The recent amendments in the Information technology Act, specifically under section 43A, have mandated the organizations- be it of any shape, size or structure which deals with sensitive personal data in its computer resources have to protect the customers data via proper procedures. If an organization is negligent in maintaining proper security of sensitive information and thereby causes a wrongful loss or wrongful gain to any person, such an organization will be liable to pay damages by way of compensation to the person so affected.

The law defines sensitive personal information as password, financial information eg. bank account, credit/debit card number, physical, physiological and mental health condition, sexual orientation medical records and history, biometric information,etc.

Law mandates that the sensitive information must be protected via proper security procedures. With "reasonable security practices and procedures"

Non-compliance with any of the provisions of the data privacy rules is penalized with a compensation /penalty of upto Rs. 25,000 under section 45 of the Information Technology Act.  Also, there may be liability under section 43A of the Information Technology Act. Under the original ITAct 2000, compensation claims were restricted to Rs. 1 crore. Now claims upto Rs 5 crore are under the jurisdiction of Adjudicating Officers. Claims above Rs 5 crore are under the jurisdiction of the relevant courts. In some cases there may be liability under section 72A of the Information Technology Act, imprisonment upto 3 years and with a fine of Rs. 5 lakhs. Moreover, other sections could also be applicable by misuse of computer resources within an organization by its employee/s or in case of compromised systems, which are not protected by proper means, some of them are tabled as follows.


Section 43A and 72A relating to data privacy
Section 7A relating audit of documents, records, and info in electronic form.
Section 43 relating Civil penalty risk
Section 65 tampering with computer source documents
Section 66, 66A-F Hacking with computer system
Section 67,67A-C publishing obscene information in electronic form

For Section 65 there are penalties with regard to tampering which is punishable with imprisonment up to 3 years, or fine upto Rs.2 lakhs or both.

For committing hacking the penalties may go up to 3 years imprisonment and fine of Rs.3 lakhs or both.

For Section 67 and related amendments, the penalties varies from 3 years imprisonment and fine of Rs. 5 lakhs.


EVOLUTION with its knowledge &  expertise will help your organization to implement proper controls so as the computer resources would be resistant to any type of misuse either knowingly/ unknowingly by employees as we understand that humans are the weakest link to security and also computer resources become audit-able so as to have a proper record of  any unwanted events in case they happen and also to comply with the act.