NATIONAL LAW UNIVERSITY, ORISSA

PROJECT
ON
TORTIOUS LIABILITY IN CASE OF
MISUSE OF PERSONAL INFORMATION

Developed and Prepared by- APARNA SHUKLA (2015 B.B.A.LL.B 012)

ABHILASHA JHA (2015 B.B.A.LL.B 001)

Submitted to

Mr. Amrendra Kumar Ajit

1
ACKNOWLEDGEMENT
We take this opportunity to express our profound gratitude and deep regards to our guide
Professor Hiranmayee Mishra for her exemplary guidance, monitoring and constant
encouragement throughout the course of this project. The blessing, help and guidance given
by her time to time shall carry us a long way in the journey of life on which we are about to
embark .We are obliged to staff members of NLUO, for the valuable information provided by
them in their respective fields. We are grateful for their cooperation during the period of our
assignment. Lastly, we thank Almighty, our parents and friends for their constant
encouragement without which this assignment would not be possible.

2
INTRODUCTION
Tortious liability arises from the breach of a duty primarily fixed by law: this duty is towards
persons generally and its breach is redressible by an action for unliquidated damages.1
Salmond defined Tort as “a civil wrong for which the remedy is a civil law action for
unliquidated damages and which is not exclusively the breach of contract or breach of trust or
other merely equitable obligation”. Furthermore, Limitation Act defines Tort as civil wrong
which is not exclusively a breach of contract or breach of trust2.

Misuse of personal property means misuse of anything which is in private possession of

oneself for instance data, work or property. Fundamentally, misuse of personal information is
the violation of or invasion into one’s privacy.3

Privacy is one of the basic and fundamental concepts which can be understood within every
human society. Protection is one of those judicious ideas which can be comprehended, at
some level, inside of each human culture. Accordingly, security is hard to characterize and
much all the more difficult to gauge. Maintaining a strategic distance from normal
impediments to security research, protection ought to be analysed from the outlook of its
invasion.4

The jurisprudence of privacy has a fragmented history. The first insight of privacy dates back
to 1890 in an article published in Harvard law review.5 The history of recognition to right to
privacy in India started with a dissenting opinion by Justice Subba Rao in Kharak Singh v.
State of UP. 6And later on was affirmed by majority of judges in Govind v. State of MP7. It
was held in the latter case that right to privacy in India emanates from article 21 which talks
about right to life and personal liberty.8

Internet is the social behaviour of global society; India is no exception to it, data protection
and privacy depend on ‘The Information Technology Act 2000′, and this article cannot be

1
W.V.H. Rogers (ed.), “Winfield and Jolowicz on Torts” 5(1990)
2
Limitation Act,1963, 2 M
3
Louis Brandeis and Samuel Warren, the Right to Privacy, (1890) 4 HARV L. R. 193.
4
www.linklaters.com (last visited on sep 14,2015)
5
Louis Brandeis and Samuel Warren, the Right to Privacy, (1890) 4 HARV L. R. 193.
6
Kharak Singh v. State of UP, AIR 1963 SC 1295.
7
Govind v. State of MP, AIR 1975 SC 1378.
8
http://www.iamwire.com/2014/08/indian-laws-privacy-digital-information-users/84277 ( last visited on 20
aug, 2015)

3
completed without the reference of Art 21 and Art 19. While there is no express indication to
a right to privacy into the Constitution of India, an interpretation of Supreme Court of India
considered it under article 21, life with dignity, and freedom of expression under article 19.9

In simple words privacy can be defined as a right to be let alone10. None can publish anything
concerning the above matters without his consent, whether truthful or otherwise and whether
laudatory or critical. Ife he does so, he would be violating the right to privacy of the person
concerned and would be liable in an action for damages.11

But in certain cases, the privacy of a person is not only breached but the content is made
available in public which results as defamation and loss of reputation. 12

Personal Privacy: “Intrusions into one's physical space or solitude"13. Confidentiality can
be regarded as the issue under personal privacy. It means it is a set of rules or promises that
places restrictions on certain type of information.14 Injunction can be regarded as the remedy to
obstruct the publication of information that may be determinate to the person whose confidence
is breached. Injunction will not be given to the one where information is already in the public
spheres e.g. statement made in the court room is in public spheres whereas statement made
while confronting the camera disclosed will be a breach of confidentiality.15

Informational Privacy [Data Privacy]: "Information privacy,” is an individual's right

to control his or her personal information held by others. 16 Together security measures has a
large bearing on the individual’s life as national security measures include gathering
information , tracking individuals transactions on the doubt of suspicious movements,
monitoring user activities for analysis of crime detention. This hampers the rights of an

