In today’s digital era, protecting personal data is more important than ever. Section 72A of the Information Technology Act, 2000, plays a vital role in safeguarding sensitive information from misuse. This provision imposes strict penalties on those who disclose or share personal data without consent, especially when done with malicious intent or for personal gain. Understanding Section 72A is crucial for individuals, businesses, and IT professionals to ensure compliance and avoid legal consequences.
What Is Section 72A Of The IT Act?
Any person, including intermediaries, can face penalties for disclosing personal information. If someone accesses personal data while providing services under a lawful contract, they must protect that data.
If they share this data without consent or breach the contract, they violate the law. This applies when they intend to cause harm or know their actions may cause wrongful loss or gain.
Explanation of Section 72A Of The IT Act?
Body Corporate: A “body corporate” refers to any company. It also includes firms, sole proprietorships, or any group of individuals involved in business or professional activities.
Reasonable Security Practices and Procedures:These are measures designed to protect personal data. They prevent unauthorized access, misuse, damage, modification, or disclosure. Such practices can be part of a contract or defined by law. If no agreement or law exists, the Central Government will set the rules in consultation with expert bodies.
Sensitive Personal Data or Information:This includes specific types of personal data which the Central Government defines in consultation with professional bodies or associations.
What Is The Penalty for Breach of Confidentiality Under Section 72A?
Section 72A of the IT Act, 2000, sets strict penalties for unauthorized data disclosure.
The offender may face imprisonment of up to three years.
A fine of up to ₹5 lakh may also apply.
In some cases, both jail time and a fine are imposed.
This penalty applies to anyone, including intermediaries, who share personal data without consent. If the disclosure violates a lawful contract and aims to cause wrongful loss or gain, the law enforces strict action.
What Are The Section 72A Guidelines for Employees?
Employees must follow strict rules under Section 72A of the IT Act, 2000. This section protects personal data from unauthorized disclosure during employment.
Maintain Confidentiality: Employees must not share personal or sensitive data without consent. Any breach can lead to penalties under Section 72A.
Consent and Privacy Policy: Employers must get written consent before collecting sensitive data. Employees should understand the privacy policy and know how their data will be used or shared.
Right to Access and Correct Data: Employees can access their personal data and request corrections if any information is inaccurate.
Data Retention Rules: Employers should store personal data only as long as needed. Typically, data must be kept for at least three years for legal purposes.
Follow Contract Terms: Employees must respect confidentiality clauses in their contracts. Violating them can result in fines, jail time, or both under Section 72A.
Popular Cases
Sanjay Pandey vs Directorate of Enforcement (2022)
The Delhi High Court explored how Sections 69B, 72, and 72A of the IT Act apply in cases of data misuse. The court clarified that Section 72A deals with unauthorized disclosure of information gained through legal contracts. Sanjay Pandey, a former police commissioner, was accused of using confidential data from phone surveillance for commercial gains.
The court highlighted that even if access to data was lawful, disclosing it without consent breaches Section 72A. It stated that confidentiality must be respected in all contractual data-handling scenarios. This judgment reinforced the seriousness of data privacy violations, even when the initial access is legal.
Awadhesh Kumar Paras Nath Pathak vs The State of Maharashtra (2020)
The Bombay High Court examined how Sections 72 and 72A of the IT Act work with the Indian Penal Code (IPC). The case involved an accused who allegedly misused personal data obtained through his professional position.
The court analyzed whether the breach of digital confidentiality also amounted to criminal breach of trust under IPC. It observed that IT Act provisions can function alongside IPC offenses when trust and privacy are both violated.
This ruling emphasized that digital privacy breaches may attract both IT Act penalties and traditional criminal charges. It underlined the judiciary’s approach to treating online confidentiality breaches as serious offenses.
Conclusion
Section 72A of the IT Act serves as a strong legal shield against the unauthorized sharing of personal data. With growing concerns around privacy and cybersecurity, this section reinforces accountability and promotes ethical handling of sensitive information. Staying informed about such legal provisions helps in building trust, maintaining data integrity, and avoiding hefty penalties in India’s evolving digital landscape.
