#BigBasket data leak? Do we have rights against the company? #cyberlaw  #dataprivacy

#BigBasket data leak? Do we have rights against the company? #cyberlaw #dataprivacy

107 Просмотров

On 26th April, 2021 some news agencies claimed that e-commerce platform BigBasket, which is a very famous e-grocery platform, had suffered a major data breach. (please see https://www.news18.com/news/tech/bigbasket-data-breach-home-addresses-numbers-of-over-2-crore-indians-made-public-3679523.html).
BigBasket is not the only platform which may be targeted. There are several other e-service delivery platforms which have been targeted in the past. But what we should be concerned about is the liability of the intermediary and more specifically liability as a body corporate to protect the sensitive personal data. Indian Information Technology Act, 2000(amended in 2008) in S.43A speaks about liability of the body corporates as follows:
43A Compensation for failure to protect data. -Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. Explanation. -For the purposes of this section,-
(i) "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;
(ii) "reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;
(iii) "sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
Earlier Facebook Cambridge Analytica case created a global sensation for data leak of users. The nature of the issue is quite similar here (for more understanding about body corporate's liability in this regard see https://debaraticyberspace.blogspot.com/2018/09/the-great-facebook-hack-liability-of.html ).
in all such cases, S.43A of the IT Act provides a remedial measure. To know more about this see Halder.D (2017). Corporate Liability for Data Protection in India: A Critical
Analysis of S.43A of the Information Technology Act, 2000 (Amended in 2008).
In Nidhi Saxena (ed) Cybercrimes in 21st Century. Manakin Press ISBN: 978-93-
843705-3-4 ISBN-13:978-1-4438-9579-8

Тэги:

##BigBasket ##databreach ##cyberlaw ##bodycorporate ##intermediaryliability ##cybervictimology ##hacking
Ссылки и html тэги не поддерживаются


Комментарии: