Data Theft rules and regulations: Things you should know (Pt.2)

1
Data Theft rules and regulations Things you
should know (Pt.2)

• Website www.faidepro.com
• Address 417- Accurate Square, Tagore Road,
  Rajkot, India - 360002
• E- Mail faidepro_at_gmail.com
• Mobile No 919510395794

2
8. Personal Data Protection Bill (PDPB) (India)

• On July 27, 2018, the national governments
  Srikrishna Committee released its long-awaited
  draught legislation for a new Personal Data
  Protection Bill (PDPB).
• The proposed mechanism aims to control how
  government and private entities (data
  fiduciaries) in India and abroad process personal
  data of individuals (data principals). It also
  explains how to gather, process, and store data.

3
Is Indias legal system adequate?

• The problem of data theft, which has emerged as
  one of the most significant cybercrimes in the
  world, has received little attention from Indian
  legislators.
• Unlike the United Kingdom, which has the Data
  Protection Act of 1984, India lacks clear
  legislation to address this issue, despite having
  the Information Technology Act of 2000 to address
  the ever-growing threat of cybercrime, including
  data theft.
• The reality is that our Information Technology
  Act of 2000 is woefully inadequate to combat such
  crimes. The various provisions of the Information
  Technology Act of 2000 that deal with the issue
  to some degrees are discussed briefly below.

4
Is Indias legal system adequate?

• Section 43
• This section protects computer systems from
  destruction and unauthorised access by enforcing
  a heavy penalty of up to one crore. This section
  also covers the illegal uploading, retrieval, and
  copying of data.
• This sections clause C imposes a penalty for
  the unintended introduction of computer viruses
  or pollutants. Clause G outlines the
  consequences of assisting unauthorised entry.

5
Is Indias legal system adequate?

• Section 65
• This section contains the source code for
  computers. Anyone who knowingly or intentionally
  conceals, kills, alters, or allows another to do
  so faces a sentence of up to 3 years in prison or
  a fine of up to 2 lakh rupees. As a result,
  electronic source records have been shielded from
  tampering.

6
Is Indias legal system adequate?

• Section 66
• This section has been designed to protect against
  hacking. According to this section, hacking is
  described as any act committed with the purpose
  to cause wrongful loss or damage to another
  individual, or with the knowledge that wrongful
  loss or damage would be caused to another person,
  and information stored in a computer resource
  must be destroyed, erased, changed, or its value
  and usefulness diminished.
• The hacker faces a sentence of up to three years
  in prison or a fine of up to two lakh rupees, or
  both, under this clause.

7
Is Indias legal system adequate?

• Section 70
• This section safeguards the information stored on
  the secured system. Safe devices are computers,
  computer systems, or computer networks that have
  been designated as such by the appropriate
  government by the publication of gazette
  information in the official gazette.
• Any access to that system, or any attempt to
  secure access to that system, in violation of the
  provisions of this section, would subject the
  person accessed to a penalty of up to ten years
  in prison and a fine.

8
Is Indias legal system adequate?

• Section 72
• This segment protects against data breaches in
  terms of confidentiality and privacy. According
  to this, anyone who has been given powers under
  the IT Act and related rules to secure access to
  any electronic record, book, log, correspondence,
  information paper, or other material and then
  discloses it to another person is punishable by
  up to two years in prison or a fine of up to one
  lakh rupees, or both.

9
9. Notifiable Data Breach (NDB) (Australia)

• On February 22, 2018, the Notifiable Data Breach
  (NDB) Scheme, which is part of Australias
  Privacy Act and contains 13 guidelines about
  organisations responsibility for personal data
  management, went into effect.
• Companies that manage personal data, such as bank
  account information or medical records, must
  report data breaches to the Office of the
  Australian

10
10. Administrative Data Security Measures (China)

• Chinas Cyberspace Administration (the
  Measures) issued a draught of its Data Security
  Administrative Measures (the Measures) for
  public consultation on May 28, 2019. As a result,
  China has entered the list of countries calling
  for tighter data security laws around the world.
• The Measures add to Chinas Cybersecurity Law,
  which went into force on June 1, 2017, by
  establishing strict and comprehensive rules for
  network operators who collect, store, distribute,
  process, and use data on Chinese soil.

