DSCI Exam DCPP-01 Topic 1 Question 36 Discussion

There are two sections under the IT (Amendment) Act, 2008 that outline liabilities. These are quoted below: Sec 43A - ''Where a body corporate possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.'' Compensation for failure to implement reasonable security practices can be upto Rs. 5 Crores (the Adjudicating Officer has the power to award this). A data subject can further approach a civil court if compensation desired is more than Rs. 5 Crore. Sec 72A - ''Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.''