PENALTY FOR BREACH

OF CONFIDENTIALITY
AND PRIVACY
IT ACT 2000

Eksha Malhotra
500091532
B.Tech CSE- Devops
AGENDA
01 INTRODUCTION
04 S.72 PENALTY FOR BREACH OF
CONFIDENTIALITY AND
PRIVACY

02 WHAT IS IT ACT 2000

05 S.72 A : PENALTY FOR
BREACH OF
CONFIDENTIALITY AND
PRIVACY

03 WHAT IS PRIVACY AND

CONFIDENTIALITY 06 CONCLUSION
INTRODUCTIO
N
In the fast-paced digital realm, safeguarding sensitive information is not just crucial—it's the key
to maintaining trust and integrity. Privacy and confidentiality stand as guardians, ensuring
individuals' control over their personal data and thwarting unauthorized access.
Penalties for breach of confidentiality and privacy act as vigilant watchdogs, holding
accountable those who dare to compromise data integrity. They're not just consequences; they're
the backbone of data protection, reinforcing the sanctity of privacy laws and fortifying trust in
digital exchanges.
This presentation will navigate through the specifics of penalties for breach of confidentiality
and privacy under the Information Technology Act 2000, illuminating their pivotal role in
upholding privacy and confidentiality.
 IT ACT 2000
The Information Technology Act 2000 stands as a cornerstone of Indian cyber laws, passed by the Indian Parliament in the year
2000.With the exponential growth of electronic transactions and online activities, the Act provides a vital legal framework,
ensuring the legitimacy and protection of digital transactions and e-commerce. By establishing rules and regulations, it protects
the interests of internet users while combating cybercrime and safeguarding sensitive information. Moreover, the Act empowers
regulatory authorities, granting them the necessary tools to enforce cyber laws effectively and prosecute offenders.
• Objectives:
⚬ Promotes e-commerce and regulates electronic transactions.
⚬ Safeguards internet users amidst rising cybercrime.
⚬ Empowers regulatory authorities to combat electronic crime effectively.
• Impactful Provisions:
⚬ Legal recognition of electronic transactions and digital signatures.
⚬ Authorization for electronic data storage.
⚬ Prevention of computer crime and protection of internet users' privacy.
PRIVACY &
CONFIDENTIALI
TY
• Privacy:
⚬ Individuals, groups, or institutions claim the right to control
the communication of their information.
⚬ It's about deciding when, how, and to what extent personal
information is shared.
⚬ Privacy is often implied and includes the "right to be let
alone."
• Confidentiality:
⚬ Arises from an obligation of confidence between data
collectors and data subjects.
⚬ Protects information provided for specific purposes from
unauthorized use or disclosure.
⚬ Applies to various types of information, including
employment, medical, or financial data.
 SECTION 72: PENALTY FOR
BREACH OF
CONFIDENTIALITY AND
This law states that,” Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in

PRIVACY
pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any
electronic record, book, register, correspondence, information, document or other material without the consent of the person
concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one
lakh rupees, or with both.”

This section applies only to person who has gained access to the above mentioned information in pursuance to a power granted
under Information Technology Act, its allied rules e.g. a police officer, the Controller etc. it would not apply to disclosure of
personal information of a person by a website, by his email service provider etc.
SECTION 72: PENALTY FOR
BREACH OF
CONFIDENTIALITY AND
Persons conferred with power under the Act:-
The Act has conferred powers to :

PRIVACY
• The Controller of Certifying Authorities (Ss. 17-18)
• The Deputy and Assistant Controllers of Certifying Authorities (Ss. 17 and 27)
• Licensed Certifying Authorities (S. 31) and Auditors (Rule 312)
• The Adjudicating Officer (S 46)
• The Presiding Officer of the Cyber Appellate Tribunal (Ss. 48-49)
• The Registrar of the cyber Appellate tribunal (S. 56 and rule 263)
• Network Service provider (S. 79)
 SECTION 72A:PUNISHMENT
FOR DISCLOSURE OF
INFORMATION IN BREACH OF
LAWFUL CONTRACT
It states ,“Save as otherwise provided in this Act or any other law for the time being in force, any person including an
intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing
personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or
wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any
other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may
extend to five lakh rupees, or with both.] “ -Ins. by s. 37, ibid. (w.e.f. 27-10-2009).

An "intermediary" refers to any person or entity that facilitates electronic communication or the transmission of information
over the internet. This could include internet service providers, social media platforms, online marketplaces, and other similar
entities.
 AADHAR LEAK CASE - 2017
One real-life case involving Section 72 of the Information Technology Act 2000 is the "Aadhaar Data Breach
Case." In 2017, it was reported that the personal details of millions of Indian citizens, including their Aadhaar
numbers (a unique biometric identification number), were leaked online due to a breach in the Aadhaar database.
In this case, it was alleged that certain individuals, including employees of government agencies or private
organizations entrusted with handling Aadhaar data, accessed this sensitive information without consent and
disclosed it to unauthorized parties. Such actions would be considered violations of Section 72, as the disclosure
of electronic records without consent is punishable under the Act.
• The Aadhaar data breach case underscores the importance of enforcing laws like Section 72 to protect the
privacy and confidentiality of individuals' personal information. It highlights the need for stringent measures
to prevent unauthorized access to sensitive data and hold accountable those responsible for breaches of
confidentiality and privacy.
CONCLUSION
Section 72 of the Information Technology Act 2000 serves as a crucial
deterrent against breaches of confidentiality and privacy in the digital realm.
By imposing penalties for unauthorized disclosure of sensitive information,
the Act reinforces the importance of respecting privacy rights and
maintaining data integrity. It underscores the need for accountability and
responsible handling of electronic records, books, correspondence, and other
materials. Section 72 ensures that individuals and entities conferred with
powers under the Act uphold the highest standards of data protection and
privacy, thereby fostering trust and confidence in electronic transactions.
Compliance with Section 72 not only mitigates legal risks but also
contributes to a safer and more secure digital ecosystem for all stakeholders
involved.
THANK YOU!
+123-456-7890

123 Anywhere St., Any City

@reallygreatsite
hello@reallygreatsite.com