Data Theft rules and regulations: Things you should know (Pt.2) Website : www.faidepro.com Address : 417- Accurate Square, Tagore Road, Rajkot, India - 360002 E- Mail : [email protected] Mobile No : +919510395794
Data Theft rules and regulations: Things you should know (Pt.2)
Apr 29, 2021
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Data Theft rules and regulations: Things you should
know (Pt.2)
Website : www.faidepro.comAddress : 417- Accurate Square, Tagore Road,
Rajkot, India - 360002E- Mail : [email protected] No : +919510395794
8. Personal Data Protection Bill (PDPB) (India)
❏ On July 27, 2018, the national government’s “Srikrishna Committee” released its long-awaited draught legislation for a new Personal Data Protection Bill (PDPB).
❏ The proposed mechanism aims to control how government and private entities (data fiduciaries) in India and abroad process personal data of individuals (data principals). It also explains how to gather, process, and store data.
Is India’s legal system adequate?❏ The problem of data theft, which has emerged as one of the
most significant cybercrimes in the world, has received little attention from Indian legislators.
❏ Unlike the United Kingdom, which has the Data Protection Act of 1984, India lacks clear legislation to address this issue, despite having the Information Technology Act of 2000 to address the ever-growing threat of cybercrime, including data theft.
❏ The reality is that our Information Technology Act of 2000 is woefully inadequate to combat such crimes. The various provisions of the Information Technology Act of 2000 that deal with the issue to some degrees are discussed briefly below.
Is India’s legal system adequate?➢ Section 43
❏ This section protects computer systems from destruction and unauthorised access by enforcing a heavy penalty of up to one crore. This section also covers the illegal uploading, retrieval, and copying of data.
❏ This section’s clause ‘C’ imposes a penalty for the unintended introduction of computer viruses or pollutants. Clause ‘G’ outlines the consequences of assisting unauthorised entry.
Is India’s legal system adequate?➢ Section 65
❏ This section contains the source code for computers. Anyone who knowingly or intentionally conceals, kills, alters, or allows another to do so faces a sentence of up to 3 years in prison or a fine of up to 2 lakh rupees. As a result, electronic source records have been shielded from tampering.
Is India’s legal system adequate?➢ Section 66
❏ This section has been designed to protect against hacking. According to this section, hacking is described as any act committed with the purpose to cause wrongful loss or damage to another individual, or with the knowledge that wrongful loss or damage would be caused to another person, and information stored in a computer resource must be destroyed, erased, changed, or its value and usefulness diminished.
❏ The hacker faces a sentence of up to three years in prison or a fine of up to two lakh rupees, or both, under this clause.
Is India’s legal system adequate?➢ Section 70
❏ This section safeguards the information stored on the secured system. Safe devices are computers, computer systems, or computer networks that have been designated as such by the appropriate government by the publication of gazette information in the official gazette.
❏ Any access to that system, or any attempt to secure access to that system, in violation of the provisions of this section, would subject the person accessed to a penalty of up to ten years in prison and a fine.
Is India’s legal system adequate?➢ Section 72
❏ This segment protects against data breaches in terms of confidentiality and privacy. According to this, anyone who has been given powers under the IT Act and related rules to secure access to any electronic record, book, log, correspondence, information paper, or other material and then discloses it to another person is punishable by up to two years in prison or a fine of up to one lakh rupees, or both.
9. Notifiable Data Breach (NDB) (Australia)❏ On February 22, 2018, the Notifiable Data Breach
(NDB) Scheme, which is part of Australia’s Privacy Act and contains 13 guidelines about organisations’ responsibility for personal data management, went into effect.
❏ Companies that manage personal data, such as bank account information or medical records, must report data breaches to the Office of the Australian
10. Administrative Data Security Measures (China)❏ China’s Cyberspace Administration (the “Measures”)
issued a draught of its Data Security Administrative Measures (the “Measures”) for public consultation on May 28, 2019. As a result, China has entered the list of countries calling for tighter data security laws around the world.
❏ The Measures add to China’s Cybersecurity Law, which went into force on June 1, 2017, by establishing strict and comprehensive rules for network operators who collect, store, distribute, process, and use data on Chinese soil.
10. Administrative Data Security Measures (China)❏ Network operators who collect confidential personal
information or critical data for the purpose of conducting business must register with the cyberspace administrative departments.
❏ The Personal Information Protection Specification was released in March 2018, and it included comprehensive guidelines for data processing enforcement.
❏ The Initiatives are structured to include legally binding technical standards and best practices in the field of data protection.
Is Data Theft protected by the IPC?➢ The Indian Penal Code, Section 378, describes ‘theft’
as follows:
❏ Theft — Someone who moves movable property out of the hands of another person without that person’s permission with the intent of taking that property dishonestly is said to be committing theft.
Is Data Theft protected by the IPC?➢ Movable property is described as follows in Section 22 of the I.P.C.,
1860:
❏ Land and objects attached to the earth or permanently fastened to something attached to the earth are excluded from the definition of movable property.
❏ Data is not protected under the concept of “theft” since Section 378 I.P.C. only applies to movable property, i.e., corporeal property, and data is intangible. However, if Data is stored on a movable medium (CD, floppy disc, etc.) and the medium is stolen, the theft is protected under the concept of ‘theft.’ However, if Data is distributed electronically, rather than intangibly, it is not considered fraud under the IPC.
Is Data Theft protected by the IPC?➢ Movable property is described as follows in Section 22 of the I.P.C.,
1860:
❏ Land and objects attached to the earth or permanently fastened to something attached to the earth are excluded from the definition of movable property.
❏ Data is not protected under the concept of “theft” since Section 378 I.P.C. only applies to movable property, i.e., corporeal property, and data is intangible. However, if Data is stored on a movable medium (CD, floppy disc, etc.) and the medium is stolen, the theft is protected under the concept of ‘theft.’ However, if Data is distributed electronically, rather than intangibly, it is not considered fraud under the IPC.
Is Data Theft protected by the IPC?➢ Movable property is described as follows in Section 22 of the I.P.C.,
1860:
❏ Data, in its intangible nature, can be compared to electricity at best. In the case of Avtar Singh vs. State of Punjab, the Hon’ble Supreme Court was asked if electricity could be stolen (AIR 1965 SC 666).
❏ However, when Section 39 of the Electricity Act made Section 378 of the IPC applicable to electricity, it became explicitly protected under the scope of Theft.
❏ As a result, it is critical that a clause similar to that found in the Electricity Act be incorporated into the IT Act of 2000, extending the scope of section 378 IPC to data theft in particular.
Summary❏ In today’s world, it is important for an emerging IT superpower like
India to have robust legislation in place to protect its burgeoning IT and BPO industries (the worst-affected industries) from such crimes.
❏ Web Development Company are aware of these laws and legislations. Kindly check out for help. Though the IT Act appears to be adequate in this regard, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it.
❏ Since this problem affects more than one country and has international implications, India should seek to become a signatory to any international convention or treaty on the subject. It is also past time for our national police forces to be equipped to deal with such crimes.
Website: https://faidepro.comBlog: http://blogs.faidepro.com/
LinkedIn: https://in.linkedin.com/company/faideproTwitter: https://twitter.com/faidepro
Instagram: https://www.instagram.com/faidepro/Facebook : https://www.facebook.com/Faidepro-103150408248729
Source: https://faidepro.medium.com/
FaidePro
Related Documents