9
Ibid
10
http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html ( last visited on 20
Aug, 2015)
11
http://indiankanoon.org/doc/5439094 : M/S.Akshaya Creations vs V.Muthulakshmi ( last visited on 20 Aug ,
2015)
12
Referred case: case of Swami Nithyananda wherein a leaked videotape involving a Tamil actress thrust
Swami Nithyananda was made public

13
As defined by H. Jeff Smith in his book- Managing Privacy: Information Technology and Corporate America,
1994
14
http://www.legalservicesindia.com/article/article/confidentiality-an-emerging-tort-in-india-1541-1.html
15
Ibid
16
httpsht://epic.org/misc/gulc. ( last visited on 20 august, 2015)

4
individual who would like to share his information to an extent for national security.17
Organisational Privacy: Privacy is important to organizations in competitive situations
and also in other relations18. As organizations become more interdependent and involved in
more frequent contact with other organizations, it is suggested that strategic intelligence
systems can be even more effective, since each interaction in the environment creates some
evidence about capacity and intention that others can collect and interpret.19 Thus the
complex environment characteristic of most corporations may in itself decrease the chance
for organizational privacy.20

Privacy and Digital Literacy

Privacy plays an integral role in digital literacy because it serves ethical purposes: it measures
whether people use information technology responsibly and how well courts and
governments apply the traditional legal and policy practices that protect research and the
creative process. Too much privacy around information, for example, locks up material that
potentially could be used in creative projects; too little privacy could, depending on the
information, devalue and degrade incentives for innovation. A balance must be maintained.21

Internet cannot override privacy

In a recent judgement, Court of Justice of European Union has opined that a person has right
to instruct the internet search engines like google to keep certain personal information of
individuals as secret. The Hon. Court opined that to view all the details available on internet,
may be dangerous many a times, therefore, a person has the right to instruct the search
engines to keep certain personal information as secret, and not accessible. This ruling
provides a level of protection against invasion of privacy.22 People will never achieve true
privacy and anonymity online.23

17
Ibid
18
http://www.sciencedirect.com/science/article/pii/S0378720679800038 :Article on The Future of
Organizational Privacy by Anne Sigismund Huff. ( last visited on 20 aug, 2015)
19
Ibid
20
Ibid
21
https://digitalliteracy.cornell.edu/privacy/dpl5000.html. ( last visited on 20 aug, 2015)
22
http://www.cyberlawclinic.org/casestudy.asp. ( last visited on 20 aug, 2015)
23
http://techcrunch.com/2015/04/26/internet-privacy-is-the-wrong-conversation/#.txsq2g:t4EK. ( last visited
on 20 aug, 2015)

5
SCOPE
In this project, the researcher is focusing in the field of Cyber Privacy and has narrowed
down the topic of “tortious liability in case of misuse of personal information” accordingly.
In this research, we are just covering the liability in case of infringement of cyber privacy.
My scope for this study will limit to the cyber laws of INDIA and UNITED STATES OF
AMERICA

RESEARCH METHODOLOGY
The present study is essentially doctrinal study, research undertaken is descriptive in nature
with a bit of evaluative approach to the topic. Both Primary and Secondary data has been
used to the best of the efficiency to elevate the quality of research. The citations are given in
the Oscola Format to mention the sources used to carry out the research.

RESEARCH QUESTIONS:
1. How did the need for cyber privacy arise in India?
2. How judicial intervention in case of cyber privacy laws differs in case of different
countries?
3. How effective laws and judicial interventions for cyber privacy laws are, in case of India?

