(a) and (b): Yes, Sir. Section 43A of Information Technology (IT) Act, 2000 provides that where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation. Compensation claims upto ` 5 crore are handled by Adjudicating Officers while claims above ` 5 crore are handled by the relevant Courts. Currently, all State and Union Territories’ Government Information Technology Secretary are designated as ‘Adjudicating Officer’. Since Section 43A violations are civil in nature, there are no convictions. Further, since adjudication is done at State level, no repository of information related to cases are currently maintained by Central Government.
(c) and (d): The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 have been notified on 11th April 2011. The body corporate are required to provide a policy for privacy and disclosure from the date of notification.
********
Download PDF Files