DATA THEFT IN CYBER SPACE
The rapid development of Information technology poses new challenges before the law. These challenges are not confined to any single traditional legal category but arise in, for example, Criminal Law, Intellectual Property Law, Contract and Tort. One such challenge is the growing menace of Data Theft. It is the term used when any information in the form of data is illegally copied or taken from a business or other individual without his knowledge or consent.
Data as a valuable asset
Data is a valuable asset in this modern era of Information Technology (IT). Data is an important raw-material for Call Centers and I.T. Companies. Data has also become an important tool and weapon for Corporates to capture larger market shares. Due to the importance of Data in this new era, its security has become a major issue with the I.T. industry. The piracy of data is a threat, faced by the I.T. players, who spend millions to compile or buy data from the market. Their profits depend upon the security of the Data.
The major issue regarding Data Theft is its International character, for example Systems may be accessed in USA, the data manipulated in China and the consequences felt in India. The result of this ability is that different sovereignties, jurisdictions, laws and rules will come into play which again is an issue in itself. Further, collection of evidence in such circumstances become another issue as investigation in three different countries, all of whom may not be in talking terms, is almost impossible and poor technical know-how of our cops adds to the woes. Also, the lack of coordination between different investigating agencies and a not-so-sure extradition process is another head ache. However the biggest of all these issues is the lack of specific laws in the country dealing with this crime, so even if the culprit is caught he can easily get away by picking and choosing any of the of various loopholes in our law.
Does India have sufficient Laws?
The problem of data theft which has emerged as one of the major cyber crimes worldwide has attracted little attention of law makers in India. Unlike U.K which has The Data Protection Act, 1984 there is no specific legislation in India to tackle this problem, though India boasts of its Information Technology Act, 2000 to address the ever growing menace of cyber crimes, including data theft. The truth is that our IT Act, 2000 is not well equipped to tackle such crimes. The various provisions of the IT Act, 2000 which deal with the problem to some extent are briefly discussed below.
This section provides protection against destruction and unauthorized access of the computer system by imposing heavy penalty up to one crore. The unauthorized downloading, extraction and copying of data are also covered under this section. Clause ‘C’ of this section imposes penalty for unauthorized introduction of computer viruses of contaminants. Clause ‘G’ provides penalties for assisting the unauthorized access.
This section provides for computer source code. If anyone knowingly or intentionally conceals, destroys, alters or causes another to do as such shall have to suffer imprisonment of up to 3 years or fine up to 2 lakh rupees. Thus protection has been provided against tampering of computer source documents.
Protection against hacking has been provided under this section. As per this section, hacking is defined as any act with an intention to cause wrongful loss or damage to any person or with the knowledge that wrongful loss or damage will be caused to any person and information residing in a computer resource must be either destroyed, deleted, altered or its value and utility get diminished. This section imposes the penalty of imprisonment of up to three years or fine up to two lakh rupees or both on the hacker.
This section provides protection to the data stored in the protected system. Protected systems are those computers, computer system or computer network to which the appropriate government, by issuing gazette information in the official gazette, declared it as a protected system. Any access or attempt to secure access of that system in contravention of the provision of this section will make the person accessed liable for punishment of imprisonment which may extend to ten years and shall also be liable to fine.
This section provides protection against breach of confidentiality and privacy of the data. As per this, any person upon whom powers have been conferred under IT Act and allied rules to secure access to any electronic record, book, register, correspondence, information document of other material discloses it to any other person, shall be punished with imprisonment which may extend to two years or with fine which may extend to one lakh rupees or both.