6
CHAPTER 1: INTRODUCTION
This part shall give an overview of the project. A basic concept of what all will be discussed
further in the project. Basics of Cyber laws and various judicial interventions associated with
it.
Informational technology has spread its networks across the world connecting into one. The
range of cyberspace has went large and diversified so as the expansion in cybercrimes to i.e.
breach of online contracts, commitment of online torts and crimes etc. Due to consequences
of these there was need to adopt strict cyber laws by the cyber space authority to regulate
criminal activities and for the better administration of justice to the cybercrimes victim.
Especially in the modern day times it is necessary to regulate cybercrimes and cyber laws
should be made stricter in case of cyber terrorism and hackers.24
Cyber law, is still a less distinct law than property, contract etc. as it covers several ambit of
law and regulation. It is a term used that abridges the legal issues related to transactional,
communicative and distributive aspects of networked devices and technologies. IT law is a
set of recent decree being followed in several countries, governing the process and
dissemination of information digitally. These legal decree contain several aspects including
software access, protection of computer software, control of digital information, privacy,
security, internet access and electronic commerce. These laws are referred as “paper laws”
for “paperless environment”. With the advent of multi channelled television all over the
world, and fast spreading internet network, the privacy of an ordinary person is under threat.
Breach of privacy is a kind of cyber tort which effects a common man.25
Privacy to a large extent signifies the right to be left alone. Judge brandies used the phrase ”
the right to be left alone” in his decent in Olmsted v united states26, the first of the
wiretapping case heard by the supreme court of USA.
Cyber stocking may be direct corollary to violation of privacy laws on the internet. There are
several situations one may countenance when one deals with privacy vows on the internet.
The following may be the key areas of concern when one comes across privacy related
issues:-
a. Interception via wiretapping the phone line on the senders’ end. Emailing may, thus be,
conveniently intercepted in such a manner.
b. Disclosure of contents

24
www.dsci.in (last visited on September 15,2015)
25
www.securitycommunity.tcs.com
26
277 US 438, P478 [1978], referred from “ THE LAWYERS COLLECTIVE”, JULY 2000, P 25

7
c. Disclosure of essential data while registering on to a particular domain such as chatting
site, where precaution and registration policy for the surfer are not conveniently outlined.

Sec 71 of the information technology act 2000 prohibits interception of emails during transit.
Similarly, reading emails during storage on the computer system is also prohibited by the
aforesaid section read with S43 of the act. The recipient of the email is free to share mailing
material with anyone, provided it is subject to legal implication of confidentiality. 27
Taking into Indian aspect there was no statutes for the issues related to Cyber laws involving
privacy issues, jurisdiction issues, intellectual property right issues and a no of other legal
questions. With the increase in the misuse of technology, there arisen a strict statutory law to
regulate issues related to cybercrimes and to protect the true sense of technology by
enactment of IT ACT, 2000. This act was made to protect the fields of ecommerce, e
governance, e banking and defined penalties as well as punishments in the field of
cybercrimes. Also certain sections of IPC and as some cyber space crime are invading right
to privacy, article 21 of Indian constitution are some governing laws for cyber space crime
which imposes various liabilities in India.28

The following sections are dealing with the cybercrimes:-

1. Penalty and Compensation for damage to computer, computer system (Sec 43 IT Act)
2. Compensation for failure to protect data. (Sec 43A IT Act)
3. Tampering with computer source Documents (Sec 65 IT Act)
4. Hacking with computer systems, Data Alteration (Sec 66 IT Act)
5. Sending offensive messages through communication service (Sec 66A IT Act)
6. Dishonestly receiving stolen computer resource or communication device (Sec 66B IT
Act)
7. Identify theft (Sec 66C IT Act)
8. Cheating by personating by using computer resource (Sec 66D Act)
9. Violation of privacy (Sec 66E Act)
10. Cyber terrorism (Sec 66F Act)
11. Publishing or transmitting obscene material in electronic form (Sec 67 IT Act)
12. Punishment for publishing or transmitting of material depicting children in sexually
explicit act, etc. in electronic form (Sec 67B IT Act)

27
Ramaswamy Iyers the law of torts, A lakshminath and M Sreedhar, 10th edition
28
http://www.lawctopus.com/academike/cyber-crimes-other-liabilities/

8
13. Preservation and Retention of information by intermediaries (Sec 67C IT Act)
14. Power to issue directions for interception or monitoring or decryption of any information
through any computer resource (Sec 69 IT Act)
15. Power to issue directions for blocking for public access of any information through any
computer resource for Cyber Security (Sec 69B IT Act)29

29
www.Legalseervicesindia.com/cyber laws in India – IT act - cyber lawyers

9
CHAPTER 2:

EVOLUTION OF CYBER PRIVACY

“The modern thief can steal more with a computer than with a gun. Tomorrow’s terrorist
maybe able to do more damage with a keyboard than with a bomb.”30