11
10. Administrative Data Security Measures (China)

• Network operators who collect confidential
  personal information or critical data for the
  purpose of conducting business must register with
  the cyberspace administrative departments.
• The Personal Information Protection Specification
  was released in March 2018, and it included
  comprehensive guidelines for data processing
  enforcement.
• The Initiatives are structured to include legally
  binding technical standards and best practices in
  the field of data protection.

12
Is Data Theft protected by the IPC?

• The Indian Penal Code, Section 378, describes
  theft as follows
• Theft Someone who moves movable property out of
  the hands of another person without that persons
  permission with the intent of taking that
  property dishonestly is said to be committing
  theft.

13
Is Data Theft protected by the IPC?

• Movable property is described as follows in
  Section 22 of the I.P.C., 1860
• Land and objects attached to the earth or
  permanently fastened to something attached to the
  earth are excluded from the definition of movable
  property.
• Data is not protected under the concept of
  theft since Section 378 I.P.C. only applies to
  movable property, i.e., corporeal property, and
  data is intangible. However, if Data is stored on
  a movable medium (CD, floppy disc, etc.) and the
  medium is stolen, the theft is protected under
  the concept of theft. However, if Data is
  distributed electronically, rather than
  intangibly, it is not considered fraud under the
  IPC.

14
Is Data Theft protected by the IPC?

• Movable property is described as follows in
  Section 22 of the I.P.C., 1860
• Land and objects attached to the earth or
  permanently fastened to something attached to the
  earth are excluded from the definition of movable
  property.
• Data is not protected under the concept of
  theft since Section 378 I.P.C. only applies to
  movable property, i.e., corporeal property, and
  data is intangible. However, if Data is stored on
  a movable medium (CD, floppy disc, etc.) and the
  medium is stolen, the theft is protected under
  the concept of theft. However, if Data is
  distributed electronically, rather than
  intangibly, it is not considered fraud under the
  IPC.

15
Is Data Theft protected by the IPC?

• Movable property is described as follows in
  Section 22 of the I.P.C., 1860
• Data, in its intangible nature, can be compared
  to electricity at best. In the case of Avtar
  Singh vs. State of Punjab, the Honble Supreme
  Court was asked if electricity could be stolen
  (AIR 1965 SC 666).
• However, when Section 39 of the Electricity Act
  made Section 378 of the IPC applicable to
  electricity, it became explicitly protected under
  the scope of Theft.
• As a result, it is critical that a clause similar
  to that found in the Electricity Act be
  incorporated into the IT Act of 2000, extending
  the scope of section 378 IPC to data theft in
  particular.

16
Summary

• In todays world, it is important for an emerging
  IT superpower like India to have robust
  legislation in place to protect its burgeoning IT
  and BPO industries (the worst-affected
  industries) from such crimes.
• Web Development Company are aware of these laws
  and legislations. Kindly check out for help.
  Though the IT Act appears to be adequate in this
  regard, it is insufficient in addressing the
  minute technical intricacies involved in such a
  crime, leaving gaps in the law and allowing the
  perpetrators to get away with it.
• Since this problem affects more than one country
  and has international implications, India should
  seek to become a signatory to any international
  convention or treaty on the subject. It is also
  past time for our national police forces to be
  equipped to deal with such crimes.

17
FaidePro

• Website https//faidepro.com
• Blog http//blogs.faidepro.com/
• LinkedIn https//in.linkedin.com/company/faidepro
  
• Twitter https//twitter.com/faidepro
• Instagram https//www.instagram.com/faidepro/
• Facebook https//www.facebook.com/Faidepro-10315
  0408248729
• Source https//faidepro.medium.com/