Breach of Privacy

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 24

BREACH OF

PRIVACY
RIGHT TO PRIVACY

The Right to Privacy is a fundamental right protected under Article 21 of


the Constitution that enables an individual to control the use and
disclosure of their personal information.

This right can be exercised by an individual to prevent the collection,


use, and disclosure of their personal information.

There are numerous types of personal information that could be collected


and used by an individual. This includes, but is not limited to, medical
records, financial records, and habits and activities.
There is a danger that the existence of computerised data about
an individual could be used to create inaccurate or misleading
information about him or her. This could be exploited by
unauthorised third parties.
BREACH OF PRIVACY

A privacy breach occurs when personal information is stolen or lost or is


collected, used or disclosed without authority.
DATA PRIVACY BREACH

A data breach can be defined as an incident in which one’s information is

accessed without their consent. Therefore, a data breach can be said as

the release of sensitive, confidential, or protected data.

A report indicates that India ranked third in the whole world in terms of a

number of breaches of data till November 2021 with total data breaches of

86.63 million Indian users.

It is of serious concern in light of the financial and security damage the data
breach can cause. Criminals can use the leaked information for numerous illegal
activities such as fake ID cards, fraud bank calls, and so on.  
TYPES OF INFORMATION LEAKED

A data breach can result in the leak of several types of information such as:

• Financial Data—such as credit card numbers, bank details, tax forms, invoices, financial

statements

• Medical or Personal Health Information (PHI)—as defined in the US HIPAA

 standard, “information that is created by a health care provider [and] relates to the past,

present, or future physical or mental health or condition of any individual”

• Personally Identifiable Information (PII)—information that can be used to identify, contact

or locate a person

• Intellectual property—such as patents, trade secrets, blueprints, customer lists, contracts

• Vulnerable and sensitive information (usually of military or political nature)—such as

meeting recordings or protocols, agreements, classified documents


DATA PRIVACY AND PROTECTION

Data protection and privacy are closely related. Information like a person’s name,
address, telephone number, profession, family, choices, etc. is usually accessible in a
multitude of places like schools, colleges, banks, directories, surveys, and various
websites. It can lead to privacy intrusions such as incessant marketing calls when such
information is passed to interested parties.

The Information Technology (Amendment) Act, 2008 enumerates the main principles


on privacy and data protection, and it defines liability for civil and criminal offences
resulting from violations of the law. 
SECTION 43A OF THE IT ACT

• According to the Section 43A of the IT Act where a body corporate,


possessing, dealing, or handling any sensitive personal data or information in
a computer resource which it owns, controls or operates, is negligent in
maintaining reasonable security measures and thereby causes wrongful
loss or wrongful gain to any person, such body corporate shall be liable to
pay damages by way of compensation to the person so affected.

• The concept of ‘sensitive personal information under Section 43A


provides for civil action in case of security breaches. Other than that,
sensitive personal information is not protected by Indian law.

• According to Section 43A of the Act, the aggrieved person may be entitled
to compensation if the company failed to keep his or her personal data
protected while they were being processed by the company, whether as a
result of negligently implementing or maintaining reasonable security
measures.
SECTION 43A OF THE IT ACT

• Therefore, by granting a right of compensation to anyone other than the


person who manages the computer facility, a person will have the right
to prevent their personal information from being disclosed to third
parties or damaged or changed by those third parties. In addition to being
able to be used by data controllers, it may also be used by individuals with
personal data against third parties. Compensation is justified only because
they are ‘affected’ differently. Additionally, it states that accessing data
unauthorized is a civil offence.

• Section 43A of the IT Act would not apply to the employee/individual


since he/she does not come within the ambit of a body corporate. Section
43A mainly deals with the failure of a body corporate to protect data.
SECTION 72A OF THE IT ACT

• In Section 72A, it is given that any person, including an intermediary when


providing services under the terms of a lawful contract, discloses information in
breach of that contract except as otherwise provided in this Act or any other law
for the time being in force breaches privacy.

