Menu
X
  • 43
    Penalty and Compensation for damage to computer, computer system, etc
    IT Act-2000
  • If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -
    1. accesses or secures access to such computer, computer system or computer network or computer resource
    2. downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
    3. introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
    4. damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
    5. disrupts or causes disruption of any computer, computer system or computer network;
    6. denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
    7. provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder,
    8. charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,
    9. destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means
    10. Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage,he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

      Explanation - for the purposes of this section -
      1. "Computer Contaminant" means any set of computer instructions that are designed -
        1. to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
        2. by any means to usurp the normal operation of the computer, computer system, or computer network;
      2. "Computer Database" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
      3. "Computer Virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource;
      4. "Damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means.
      5. "Computer Source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form
  • 43A
    Compensation for failure to protect data
    IT Act-2000
  • Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.

    Explanation: For the purposes of this section
    1. "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities
    2. "reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
    3. "sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
  • 44
    Compensation for failure to protect data
    IT Act-2000
  • If any person who is required under this Act or any rules or regulations made thereunder to -
    1. furnish any document, return or report to the Controller or the Certifying Authority, fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;
    2. file any return or furnish any information, books or other documents within the time specified therefor in the regulations, fails to file return or furnish the same within the time specified therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues:
    3. maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.
  • 45
    Residuary Penalty
    IT Act-2000
  • Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.
  • 46
    Power to Adjudicate
    IT Act-2000
    • (1) For the purpose of adjudging under this Chapter whether any person has committed a contravention of any of the provisions of this Act or of any rule, regulation, direction or order made thereunder which renders him liable to pay penalty or compensation, the Central Government shall, subject to the provisions of sub-section(3), appoint any officer not below the rank of a Director to the Government of India or an equivalent officer of a State Government to be an adjudicating officer for holding an inquiry in the manner prescribed by the Central Government.
    • (1A) The adjudicating officer appointed under sub-section (1) shall exercise jurisdiction to adjudicate matters in which the claim for injury or damage does not exceed rupees five crore

