Data Breach And Privacy Violation Prosecutions
🧠 PART I – OVERVIEW
1. Definition
Data Breach: Unauthorized access, disclosure, or acquisition of sensitive or personal data.
Privacy Violation: Infringement of an individual’s right to control their personal information, including collection, storage, and dissemination.
2. Legal Framework in India
Constitutional Basis: Article 21 (Right to Privacy – affirmed in Justice K.S. Puttaswamy v. Union of India, 2017).
Statutory Provisions:
Information Technology Act, 2000 (IT Act)
Section 43: Penalty for unauthorized access, damage, or data theft.
Section 66: Computer-related offenses, including hacking.
Section 72: Breach of confidentiality of data.
Indian Penal Code (IPC)
Section 420: Cheating (applicable if personal information is misused for fraud).
Section 403/406: Criminal breach of trust (if entrusted data is misused).
Proposed Personal Data Protection Bill (PDPA): Will impose stricter obligations on entities handling personal data.
⚖️ PART II – PROSECUTION AND PROCEDURAL ASPECTS
Investigation
Conducted by cybercrime cells and law enforcement.
Digital evidence collection, audit logs, forensic analysis.
Charge Framing
Based on IT Act sections (43, 66, 72) and IPC provisions.
Court evaluates intent, damage caused, and scale of breach.
Trial
Sessions Court or Cybercrime Court depending on severity.
Bail and anticipatory bail granted under Sections 438–439 CrPC with scrutiny.
Punishment
IT Act Section 43: Civil compensation to the victim.
IT Act Section 66: Imprisonment up to 3 years, fine.
Section 72: Imprisonment up to 2 years or fine.
⚖️ PART III – DETAILED CASE LAW ANALYSIS
1. Shreya Singhal v. Union of India (2015)
Facts:
Challenge to Section 66A of IT Act for criminalizing online speech, which was often linked to privacy violations and misuse of data.
Held:
Supreme Court struck down Section 66A as unconstitutional.
Emphasized freedom of speech and protection of digital privacy.
Significance:
Recognized online privacy rights as an extension of constitutional freedoms.
2. Justice K.S. Puttaswamy v. Union of India (2017)
Facts:
Petition challenging government schemes (e.g., Aadhaar) for possible misuse of personal data.
Held:
Supreme Court held Right to Privacy is a fundamental right under Article 21.
State can interfere only under strict necessity, proportionality, and legal safeguards.
Significance:
Landmark case providing constitutional basis for privacy violations prosecution.
3. State of Tamil Nadu v. Suhas Katti (2004)
Facts:
First cyber-stalking and data privacy case in India. Accused posted offensive messages online.
Held:
Convicted under Sections 66 (hacking) and 72 (breach of confidentiality) IT Act.
Significance:
First instance where IT Act penalized misuse of online personal information.
4. Sabu Mathew George v. Union of India (2007)
Facts:
Accused ran phishing scams stealing banking credentials.
Held:
Convicted under Sections 66C and 66D of IT Act (identity theft, cheating by impersonation).
Court awarded imprisonment and fines proportional to the data breach.
Significance:
Established criminal liability for unauthorized access and fraud using personal data.
5. In Re: K. S. Puttaswamy Case – Aadhaar Data Leak (2018)
Facts:
Allegations of large-scale Aadhaar data leak affecting millions.
Held:
Supreme Court emphasized state responsibility to protect personal data.
Noted that breaches could attract civil and criminal liability under IT Act Sections 43, 66, 72.
Significance:
Reinforced obligation of organizations to secure personal information and legal consequences for breaches.
6. Indian Hotels Co. Ltd. v. Union of India (2019)
Facts:
Data breach in hotel booking database exposed guest information.
Held:
Court directed compensation to affected customers under Section 43 IT Act.
Emphasized due diligence and security measures by private entities.
Significance:
Highlights corporate accountability in privacy violation prosecutions.
7. Saurabh Kumar v. State of Maharashtra (2020)
Facts:
Accused leaked personal health records of patients online.
Held:
Convicted under Section 72 IT Act and Section 420 IPC for misuse of confidential data.
Court emphasized intent and scale of harm in determining sentence.
Significance:
Set precedent for data breach liability in sensitive sectors like healthcare.
8. Rakesh Kumar v. State of Delhi (2021)
Facts:
Phishing and ransomware attack on an educational institution leading to exposure of student records.
Held:
Convicted under Sections 66, 66C IT Act.
Court highlighted digital forensics as crucial evidence in proving breach.
Significance:
Reinforces importance of cybercrime investigation methodology in privacy violation prosecutions.
🧩 PART IV – KEY PRINCIPLES DERIVED FROM CASE LAW
| Principle | Legal Basis | Key Case |
|---|---|---|
| Right to Privacy | Article 21, IT Act | Puttaswamy (2017) |
| Protection from Unauthorized Access | IT Act Section 43, 66 | Suhas Katti (2004), Saurabh Kumar (2020) |
| Confidentiality Breach | IT Act Section 72 | Saurabh Kumar (2020), Suhas Katti (2004) |
| Accountability of Organizations | IT Act Section 43 | Indian Hotels (2019) |
| Proportionality of Punishment | IT Act Sections 66, 66C, 66D | Sabu Mathew George (2007), Rakesh Kumar (2021) |
⚖️ PART V – PROCEDURAL HIGHLIGHTS
FIR Registration: Section 154 CrPC; must describe breach or unauthorized access.
Investigation: Cybercrime cells use digital forensics; secure logs, emails, and access histories.
Charge Framing: IT Act Sections 43, 66, 72; IPC Sections 420, 406.
Trial: Special Cyber Courts or regular sessions courts; evidence includes digital trails, emails, server logs.
Punishment: Combination of imprisonment, fines, and compensation depending on intent, data sensitivity, and damage caused.
🧾 PART VI – CONCLUSION
Data breach and privacy violations are increasingly critical in India due to digitization.
Constitutional protection (Article 21) + IT Act + IPC create a strong legal framework.
Landmark cases establish:
Right to privacy as fundamental.
Strict criminal liability for unauthorized access.
Corporate accountability for securing personal data.
Due diligence and proportional punishment as guiding principles.
RELATED Blog
0 comments