The internet world has drastically changed the way we think, the way we administer, the way
we do trade and the way we see ourselves. Data innovation is enveloping all kinds of
different backgrounds everywhere throughout the world. The internet makes space for moral,
common and criminal wrongs. It has now given better approach to criminal propensities as it
is interested in all. The laws of certifiable can't be translated in the light of rising the internet
to incorporate all angles identifying with distinctive exercises in the internet.31 Due to
anonymous nature of the internet, it is impossible to engage into a variety of criminal
activities with impunity and people with intelligence, have been terribly abusing this part of
the web to sustain criminal exercises in the internet.32 There was an Increase in use of ICTs in
conducting business transactions and international trade and no legal protection was available
under existing laws.33 Privacy is not simply something we appreciate. It is something that is
essential for us to: create who we are; shape a character that is not managed by the social
conditions that specifically or in a roundabout way impact our reasoning, choices, and
practices; and choose what sort of society we need to live in. Regardless consistent
information accumulation about all that we do - like the kind directed by Facebook and an
expanding number of different organizations - shapes and produces our activities. We are
distinctive individuals when under reconnaissance than we are when getting a charge out of
some security. Furthermore, Cohen's contention lights up how the breathing room gave by
protection is key to being a finished, satisfied individual.34 Internet privacy is the privacy and
security level of personal data published via the Internet It is a wide term that alludes to a

30
National Research Council, U S A “computers at risk”. 1991
31
http://www.slideshare.net/AdityaShukla7/cyber-law-in-india-its-need-importance
32
http://www.slideshare.net/poonambhasin33/need-and-importance-of-cyber-law
33
https://prezi.com/7zv9fhfcwuuz/evolution-of-cyber-law-in-india-02/
34
http://www.theatlantic.com/technology/archive/2013/02/why-does-privacy-matter-one-scholars-
answer/273521/

10
mixture of variables, strategies and innovations used to secure delicate and private
information, correspondences, and inclinations.

Web protection and obscurity are central to clients, particularly as e-business keeps on
picking up footing. Protection infringement and danger dangers are standard contemplations
for any site being worked on.

Web protection is otherwise called online security. Web security is reason for sympathy
toward any client wanting to make an online buy, visit a person to person communication
webpage, partake in internet amusements or go to gatherings. On the off chance that a secret
key is traded off and uncovered, a casualty's personality may be deceitfully utilized or stolen.

Internet privacy risks include:

 Phishing: An Internet hacking activity used to steal secure user data, including
username, password, bank account number, security PIN or credit card number.
 Pharming: An Internet hacking activity used to redirect a legitimate website visitor to
a different IP address.
 Spyware: An offline application that obtains data without a user's consent. When the
computer is online, previously acquired data is sent to the spyware source.
 Malware: An application used to illegally damage online and offline computer users
through Trojans, viruses and spyware.

Internet privacy violation risks may be minimized, as follows:

• Always use precaution programming applications, for example, hostile to infection,

against malware, hostile to spam and firewalls

• Avoid shopping on questionable sites

• Avoid uncovering individual information on sites with lower security levels

• Clear the program's reserve and perusing history on a steady premise

• Always utilize exceptionally solid passwords comprising of letters, numerals and

extraordinary

11
We are living in an exceedingly digitized world. All organizations rely on their PC systems
and keep their important information in electronic structure. Government structures including
Income tax return forms, company law forms and so on are currently filled in electronic
structure. Buyers are progressively utilizing their MasterCard and check cards for shopping.
The vast majority is utilizing email, phones and sms administration for correspondence. Since
it touches all parts of the exchange exercises on and concerning the web, the internet and the
internet privacy hence is critical. 35To cater this need of privacy, finally on 17 October 2000,
THE INFORMATION TECHNOLOGY ACT, 2000 (IT ACT) came into force. The
INFORMATION TECHNOLOGY ACT of 2000 consisted of 94 sections segregated into 13
chapters. And this act was amended in 2008 i.e. IT act amendment 2008 which was passed by
parliament on 23 December and received its assent from president on 5th February 2009.It
consists of 124 sections and 14 chapters.

35
http://www.slideshare.net/AdityaShukla7/cyber-law-in-india-its-need-importance?next_slideshow=1

12
CHAPTER 3:
A comparative Analysis: Cyber privacy

laws of INDIA and U.S.A

INDIA
The Information Technology Act 2000 (amended in 2008)

The INFORMATION TECHNOLOGY ACT was first drawn up in 2000, and has been
revised most recently 2008. The Information Technology (Amendment) Bill, 2008 amended
sections 43 (data protection), 66 (hacking), 67 (protection against unauthorised access to
data), 69 (cyberterrorism), and 72 (privacy and confidentiality) of the Information
Technology Act, 2000, which relate to computer/cybercrimes.

