(Note from Editor: We have come across incidents where disgruntled BPO employees have sold or misused the personal information of the customers of the client company. We had no specific law to punish such disclosure earlier. With amendment to the Act in 2008, we can actually assure the companies out sourcing services from India, that wrongdoer shall be not go unpunished for the unauthorized disclosure of such information.)
Section 72 A of Information Technology Act, 2008 reads as follows-
“Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.”
From last five years it has been observed that India is playing crucial role in outsourcing business. Outsourcing has been started with call centres and later on it developedinto BPO, KPO, LPO and many other outsourcings forms. As these outsourcing companies help the Indian economy also. Most of outsourcing companies deal with the foreign client’s data i.e. third party information and hence it is necessary for these companies to deal with such third party information very carefully with due diligence so as to avoid misuse of such information. For that, Indian Information Technology Act, 2000 has provisions under sec.72A which was inserted by virtue of amendment made in Information Technology Act in 2008.
According to the provision under sec.72A – any act which discloses information in breach of lawful contract, is an offence. Now a days these outsourcing companies deal with third party data and personal information of clients, customers etc. as they are having contractual relationship between them. We are aware of various incidents involving misuse of third party data or personal information. It mainly occurs as breach of contractual relation which would exist between said intermediary and client. To curb such incidents law provides specific provision which defines such act as a crime.
While affording services under the term of their contractual relationship, these intermediaries are permitted to have secured access to clients /any other person’s personal information. If alleged access has been done with intention that is likely to cause wrongful loss or gain then this section comes into picture. Further if the party or the intermediary discloses this information to any other person in default of consent or in breach of their contractual relationship, it amounts to commit an offence Under Sec.72A, which is punishable with imprisonment for a term which may extend 3 years or fine which may extend to 5 lakh rupees or with both.