Wheather Dr Manjari has committed Data Theft under IT Act 2000 and IPC?

What are the Sections that govern Data Theft under IT Act 2000 and IPC?

In August 2004, Dr. Jacob received notice from a court in Moonvale, California of a
suit filed by the TFF Foundation against JJ Diagnostics seeking damages of US$ 15
million for breach of its confidentiality obligations by JJ Diagnostics under its contract
with the Terry Fox Foundation.

The notice claimed that several patients of the Terry Fox Foundation had initiated a
suit against its hospital in Moonvale on the ground that their records pertaining to
diagnostic information was divulged by the hospital or its agents thereby causing
severe harm and damage to the patients, including the death of two patients.

An internal enquiry, the Terry Fox Foundation found that all its systems and controls
were fully operational and that the data that was leaked related only to patients
whose radiology reports were outsourced to JJ Diagnostics and not to those patients
whose reports were prepared internally by the hospital. The Terry Fox Foundation
therefore had strong reason to believe that the leak occurred at JJ Diagnostics’ end
and hence brought about a suit against the later for recovery of damages. A similar
action was filed by the Discovery Hospital against JJ Diagnostics in the High Court of
Judicature at New Delhi, alleging that JJ Diagnostics had leaked information due to
which its patients have sued the hospital.

Dr. JJ conducted an internal probe headed by a retired judge of Patna High Court. It
directly linked the leakage of information to Dr. Manjari,

Dr. Manjari later confessed that she had passed on patient information to Dr. Ross
who was the owner of a pharmaceutical company in US. It was not clear whether Dr.
Manjari had received any monetary reward or other benefit for providing this
information.

Data Theft: Meaning, Laws govern it, Liabilities

of Corporate and its Employees, Grievance
Redressal Mechanism and Penalties.
What is Data Theft?
In simple terms, Data Theft means illegal copying, removal, or stealing confidential
or valuable information from a corporate or a business, or an individual without their
knowledge or consent.

In this theft, an individual has a threat to get their password, personal information,
banking, or financial information getting stolen. Corporates and businesses have the
threat of getting their sensitive information like client data, software source code,
corporate trade secrets, confidential information getting stolen.

Data is a gold mine in today's world with the advancement of the civilization crimes
also advances now theft is done by the educated peoples. Data is the key to one's
life if someone stole your data they don't only know about your personal life, your
financial status, your views politically or socially but they can also manipulate it.

Laws govern the Data Theft in India:

Data Theft in India is mainly governed by the IT Act 2000. Section 43 of the act
talks about the definition and types of Data Theft and sections 65, 70, and 72 of the
acts talk about penalties imposed in case of Data Theft and Section 405 and 408 of
IPC.

What kind of Data fall within the ambit of the IT Act?

There are two types of data according to the IT Act Personal Information and
Sensitive Personal Data.

Personal Information means any information which directly, indirectly, or in

combination with other information is capable of identifying any person.

Sensitive personal data means any personal information which is prescribed as

sensitive by the government is sensitive to personal information.

Section 43 of IT Act 2000

If any person without permission of the owner or any other person who is incharge of
a computer, computer system or computer network, —

(a) accesses or secures access to such computer, computer system or computer

network;

(b) downloads, copies or extracts any data, computer data base or information from
such computer, computer system or computer network including information or data
held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer

virus into any computer, computer system or computer network;
(d) damages or causes to be damaged any computer, computer system or computer
network, data, computer data base or any other programmes residing in such
computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer

network;

(f) denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer,

computer system or computer network in contravention of the provisions of this Act,
rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network, he shall be liable to pay damages by way of compensation not exceeding
one crore rupees to the person so affected.

Explanation.—For the purposes of this section,—

(i) "computer contaminant" means any set of computer instructions that are
designed—
(a) to modify, destroy, record, transmit data or programme residing within
a computer, computer system or computer network; or
(b) by any means to usurp the normal operation of the computer, computer
system, or computer network;
(ii) "computer data base" means a representation of information, knowledge,
facts, concepts or instructions in text, image, audio, video that are being
prepared or have been prepared in a formalised manner or have been
produced by a computer, computer system or computer network and are
intended for use in a computer, computer system or computer network;
(iii) "computer virus" means any computer instruction, information, data or
programme that destroys, damages, degrades or adversely affects the
performance of a computer resource or attaches itself to another computer
resource and operates when a programme, daia or instruction is executed
or some other event takes place in that computer resource;
(iv) "damage" means to destroy, alter, delete, add, modify or rearrange any
computer resource by any means.