Section 72 [Breach of confidentiality and privacy] amended vide Information

Technology Amendment Act 2008 reads as under:
Save as otherwise provided in this Act or any other law for the time being in force, any
person who, in pursuant of any of the powers conferred under this Act, rules or regulations
made there under, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person
concerned discloses such electronic record, book, register, correspondence, information,
document or other material to any other person shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or
with both.

[Section 72 A] Punishment for Disclosure of information in breach of lawful contract

(Inserted vide ITAA-2008):
Save as otherwise provided in this Act or any other law for the time being in force, any
person including an intermediary who, while providing services under the terms of lawful
contract, has secured access to any material containing personal information about another

13
person, with the intent to cause or knowing that he is likely to cause wrongful loss or
wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful
contract, such material to any other person shall be punished with imprisonment for a term
which may extend to three years, or with a fine which may extend to five lakh rupees, or with
both.36
Section 43(A): Compensation for failure to protect data:
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a
computer resource which it owns, controls or operates, is negligent in implementing and maintaining
reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person,
such body corporate shall be liable to pay damages by way of compensation, to the person so affected.37
Section66(E): Punishment for violation of privacy:
Whoever, intentionally or knowingly, captures, publishes or transmits the image of a private area of any person
without his or her consent , under circumstances violating the privacy of that person , shall be punished with
imprisonment which may extend to three years or with fine not exceeding two lakh rupees , or with both.38

Section 72: Breach of confidentiality and privacy :

Save as otherwise provided in this act or any other law for the time being in force, any person who, in pursuant of any of
the powers conferred under this act, has secured access to any electronic record , book , register , correspondence ,
information , document or other material without the consent of the person concerned discloses such electronic record ,
book, document or other material to any other person shall be punished with imprisonment for a team which my
extend to two years .39

THE PRIVACY PROTECTION BILL (2013)

The Privacy (Protection) Bill, 2013 does not provide any definition of “privacy”; however, it
focuses on the protection of personal and sensitive personal data of persons. This bill shall
have an overriding effect on all existing provisions directly or remotely related to privacy as
section 3 provides that “ no person shall collect , store , process, disclose or otherwise handle
any personal data of another person except in accordance with provisions of this act and any
rules made thereunder.” However, it provides an exception to this rule under section 4 by

36
http://www.legalserviceindia.com/article/l288-Breach-of-privacy-&-Confidentiality-.html
37
http://www.academia.edu/9275187/CYBER_PRIVACY_ISSUES_IN_INDIA.
38
http://www.chmag.in/article/jul2012/section-66e-punishment-violation-privacy-policy
39
http://www.itlaw.in/section-72-breach-of-confidentiality-and-privacy/.

14
stating that “nothing in this act shall apply to the collection, storage, processing or disclosure
of personal data for personal or domestic use.40

’Privacy Protection bill (2013) is to establish an effective regime to protect the privacy of all
persons and their personal data from Governments, public authority, private entities and
others, to set out conditions upon which surveillance of persons and interception and
monitoring of communications may be conducted, to constitute a Privacy Commission, and
for matters connected therewith and incidental thereto.41

Among the many legal issues presented by the Internet, privacy is a leading problem. In fact,
Internet privacy covers a broad range of concerns: fears about the safety of children in chat
rooms and on the World Wide Web, the privacy of e-mail, the vulnerability of web users to
having their Internet use habits tracked, the collection and use of personal information, the
freedom of people to chat and post messages anonymously. Moreover, the rapid evolution of
the Internet has frequently brought such privacy concerns before lawmakers and the courts.

Privacy concerns are frequently newsworthy. During the 1990s, child safety advocates
highlighted special online dangers for children following high-profile abuse cases. Internet
commerce has also been affected, too. The Federal Trade Commission (FTC) report noted in
2000 in its annual report to Congress that survey data demonstrated 92% of consumers are
concerned about the misuse of personal information online. Privacy concerns over unsolicited
commercial messages arose as Internet users battled to keep this so-called “spam” out of their
e-mail inboxes, while in 2001, civil liberties advocates opposed potential abuse by the
Federal Bureau of Investigation of its Carnivore hardware, a data-collecting technology
attached to Internet services for criminal investigation.

Congress has been reluctant to enact legislation, relying upon a privacy law last revised in
1986 and passing only one new Internet privacy law in the 1990s. This was not for want of
ideas. Numerous bills proposing Internet privacy protections were submitted in Congress
during the late 1990s and early 2000s, and the Federal Trade Commission (FTC) also
proposed legal reform. But lawmakers showed deep reservations about trifling with Internet
regulation of privacy, expressing fears about hurting online commerce and creating an
40
http://psalegal.com/upload/publication/assocFile/IPR&TechnologyBulletin-
IssueXXVIII.pdf?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original. ( last visited
on 20 aug, 2015)
41
http://cis-india.org/internet-governance/blog/privacy-protection-bill-2013.pdf. ( last visited on 20 aug, 2015)

15
unenforceable regulatory scheme. Internet crime laws passed, but these criminalized intrusive
and destructive behaviours without directly creating privacy rights.