      Provided that the jurisdiction in respect of claim for injury or damage exceeding rupees five crore shall vest with the competent court.
    • (2) The adjudicating officer shall, after giving the person referred to in sub-section (1) a reasonable opportunity for making representation in the matter and if, on such inquiry, he is satisfied that the person has committed the contravention, he may impose such penalty as he thinks fit in accordance with the provisions of that section.
    • (3) No person shall be appointed as an adjudicating officer unless he possesses such experience in the field of Information Technology and Legal or Judicial experience as may be prescribed by the Central Government.
    • (4) Where more than one adjudicating officers are appointed, the Central Government shall specify by order the matters and places with respect to which such officers shall exercise their jurisdiction.
    • (5) Every adjudicating officer shall have the powers of a civil court which are conferred on the Cyber Appellate Tribunal under sub-section (2) of section 58, and -
      1. all proceedings before it shall be deemed to be judicial proceedings within the meaning of sections 193 and 228 of the Indian Penal Code;
      2. shall be deemed to be a Civil Court for purposes of order XXI of the Civil Procedure Code, 1908
  • 47
    Factors to be taken into account by the adjudicating officer
    IT Act-2000
  • While adjudging the quantum of compensation under this Chapter the adjudicating officer shall have due regard to the following factors, namely -
    1. the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
    2. the amount of loss caused to any person as a result of the default;
    3. the repetitive nature of the default
1 Short title, extent, commencement and application
2 Definitions
3 Authentication of Electronic Records
3A Electronic Signature
4 Legal Recognition of Electronic Records
5 Legal recognition of Electronic Signature
6 Use of Electronic Records and Electronic Signature in Government and its agencies
6A Delivery of Services by Service Provider
7 Retention of Electronic Records
7A Audit of Documents etc in Electronic form
8 Publication of rules, regulation, etc, in Electronic Gazette
9 Sections 6, 7 and 8 Not to Confer Right to insist document should be accepted in electronic form
10 Power to Make Rules by Central Government in respect of Electronic Signature
10A Validity of contracts formed through electronic means
11 Attribution of Electronic Records
12 Acknowledgement of Receipt
13 Time and place of despatch and receipt of electronic record
14 Secure Electronic Record
15 Secure Electronic Signature
16 Security procedures and Practices
17 Appointment of Controller and other officers
18 The Controller may perform all or any of the following functions, namely
19 Recognition of foreign Certifying Authorities
20 Omitted vide Information Technology (Amendment) Act 2008
21 License to issue electronic signature certificates
22 Application for license
23 Renewal of license
24 Procedure for grant or rejection of license
25 Suspension of License
26 Notice of suspension or revocation of license
27 Power to delegate
28 Power to investigate contraventions
29 Access to computers and data
30 Certifying Authority to follow certain procedures
31 Certifying Authority to ensure compliance of the Act, etc.
32 Display of license
33 Surrender of license
34 Disclosure
35 Certifying Authority to issue Electronic Signature Certificate
36 Representations upon issuance of Digital Signature Certificate
37 Suspension of Digital Signature Certificate
38 Revocation of Digital Signature Certificate
39 Notice of suspension or revocation
40 Generating Key Pair
40A Duties of subscriber of Electronic Signature Certificate
41 Acceptance of Digital Signature Certificate
42 Control of Private key
43 Penalty and Compensation for damage to computer, computer system, etc
43A Compensation for failure to protect data
44 Compensation for failure to protect data
45 Residuary Penalty
46 Power to Adjudicate
47 Factors to be taken into account by the adjudicating officer
48 Establishment of Cyber Appellate Tribunal
49 Composition of Cyber Appellate Tribunal
50 Qualifications for appointment as Chairperson and Members of Cyber Appellate Tribunal
51 Term of office, conditions of service etc of Chairperson and Members
52 Salary allowance and other terms and conditions of service of Chairperson and Member
52A Powers of superintendence, direction, etc
52B Distribution of Business among Benches
52C Powers of the Chairperson to transfer cases
52D Decision by majority
53 Filling up of vacancies
54 Resignation and removal
55 Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings
56 Staff of the Cyber Appellate Tribunal
57 Appeal to Cyber Regulations Appellate Tribunal
58 Procedure and Powers of the Cyber Appellate Tribunal
59 Right to legal representation
60 Limitation
61 Civil court not to have jurisdiction
62 Appeal to High court
63 Compounding of Contravention
64 Recovery of Penalty or compensation
65 Tampering with Computer Source Documents
66 Computer Related Offences
66A Punishment for sending offensive messages through communication service, etc
66B Punishment for dishonestly receiving stolen computer resource or communication device
66C Punishment for identity theft
66D Punishment for cheating by personation by using computer resource
66E Punishment for violation of privacy
66F Punishment for cyber terrorism
67 Punishment for publishing or transmitting obscene material in electronic form
67A Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form
67B Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form
67C Preservation and Retention of information by intermediaries
68 Power of Controller to give directions
69 Powers to issue directions for interception or monitoring or decryption of any information through any computer resource
69A Power to issue directions for blocking for public access of any information through any computer resource
69B Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security
70 Protected system
70A National nodal agency
70B Indian Computer Emergency Response Team to serve as national agency for incident response
71 Penalty for misrepresentation
72 Breach of confidentiality and privacy
72A Punishment for Disclosure of information in breach of lawful contract
73 Penalty for publishing electronic Signature Certificate false in certain particulars
74 Publication for fraudulent purpose
75 Act to apply for offence or contraventions committed outside India
76 Confiscation
77 Compensation, penalties or confiscation not to interfere with other punishment
77A Compounding of Offences
77B Offences with three years imprisonment to be cognizable
78 Power to investigate offences
79 Exemption from liability of intermediary in certain cases
79A Central Government to notify Examiner of Electronic Evidence
80 Power of Police Officer and Other Officers to Enter, Search, etc
81 Act to have Overriding effect
81A Application of the Act to Electronic cheque and Truncated cheque -
82 Chairperson, Members, Officers and Employees to be Public Servants
83 Power to Give Direction
84 Protection of Action taken in Good Faith
84A Modes or methods for encryption
84B Punishment for abetment of offences
84C Punishment for attempt to commit offences
85 Offences by Companies.
86 Removal of Difficulties
87 Power of Central Government to make rules
88 Constitution of Advisory Committee
89 Power of Controller to make Regulations
90 Power of State Government to make rules


© Copyright 2016-18 AL. All rights reserved. SYSTARC