• It is unlawful for anyone who has secured access to material containing


personal information about another person to disclose, without their consent,
or in violation of a lawful contract, any personal information relating to
another person.

• The punishment is upto 3 years imprisonment or a fine of up to 5 lakhs


rupees or both. 

• Section 72A of the IT Act would apply to an individual/company. It will apply


to an employee as well since all the ingredients are met. An employee has a
lawful contract i.e. employment contract with the Employer. Employees get access
to sensitive personal data or material containing personal information while
providing services to the clients of the employer under the contract of
employment. 
SECTION 45 OF THE IT ACT

• Section 45 of the IT Act is a residuary clause that states that whoever
contravenes any rules made under the IT Act, for the breach of which no
penalty has been separately provided, shall be liable to pay compensation
or penalty of up to 25,000 rupees. Section 45 applies to an individual,
company, employer, employee. 
SECTION 43 OF THE IT ACT

• Civil liability in case of a computer database theft occurs when a computer


trespass is committed, unauthorised digital copying is made, data is
downloaded or extracted, privacy is violated, etc., under the Information
Technology (Amendment) Act 2008. Additionally, Section 43 states that a
person shall be liable to pay damages in compensation for a wide range of
cybercrimes, including:

• unauthorised access to computer systems, computer networks, or resources; 

• illegal digital copying, downloading, or extraction of data or information stored


on a computer; and thefts of data held or stored on any media.; 

• inserted a computer virus or contaminant into any computer system or computer


network; 

• transmitted undisclosed data or software from a computer, computer system, or


computer network; 

• disrupted computer data/ database, spamming, etc.; 


SECTION 43 OF THE IT ACT

• breaches of security, data thefts, frauds, forgeries, etc.;

• unauthorised access to computer databases/data; 

• instances of theft of passwords, login IDs, etc.; 

• destroys, deletes, or alters any information in a computer resource, etc., and 

• steals, conceals, destroys, or alters any computer source code used for a computer
resource with the intention of causing it harm. 

• The Explanation (ii) of Section 43 refers to a computer database as “an organised


collection of information, knowledge, facts, concepts, or instructions in text, image,
audio, or video prepared or prepared under formal circumstances, or ones produced by
computers, computers, or computer networks intended to be used by computers,
computers, or computer networks.” 

• This provision applies to individuals, companies, employers, and employees. 


BREACH OF DATA PRIVACY AND CONFIDENTIALITY VIOLATION

• Under the IT Act, terms such as violation of confidentiality and privacy are
defined.

• A violation of privacy is defined in Section 66-E as disregarding the


privacy of a person by intentionally or knowingly taking, publishing,
or broadcasting an image of his or her private areas without his/her
consent. The punishment is up to 3 years of imprisonment or fine up to
rupees two lakhs or both. 

• According to Section 72, any person gaining access to any electronic


record, book, register, correspondence, information, document, or
other materials without the consent of the person concerned discloses
such materials to any other person without the consent of the person
concerned, is subject to the punishment up to 2 years of imprisonment,
or fine up to 1 lakh rupees or both. 
BREACH OF DATA PRIVACY AND CONFIDENTIALITY VIOLATION

• In Section 72A, it is given that any person, including an intermediary when


providing services under the terms of a lawful contract, discloses
information in breach of that contract except as otherwise provided in this
Act or any other law for the time being in force breaches privacy. It is unlawful
for anyone who has secured access to material containing personal information
about another person to disclose, without their consent, or in violation of a
lawful contract, any personal information relating to another person. The
punishment is up to 3 years imprisonment or a fine of up to 5 lakhs rupees
or both. 

