The age-old question which arises in minds of people of this country is that in India is there a law, is there actually a right to privacy? Because the concept like aadhar we have aadhar card which is something like a social security number on the basis of which we try to cover and link all our accounts together so that our identity can be established but most often this question lingers our mind that what if one of the various information gets leaked, am I consenting to give such a right without protection around it to ensure my privacy?
So we investigate the laws which are presently accessible in India with respect to this, explicitly talking there is no enactment as such to secure information in India neither the constitution explicitly award the central right to protection anyway the courts have perused the Right To Privacy existing under basic right under certain sensible limitations. Article 19(1)(A)1, article 212 and 19(2) of the constitution, sensible limitations are those which can be forced by the state while practicing the articles of the constitution in conceding equity. For the situation of Justice puttaswami versus Union of India3 the seat of Hon'ble SC held the privilege to protection as principal directly with sensible limitations and these limitations are viewed as fundamental for the equilibrium of law to be kept up, without a communicated enactment the courts have practiced their forces to figure out what is sensible and what isn't sensible and they generally have had been on the correct side of the law.
Currently, the laws in India governing the Data protection act are the Information Technology Act and the Indian Contract Act, which are codified laws. The Data protection bill is yet to be introduced.
The IT act manages the issues identifying with the installment of pay and discipline if there should arise an occurrence of illegitimate revelation and abuse of individual information and infringement of authoritative terms in regard to individual information. Area 43(A) of the IT act expresses that a Section 43A of the IT Act 4explicitly gives that at whatever point a corporate body has or manages any touchy individual information or data, and is careless in keeping sensible security to ensure such information or data, which in this manner makes improper misfortune or illegitimate addition any individual, at that point such body corporate will be responsible to pay harms to the person(s) so influenced. There could be no maximum cutoff indicated that can be asserted by a distressed in guaranteeing compensation. The IT act manages the issues identifying with the installment of pay and discipline in the event of unfair revelation and abuse of individual information and infringement of legally binding terms in regard to individual information. Segment 43(A) of the IT act expresses that a Section 43A of the IT Act 4explicitly gives that at whatever point a corporate body has or manages any delicate individual information or data, and is careless in keeping sensible security to ensure such information or data, which in this manner makes improper misfortune or unjust addition any individual, at that point such body corporate will be at risk to pay harms to the person(s) so influenced. There could be no upper limit specified indicated that can be claimed by aggrieved in claiming compensation.
Section 72A5 provides for the punishment for disclosure of information in breach of lawful contract and any person may be punished with imprisonment for a term not exceeding three years, or with a fine not exceeding up to five lakh rupees, or with both in case disclosure of the information is made in breach of lawful contract. , has also been made punishable in IT act of 2000 according to which the imprisonment is up to 3 years and fine extending to rupees 5 lakhs.
But these are all compensation measures not deterring factors, the guidelines of protection of something like this happening is still not there in India. and that's the lacuna that's why the aggregators and other app holders hold the authority to exploit the platform because the people will never get to know their data has leaked.
In the absence of existing legislation, there have been provisions made and the government is trying to evolve with the current scenario on the GDPR rule which is the General Data Protection Regulations 6which is authorized by the EU which is the European Union.
The Government has told the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules just arrangements with insurance of "sensitive individual information or data of an individual", which incorporates such close to home data which comprises of data identifying with:-
The guidelines give the sensible security practices and methods, which the body corporate or any individual who for body corporate gathers, gets, have, store, arrangements or handle data is needed to follow while managing "Individual delicate information or data". If there should arise an occurrence of any break, the body corporate or some other individual following up for body corporate, the body corporate might be held at risk to pay harms to the individual so influenced.
Under area 72A of the (Indian) Information Technology Act, 2000, exposure of data, purposely and deliberately, without the assent of the individual concerned and in the break of the legal agreement has been likewise made culpable with detainment for a term reaching out to three years and fine stretching out to Rs 5,00,000 (approx. US$ 8,000).
It is to be noted that s 69 of the Act, which is an exception to the general rule of maintenance of privacy and secrecy of the information, provides that where the Government is satisfied that it is necessary for the interest of:
Section 65 of the IT act7 covers the software engineers, coders, source coders, programming coders all are covered under this demonstration
So many time it is found in friendly average stages that there is a spillage of information, a profile has been duplicated yet we will not measure and push ahead and document a grievance yet individuals need to be proactive and mindful that these laws are in support of ourselves and we should practice them without an information assurance bill. Certain revisions have likewise been made in the IT act 2000, expanding its ambit.
Hence in general the current information security law is corrective is a greater amount of the outcome of what occurs however how would we contain the system of the structure with the laws as far as information assurance is still to be figured.