white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
B. COMPENSATION<br />
Award<strong>in</strong>g of compensati<strong>on</strong> c<strong>on</strong>stitutes an important remedy where an <strong>in</strong>dividual has <strong>in</strong>curred<br />
a loss or damage as a result of a <strong>data</strong> c<strong>on</strong>troller‘s failure to comply with the <strong>data</strong> protecti<strong>on</strong><br />
pr<strong>in</strong>ciples as set out under law.<br />
4.5 Issues<br />
The IT Act, albeit <strong>in</strong> a limited manner, <strong>in</strong> Secti<strong>on</strong> 43A, recognizes the right of an <strong>in</strong>dividual<br />
to claim compensati<strong>on</strong> <strong>in</strong> case of a failure to protect sensitive pers<strong>on</strong>al <strong>data</strong>. Secti<strong>on</strong> 43A of<br />
the IT Act specifically stipulates that where a body corporate possess<strong>in</strong>g, deal<strong>in</strong>g or handl<strong>in</strong>g<br />
any sensitive pers<strong>on</strong>al <strong>data</strong> or <strong>in</strong>formati<strong>on</strong> <strong>in</strong> a computer resource which it owns, c<strong>on</strong>trols or<br />
operates is negligent <strong>in</strong> implement<strong>in</strong>g and ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>g reas<strong>on</strong>able security practices and<br />
procedures 863 and thereby causes wr<strong>on</strong>gful loss or wr<strong>on</strong>gful ga<strong>in</strong> to any pers<strong>on</strong>, such body<br />
corporate shall be liable to pay damages by way of compensati<strong>on</strong> to the pers<strong>on</strong> so affected. 864<br />
Moreover, while adjudg<strong>in</strong>g the quantum of compensati<strong>on</strong> payable under the IT Act, the<br />
adjudicat<strong>in</strong>g officer shall have due regard to the follow<strong>in</strong>g factors, namely: 865<br />
(i)<br />
(ii)<br />
the amount of ga<strong>in</strong> of unfair advantage, wherever quantifiable, made as a result of the<br />
default;<br />
the amount of loss caused to any pers<strong>on</strong> as a result of the default; and<br />
(iii) the repetitive nature of the default.<br />
From a pla<strong>in</strong> read<strong>in</strong>g of the above, it follows that Secti<strong>on</strong> 43A of the IT Act is triggered <strong>in</strong><br />
cases of negligence <strong>in</strong> ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>g and implement<strong>in</strong>g reas<strong>on</strong>able security practices and<br />
procedures and that such negligence has caused a wr<strong>on</strong>gful loss or wr<strong>on</strong>gful ga<strong>in</strong> 866 to any<br />
pers<strong>on</strong>.<br />
863 As per Secti<strong>on</strong> 43A, IT Act, ‗reas<strong>on</strong>able security practices and procedures‘ may be specified <strong>in</strong> an agreement<br />
between the parties or may be specified under law or <strong>in</strong> the absence of such agreement or any law, such<br />
reas<strong>on</strong>able security practices and procedures as may be prescribed by the central government <strong>in</strong> c<strong>on</strong>sultati<strong>on</strong><br />
with such professi<strong>on</strong>al bodies or associati<strong>on</strong>s as it may deem fit.<br />
864 It is relevant to note that under Secti<strong>on</strong> 43, IT Act, if any pers<strong>on</strong> without the permissi<strong>on</strong> of the owner or any<br />
other pers<strong>on</strong> who is <strong>in</strong> charge of a computer, computer system or computer network accesses or secures access<br />
to such computer, computer system or computer network, downloads, copies or extracts any <strong>data</strong> or <strong>in</strong>formati<strong>on</strong><br />
from the same, or provides any assistance to any pers<strong>on</strong> to facilitate access to the same <strong>in</strong> c<strong>on</strong>traventi<strong>on</strong> to the<br />
provisi<strong>on</strong>s of the IT Act shall be liable to pay damages by way of compensati<strong>on</strong> to the pers<strong>on</strong> so affected.<br />
865 Secti<strong>on</strong> 47, IT Act.<br />
866 While there is no specific def<strong>in</strong>iti<strong>on</strong> of the terms ‗wr<strong>on</strong>gful loss‘ or ‗wr<strong>on</strong>gful ga<strong>in</strong>‘ under the IT Act, reliance<br />
may be placed <strong>on</strong> Secti<strong>on</strong> 23, IPC which states as follows:<br />
―“Wr<strong>on</strong>gful ga<strong>in</strong>” is ga<strong>in</strong> by unlawful means of property to which the pers<strong>on</strong> ga<strong>in</strong><strong>in</strong>g is not legally entitled.<br />
“Wr<strong>on</strong>gful loss”.—“Wr<strong>on</strong>gful loss” is the loss by unlawful means of property to which the pers<strong>on</strong> los<strong>in</strong>g it is<br />
legally entitled.‖<br />
197