• The IT Act punishes the breach of privacy. As it would be difficult to


consider that Sections 66E, 72, and 72A would provide a sufficient level of
protection, Section 66E requires consent from the concerned persons.
However, Section 72A only requires consent within a limited scope. Essentially,
this section applies only to those who are conferred with powers under the Act.  
• The Privacy Bill, 2011

• The Bill protects the citizens from identity theft, including criminal


identity theft and financial identity theft. The Bill bars intercepting
communication lines without the permission of a Secretary-level officer.
In addition to that, it is requisite that the material collected is destroyed
within 2 months of discontinuance of interception

• On the basis of the bill, no person whose place of business and data equipment
is within India, shall leak any data relating to any person without their
consent. The Privacy bill lays down the constitution of a 
Data Protection Authority of India. The Data Protection Authority of
India is to monitor development in computer technology and data
processing.. 

• Further, it says any person who obtains any record of information concerning
an individual from any officer of the government or agency under false pretext
shall be punishable with a fine of up to Rs. 5 Lacs.
• The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by
the Minister of Electronics and Information Technology, Mr. Ravi Shankar
Prasad, on December 11, 2019. The Bill seeks to provide for protection
of personal data of individuals, and establishes a Data Protection
Authority for the same.
• The Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits
and services) Act, 2016 is a money bill of the Parliament of India. It
aims to provide legal backing to the Aadhaar unique identification
number project. It was passed on 11 March 2016 by the Lok Sabha.

• Appropriating the identity of an Aadhaar number holder by changing


or attempting to change the demographic and biometric information
of an Aadhaar number holder is an offense – imprisonment for 3 years
and a fine of Rs. 10,000
FRAUD
• Cheating and Fraud might be taken sometimes as being interchangeable in
common language. Yet the Indian Law provides for these two offences in
separate sections of the Constitution.

• To protect the interests of the people and maintain order in the society the
government has lain down asset of norms that are described under IPC
THE INDIAN PENAL CODE (IPC) EXPLAINS THE PROVISIONS ABOUT THE OFFENCES OF FRAUD UNDER SECTIONS FROM
421 TO 424.

• Section 421: 
Dishonest or fraudulent removal or concealment of property to prevent dis
tribution among creditors

• Section 422: 
Dishonestly or fraudulently preventing debt being available for creditors

• Section 423: 
Dishonest or fraudulent execution of deed of transfer containing false state
ment of consideration

• Section 424: Dishonest or fraudulent removal or concealment of property


• Section 421

• Any person who fraudulently or dishonestly conceals, removes or delivers or transfer or


causes the transfer of any property to another person

• Or anyone who has deceitfully / fraudulently, had concealed or had removed or had delivered
or had transferred or had caused to be transferred any property, without appropriate
consideration

• The mentioned concealment or removal or delivery or transfer was done to prevent the
distribution of that property, as per the law among the creditors of accused person or the
creditors of another person.

• The punishment for fraud is imprisonment of either description for a term which may
extend to two years or fine or both.

• The fraudster shall be punished with imprisonment of either description for a term
which may extend to two years, or with fine, or with both

• The act is non-cognizable, bailable, triable by any Magistrate, compoundable by the


creditor who is affected but only with the permission of the court.
• Section 422

• Any person who fraudulently or dishonestly makes omissions or performs


an act, whereby the act or omission done by him creates a situation where
no amount is made available as per law for the payment of his debts or the
debts of another person.

• The punishment for cheating is imprisonment of either description for a


term which may extend to two years or fine or both.
• Section 423

• Any person who has fraudulently or dishonestly executed, signed, or


became a party to any instrument or deed.

• The said instrument or deed implies to transfer or create a charge upon the
concerned property or charge on interest on the involved property.

• The concerned deed or instrument contains a false statement related to the


consideration of such charge or transfer or a false statement related to the
person or persons for whose benefit or use the deed is intended to operate.

• The punishment for cheating is imprisonment of either description for a


term which may extend to two years or fine or both.
• Section 424

• Any person who has fraudulently or dishonestly removed, or concealed


any property of himself or another person

• Anyone who has fraudulently or dishonestly assisted in the removal or


concealment of   a property of himself or another person

• Any individual who has dishonestly or fraudulently given up or released


any claim or demand to which he is entitled

• The punishment for cheating is imprisonment of either description for a


term which may extend to two years or fine or both.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy