Blog Details

  • Home
  • Blogs
  • Section 43A: Compensation for Failure to Protect Data
  • February 6, 2025

Section 43A: Compensation for Failure to Protect Data

Section 43A: Compensation for Failure to Protect Data

In this digital generation, the data becomes one of the most valuable things. All businesses run on the specific data of their customers. Also, government employees use the data of the individuals to access their movement in selected areas. This information is confidential and the agencies need to protect them from hackers. If the unauthorised person takes this information then this can harm the dignity of an individual. The section 43A of the IT Act 2000 is made to give compensation to the individuals to protect their sensitive data. This blog will clarify the details of Section 43A and the Lawyer’s involvement in getting the compensation.

Understanding Section 43A of the IT Act

Section 43A was introduced in the Information Technology (Amendment) Act, 2008 to increase the strength of the data protection laws in India. Before this law, the IT Act was made for cybercrimes. However, this somehow fails to give protection to the individual’s data. 

According to Section 43A of the IT Act, if a company or an organization that handles sensitive personal data or information (SPDI), and then fails to implement “reasonable security practices and procedures,” resulting in wrongful loss or gain, it shall be liable to pay compensation to the affected party.

Application of Section 43A

The section applies to any body corporate, meaning any company, firm, or organization engaged in commercial or professional activities that collect, store, or process sensitive personal data. Not all data is covered under Section 43A. The rules specify that only sensitive personal data or information (SPDI) is protected. This SPDI includes

  • Passwords
  • Financial information (e.g., bank account details, credit card numbers)
  • Health-related information
  • Biometric information
  • Sexual orientation
  • Any other information classified as sensitive by law

Companies must adopt reasonable security practices and procedures to protect SPDI. These security measures should be direct with international standards such as ISO 27001 or industry best practices. If an organization fails to implement basic security measures a data leak happens, leading to a big loss to an individual. This time the company is liable to compensate the affected party.

Legal Support in Section 43A

Section 43A is supported by several other legal provisions in India. This includes:

  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These rules tell what constitutes “sensitive personal data” and give the details of the security measures that organizations must follow.
  • Personal Data Protection Bill (PDP Bill) (yet to be filled in the provision) This bill provides stricter regulations and penalties for data leaks.
  • General Data Protection Regulation (GDPR).  Though GDPR applies to European countries, Indian companies operating globally must comply with international data protection laws.

Penalties and Consequences of Non-Compliance

If the agencies or the companies fail with Section 43A, this can result in big consequences, including:

  1. Monetary Compensation
    • Companies must compensate individuals who suffer financial, reputational, or emotional damage due to a data leak.
  2. Legal Action
    • Victims can file a complaint with the official Officer under the IT Act.
  3. Reputational Damage
    • Data leaks can lead to loss of customer trust and damage to brand reputation.
  4. Regulatory Sanctions
    • Regulators can apply additional restrictions on companies failing to comply.

Why Choose Us

We are the best lawyers in Delhi and our experienced team can handle the complexities of this case. This case involves a lot of big names or big companies. This section is made to give the best result to the individuals and we can help to achieve that. Our team can handle all the groundwork and set you free. Please feel free to contact us.



Add Comment

Archives

Categories

Decision Are A Professional Attorney & Lawyers Services Provider Institutions. Suitable For Law Firm, Injury Law, Traffic Ticket Attorney, Legacy And More.

Contact Info

+(002) 0121-2843-661
+(002) 0106-8710-594
AR-Coder@arcoder.com
Support@arcoder.com
Menouf City , El-Menoufia, Egypt.
Shibin El-Kom , El-Menoufia, Egypt.

Follow Us

As per the rules of the Bar Council of India, we are not permitted to solicit work and advertise. By accessing and using this website, the user acknowledges the following:
The user wishes to gain more information about us for his/her own information and use;
There has been no advertisement, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
The information about us is provided to the user only on his/her specific request and any information obtained or materials downloaded from this website is completely at the user’s volition and any transmission, receipt or use of this site would not create any lawyer-client relationship.
The information provided herein should not be interpreted as legal advice, for which the user must make independent inquiries.
Whilst every effort has been taken to ensure the accuracy of the contents of this website, Chambers of Daksha Kumar, disclaims all liability arising from reliance placed by the user or any other third party on the information contained or provided under this website.
All disputes, if any, relating to this website are subject to the exclusive jurisdiction of courts in New Delhi, India only.

Accept Not Accept

×