Data Theft| BareLaw

Data Theft

Authored By: Jiya

Data Theft

Introduction

Data theft, as the name suggests, is the theft of data or information that is personal or confidential. It has become a growing problem in today’s day and age where the data is stored in the digital device and is prone to cyber-attacks, theft, etc. These stolen data can be used for blackmailing, manipulating, and committing fraud using sensitive information which can be a threat to the reputation of a person or organization and incur financial losses.

In this article, I will delve into what is data theft, how it happens, how can one protect their data, and what are the laws governing data theft in India.

What is Data Theft?

Illegal copying, removing, or stealing the confidential or valuable information stored in the digital device of a person or business organization without their knowledge or consent, is called data theft. In India Information Technology Act, of 2000 governs data theft.

Section 43(b) of the act defines data theft as:

“If any person without permission of the owner or any other person who is in charge of a computer, computer system of computer network, downloads, copies or extracts any data, computer database or information from such computer, computer system or computer network.”

The data is crucial information for businesses as it helps them understand their customers better, analyze the performance of their business, and make better decisions for the future.

How does data theft happen?

Data theft can happen for many reasons. Some of the reasons are:

  • Phishing technique – The attacker masquerades as a legitimate entity and dupes the person into opening the email or a message which gives the attacker Access to sensitive information
  • Weak passwords– By keeping weak passwords or storing the passwords in the digital device can lead the attacker to gain access to the data.
  • Infected downloads – Downloads from websites that are infected by viruses can also give access to the tackle, which can lead to the stealing of the data.
  • Theft by insiders– Employees with maleficent intent or with a negligent attitude can cause a major data leak or theft. These employees have access to the company’s and client’s sensitive information which can lead to data theft and cause massive losses to both. They can copy, alter, or steal the data anytime.

Consequences of data theft

  • Enabling Multi-Factor Authentication provides additional security to the account.
  • Monitoring activities of employees and keeping records of accesses and modifications.
  • Avoid writing passwords on digital devices, which are more prone to be suspectable by hackers.
  • Use strong passwords with longer characters involving numbers and symbols.

As such, there is no legislation specifically dealing with data theft, but laws related to them can be found in the Information Technology Ac, and Intellectual Property.

  1. IT Act, 2000

It contains provisions that safeguard the unauthorized use of data in computer and computer systems It creates personal liability where the intentional or negligent act has caused a violation on the person itself and not on the entity or organization.

Section 65– It deals with intentional act which tampers with the computer source documents, which includes concealing, destroying, or altering computer source code. The punishment under this section is up to 3 years, or a fine of up to 2 lakh or both.

Section 66– It deals with acts of dishonesty or fraudulently performed referred to in section 43 of the act. The punishment is up to three years or a fine of up to 5 lakh or both.

  • Intellectual Property

Section 63B of the Indian Copyright Act states that knowingly anyone using an infringing copy of a computer program is an offense. The punishment prescribed for this offense is imprisonment of a minimum of seven days, which may extend up to three years, and a fine, of not less than Rs 50,000 which may extend up to Rs 2,00,000.

Digital Personal Data Protection Act (DPDPA), 2023

It is the first comprehensive data protection law which came into fact on 1st September 2023. This act provides safeguards to the personal data of the individuals and recognizes the rights of individuals such as Information correction and erasure in case of inaccurate information, grievance redressal, and nominating someone else in case of death or incapacity. It places significant specific obligations upon the Data Fiduciary to appoint of data protection officer, and an independent data auditor and conduct a data protection impact assessment. It creates a legal obligation upon businesses to invest in cyber security and conduct regular audits along with training their staff so that the risk of breach of personal data is reduced.  The act also provides for a penalty clause where non-compliance with the provisions by data fiduciary can lead to up to INR 250 crore.

Conclusion

Data in today’s time has become a gold mine and is the most powerful tool. However, the data protection laws are not implemented properly and there is a dire need for implementation of existing IT laws so that the personal data of people is protected and bringing laws to protect against data theft that are effective but also address current and future issues.

You might be interested in