sound electronic commerce and electronic governance. The Act will be a “safe harbour” for the criminals and given the nature of the Internet, India will be a favourite place for all cyber crimes and contraventions. In short, the IT Act will become “impotent” and loose it “deterrent effect” if these recommendations are accepted.

The “overall penal scheme” should not be changed and the deterrent aspect must be kept alive. It is the most precarious amendment that has been suggested. It would be better to scrap off the IT Act instead as that would be a better option in these circumstances.

Section 43(2): This section has been added to ensure reasonable security practices and procedures for sensitive information by any body corporate.

Section 43(2) read: If any body corporate, that owns or handles sensitive personal data or information in a computer resource that it owns or operates, is found to have been negligent in implementing and maintaining reasonable security practices and procedures, it shall be liable to pay damages by way of compensation not exceeding Rs. 1 crore to the person so affected.

The explanations to the section read:

Explanation- For the purposes of this section-

(oi) “body corporate” means any company and includes a firm or other association of individuals engaged in commercial or professional activities.
(v) “Reasonable security practices and procedures” means, in the absence of a contract between the parties or any special law for this purpose, such security practices and procedures as appropriate to the nature of the information to protect that information from unauthorized access, damage, use, modification, disclosure or impairment, as may be prescribed by the Central Government in consultation with the self-regulatory bodies of the industry, if any.

(vi) “Sensitive personal data or information” means such personal information, which is prescribed as “sensitive” by the Central Government in consultation with the self-regulatory bodies of the industry, if any.

(vii) “Without the permission of the owner” shall include access to information that exceeds the level of authorized permission to access.

These proposed amendments in section 43(2) are “superfluous” rather than serving any purpose. It seems they have been included to provide a “psychological boost” to the “uncertainties and anxiety” of the MNCs shown from time to time. It must be appreciated that it is not enactment but enforcement of law that is important. By restricting the powers of the enforcement agencies, the proposed penal scheme of the Act is a “remedy worst than malady”.

Section 46(1): The words “under this Chapter” have been deleted to handle contraventions under section 72.

This is again an absurd recommendation. First of all there was no need to mix the applicability of two Chapters involved. The answer to this can be found in the zeal of the Committee to ‘repeal” the penal scheme of the Act. For instance, the proposed section 80A, dealing with compounding of certain offenses, empowers the adjudicating officer to compound the offences. It is interesting to note that though the title of section 80A suggests “certain offences” but it deals with “all offences” under the Act. Thus, an adjudicating officer can compound all contraventions (u/s 44A) and offences (u/s 80A) under the Act. It seems the “sense of humour” has been added to the Act in the form of these sections.

Praveen Dalal
Cyber Law Consultant and Advocate
Delhi High Court
Tele: 9899169611