The Information Technology Act provides legal protection to the owner of computer resources against cybercrimes. Any illegal act or unauthorized use of the computer, computer system or computer network constitutes cybercrime in the form of contravention or offence.
Section 43-45 of the Act deals with the cyber contraventions and its penalties.
Penalty and compensation for damage to computer, computer system or network (Sec-43) :
- Access without authority
If he accesses or secure access to the computer, computer system or computer network without authority.
Case Law: Mphasis BPO Fraud Four call center employees were held liable for obtaining PIN Codes from four customers and misusing them. Court held that Sec. 43(a) and Sec. 66 were applicable here due to the nature of unauthorised access involved to commit transactions.
- Downloading, copying or extracting any data without authority : If he downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network.
- Introduction of computer contaminant or virus : If he introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network including information or data held or stored in any removable storage medium.
- Damage to computer database : If any person damages any computer system, or network, or any computer data, database or programme.
- Disruption of computer, computer system or computer network : If any persons disrupts any computer , computer system or computer network.
- Denial of access to authorised person : If he denies access to any person authorized to access any computer, computer system or computer network by any means.
- Providing assistance to facilitate access : If he provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder.
- Charging the services to the account of another :If he charges the services availed of by a person to the account of another person by tempering with or manipulating any computer system or computer network.
Following contraventions were Inserted vide IT Amendment Act, 2008.
- Destruction, deleting or alteration of information. If he destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means
- Stealing, concealing, destroying or altering computer source code. If he steals, conceals, destroys or alters any computer source code used for a computer resource with an intention to cause damage
He shall be liable to pay damages by way of compensation to the person so affected (Prior to the IT (Amendment) Act, 2008 the amount of damages by way of compensation was up to ₹1crore only.
But now the quantum of damages is not fixed and varies from case to case.
In a nutshell, if anyone copies, deletes, downloads, damages, disrupts data without authority it comes within the ambit of Sec. 43.The essence of Sec. 43 is civil liability.
Criminality in the offence of data theft is dealt in Secs. 66 and 67. Secs. 43(a) to 43(h) above include the acts which new learners/netizens end up doing because of lack of knowledge or curiosity. Therefore, such acts attract civil liability only.
Section 43 A Compensation for Failure to Protect Data [Inserted vide IT (Amendment )Act, 2008]:
The corporate responsibility for data protection is emphasized by inserting Sec. 43A. This section provides that:
If a body corporate, processing, dealing or handling any sensitive personal data or information (such as password/bank account/credit card/debit card details) in a computer resource, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or gain to any person,
Such body corporate shall be liable to pay damages by way of compensation to the affected party.
No monetary limits have been set-up for the damages by way of compensation under Sec. 43 and 43A of the Act. However, the jurisdiction of Adjudicating Officer is to the extent of ₹ 5 crore and claim beyond this amount shall have to be filed in a Court.
Body Corporates :Any company and includes a firm , sole proprietorship, or other association of individuals ,engaged in commercial or professional activities.
Section 44 Penalty for failure to furnish information, return or report
- Penalty for failure to furnish any document, return or report to CCA or CA(Controller of Certifying authority or certifying authority). He shall be liable to a penalty not exceeding Rs. 1,50,000 for each such failure.
- Penalty for failure in filing return or furnishing information, books or other documents within specified time. He shall be liable to a penalty not exceeding Rs. 5,000 for every day during which such failure continues.
- Penalty for failure to maintain books of accounts or records. He shall be liable to a penalty not exceeding Rs. 10,000 for every day during which such failure continues
Section 45 Residuary Penalty : This section provides that if any person contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately prescribed, he shall be liable to pay compensation not exceeding ₹ 25,000 to the person affected by such contravention.