PENALTIES,COMPENSATION AND ADJUDICATION UNDER IT ACT,2000

by | Feb 19, 2024

The Information Technology Act, of 2000, enacted on 17 May 2000, serves as a pivotal legal framework in India, offering recognition to electronic transactions and fostering the growth of e-commerce. Over the years, it underwent significant amendments, notably with the passage of the Information Technology (Amendment) Act, of 2008. This Penalties and Compensation and Adjudication under IT Act 2000 outlines various objectives, with a primary focus on granting legal recognition for e-transactions, digital authentication signatures, e-data filing, electronic data storage, acknowledgment for preserving electronic books of accounts, and more.

Penalty and Compensation for Damages (Section 43):

Section 43 of the Information Technology Act, of 2000 delineates penalties and compensations for actions detrimental to devices, computer systems, or computer networks. Offenses include unauthorized access, downloading or copying data without authority, injection of computer contaminants, damages to computer databases, disjuncture of computer systems, denial of access, aiding unauthorized access, charging services to another’s account, destruction, deletion, or modification of information, and the stealing, concealing, or damaging of computer source code. The penalties involve compensations not exceeding 1 crore.

Compensation for Failure to Protect Data (Section 43A):

Introduced via the Information Technology (Amendment) Act, 2008, Section 43A places liability on entities negligent in maintaining fair security practices. If such negligence causes wrongful loss or benefit to any person due to the mishandling of confidential personal data or information, the entity is liable for damages through compensation.

Penalty for Failure to Provide Information, Return, or Report (Section 44):

Section 44 of the Information Technology Act,2000 imposes penalties for non-compliance with legal obligations, including failure to submit papers, returns, or reports to the Controller of Certifying Authorities or Certifying Authorities. Failure to provide required documents to the Controller of Certifying Authority may result in penalties:

(a) up to fifteen lakh rupees for each instance,

(b) up to fifty thousand rupees per day for late filing, and

(c) up to one lakh rupees per day for not maintaining necessary books or records.

Penalty for Contravention of Rules or Regulations (Section 45):

Section 45 addresses contraventions of rules or regulations specified under the Act. If a person violates such rules, and no penalty is specified, compensation not exceeding 1 lakh rupees may be imposed for the affected person. Additionally, they might be required to compensate the affected party, with amounts capped at ten lakh rupees for intermediaries, companies, or bodies corporate, and one lakh rupees for others.

Power to Adjudicate (Section 46):

Section 46 grants the Central Government the authority to appoint an adjudicator, typically an officer of the Government, to determine if a person has committed an infringement and is liable for penalty or compensation. The adjudicator, possessing expertise in information technology and legal matters, has powers akin to a civil court. The section also defines the jurisdiction of adjudicators and outlines their powers and procedures.

Examples and Analysis:

  • Example: An employee of a software company gains unauthorized access to the company’s database and steals sensitive customer information, including credit card details. The employee then sells this information to a third party for personal gain.
  • Analysis: The IT Act imposes penalties for unauthorized access and data disclosure, with fines  respectively. Victims can seek compensation under Section 43A, and disputes can be adjudicated by the Cyber Appellate Tribunal or relevant authority. This legal framework aims to protect individuals and companies from cybercrimes and ensure accountability for wrongful actions.

 

The IT (Reasonable Security Practices and Procedures and Confidential Personal Data or Information) Regulations enhance India’s legal framework. Adherence to a detailed information security policy is key, especially in demonstrating compliance in the event of a security breach.The provisions for penalties, compensation, and adjudication under Information Technology Act, plays a crucial role in ensuring the smooth functioning of electronic contracts in the digital age.

Recent Update – 

The Jan Vishwas Act, effective since August, amended 183 provisions across 42 acts, including the Information Technology Act, 2000. Notably, five offenses were decriminalized, penalties for two offenses increased, and Section 66A, penalizing “offensive” messages, was officially removed. Amendments also expanded the scope of adjudication and introduced penalties for non-compliance with CERT-In’s orders. While welcomed by Nasscom for protecting businesses, concerns were raised about the lack of decriminalization under Section 70B. The amendments aim to enhance privacy and align with the draft Digital Personal Data Protection Bill, but some aspects have created legal uncertainties and have been criticized for strengthening penalties rather than decriminalizing.

REFERENCE :

Written By Archana Singh

I am Archana Singh, a recent law master's graduate with a strong aspiration for the judicial service. My passion lies in elucidating complex legal concepts, disseminating legal news, and enhancing legal awareness. I take immense pride in introducing my new legal website - The LawGist. Through my meticulously crafted blogs and articles, I aim to empower individuals with comprehensive legal insights. My unwavering dedication is to facilitate a profound comprehension of the law, enabling people to execute judicious and well-informed choices.

Related Posts