Certain sections of IPC can also be invoked in the case of Data Breach.
Section 378 of IPC which deals with the theft of immovable property now
data is abstract but if it is stored in some hardware drive like floppy, pen
drive, etc and it gets stolen then section 378 can be invoked.

ADJUDICATING OFFICER
Section 46 to Section 64 of the IT Act 2000 talks about the Adjudicating Officer
their appointment, power, jurisdiction, etc. The secretary of the department of
information technology of each state is appointed as the Adjudicating Officer for that
state by default by the central government.

The adjudicating officer can only handle the cases in which the claim does not
exceed 5 crore rupees. Cases in which the claim exceeded the said amount will
handle by the competent court.

Adjudicating Officer has two functions first to conduct an investigation or order an

investigation into the violation of an IT Act and second is to decide the degree of
compensation to be granted to the petitioner in case of violation of the act.

PENALTIES
Section 65 of the IT Act
Tampering with computer source documents.
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes another to conceal, destroy or alter any computer source code
used for a computer, computer programme, computer system or computer network,
when the computer source code is required to be kept or maintained by law for the
time being in force, shall be punishable with imprisonment up to three years, or with
fine which may extend up to two lakh rupees, or with both.

Explanation.—For the purposes of this section, "computer source code" means the
listing of programmes, computer commands, design and layout and programme
analysis of computer resource in any form.

In Section 66 of the IT Act

Hacking with computer system.
(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful
loss or damage to the public or any person destroys or deletes or alters any
information residing in a computer resource or diminishes its value or utility or affects
it injuriously by any means, commits hack:

(2) Whoever commits hacking shall be punished with imprisonment up to three

years, or with fine which may extend upto two lakh rupees, or with both

Section 70 of IT Act 2000.

Protected system.
(1) The appropriate Government may, by notification in the Official Gazette, declare
that any computer, computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorise the persons who
are authorised to access protected systems notified under sub-section (1). (3) Any
person who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be punished with imprisonment of
either description for a term which may extend to ten years and shall also be liable to
fine.

Section 72 of the IT Act 2000

Breach of confidentiality and privacy
Save as otherwise provided in this Act or any other law for the time being in force,
any person who, in pursuant of any of the powers conferred under this Act, rules or
regulations made there under, has secured access to any electronic record, book,
register, correspondence, information, document or other material without the
consent of the person concerned discloses such electronic record, book, register,
correspondence, information, document or other material to any other person shall
be punished with imprisonment for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with both.

Section 378 in The Indian Penal Code

Theft.—
Whoever, intending to take dishonestly any moveable property out of the possession
of any person without that person’s consent, moves that property in order to such
taking, is said to commit.
Section 378 of IPC which deals with the theft of movable property now data is
abstract but if it is stored in some hardware drive like floppy, pen drive, etc and it
gets stolen then section 378 can be invoked.

Section 405 in The Indian Penal Code

Criminal breach of trust.—
Whoever, being in any manner entrusted with property, or with any dominion over
property, dishonestly misappropriates or converts to his own use that property, or
dishonestly uses or disposes of that property in violation of any direction of law
prescribing the mode in which such trust is to be discharged, or of any legal contract,
express or implied, which he has made touching the discharge of such trust, or
wilfully suffers any other person so to do, commits “criminal breach of trust”.

Section 408 in The Indian Penal Code

Criminal breach of trust by clerk or servant.—
Whoever, being a clerk or servant or employed as a clerk or servant, and being in
any manner entrusted in such capacity with property, or with any dominion over
property, commits criminal breach of trust in respect of that property, shall be
punished with imprisonment of either description for a term which may extend to
seven years, and shall also be liable to fine.

CONCLUSION
Despite being one of the largest countries in the world in a term of internet users
India lacks the legal framework to secure the data of its citizen. India's IT Laws can't
tackle the problems which the current generation is facing.

IT laws are not properly implemented neither by the executive nor the legislature.
Adjudicating officers which were supposed to be appointed to resolve the conflicts
their appointment is not done in many states.

There are not even common guidelines or penalty formats is notified by the
legislature which should be followed by the Adjudicating Officers. This creates havoc
because different officers follow different procedures and pass judgment according
to their senses.

Currently, we need a strong Technical Law which can provide a strong data
protection mechanism to the citizen of the country. Laws must be the frame to not
only tackle the present problem but to counter the future issues too.