The legal framework for online privacy thus rests largely on two federal laws, a subdued
federal regulatory approach, a mixture of state laws, and contradictory case law from the
courts:

 In 1986, Congress significantly updated the Electronic Communications Privacy Act

(ECPA), originally enacted two decades earlier in 1968 to prevent telephone
wiretapping. The law protects the privacy of much online communication, such as e-
mail and other digital messaging, but far from all of it. The law offers little privacy
protection to electronic communication in the workplace, which courts have further
restricted.
 The Children’s Online Privacy Protection Act of 1998 was passed amid complaints
that websites frequently sought too much personal information from children. The law
requires website operators to maintain privacy policies, grants parents powers to
control information gleaned from their children by websites, and grants regulatory
power to the FTC.
 Throughout the 1990s, the FTC studied and recommended proposals for new Internet
privacy laws. The commission made such recommendations again in its annual 2000
report on the issue, but in 2001 new FTC leadership called for more study of the issue
and a continued emphasis on self-regulation by business.
 Passed in response to the September 11, 2001 terrorist attacks upon the United States,
the Patriot Act of 2001 appeared likely to significantly impact online privacy. The law
dramatically increases federal police investigatory powers, including the right to
intercept e-mail and track Internet usage.
 Courts have offered mixed verdicts on anonymity on the Internet. In 1997, Georgia
was prohibited from enforcing a statute that barred anonymous communication in
ACLU v. Miller. In subsequent cases, courts have allowed plaintiffs to force
disclosure of the identities of anonymous users of Internet message boards, but some
have required that strict evidentiary standards are met by plaintiffs first.42

42
http://internetlaw.uslegal.com/privacy/

16
 Judicial Remedies and Penalties for Violating the Privacy Act

The Act specifically provides civil remedies, 5 U.S.C. Sec. 552a (g), including damages, and
criminal penalties, 5 U.S.C. Sec. 552a (I), for violations of the Act.

The civil action provisions are premised on agency violations of the Act or agency
regulations promulgated thereunder.

An individual claiming such a violation by the agency may bring the civil action in a federal
district court. If the individual substantially prevails, the court may assess reasonable attorney
fees and other litigation costs against the agency. In addition, the court may direct the agency
to grant the plaintiff access to his/her records, and when appropriate direct the agency to
amend or correct its records subject to the Act.

Actual damages may be awarded to the plaintiff for intentional or willful refusal by the
agency to comply with the Act.

In the case of "criminal violations" of the Act (Section 3 of the Act, 5 U.S.C. Sec. 552a(i)
limits these so-called penalties to misdemeanours), an officer or employee of an agency may
be fined up to $5,000 for:

A. Knowingly and wilfully disclosing individually identifiable information which is prohibited

from such disclosure by the Act or by agency regulations; or

B. Wilfully maintaining a system of records without having published a notice in the Federal
Register of the existence of that system of records.

In addition, an individual may be fined up to $5,000 for knowingly and wilfully requesting or
gaining access to a record about an individual under false pretences.

While the Act does not establish a time limit for prosecutions for violation of the criminal
penalties provision of the Act, it does limit the bringing of civil action to two years from the
date on which the cause of action arose. See 5 U.S.C. Sec. 552a (g) (5). However, the time
limit for filing a civil action may be tolled for material and wilful misrepresentation by the
agency of any information which is required to be disclosed, if the misrepresentation is
material to the liability of the agency.

17
A civil action may be filed in the U.S. District Court in the district where the requester
resides or has his/her principal place of business; in which the agency records are located; or
in the District of Columbia.43

43
http://www.justice.gov/usam/eousa-resource-manual-142-judicial-remedies-and-penalties-violating-
privacy-act

18
CHAPTER 4 :
State of cyber privacy laws in India
It has been depicted that there is no such comprehensive legislation on privacy in our country
yet. So it has been left with our judiciary how to interpret legislations concerned with the
privacy issues in the country. On April 11, 2011, India’s Ministry of Communication and
Information Technology ( Reasonable security practices and procedures and sensitive
personal data or information) rules 2011, under the Information Technology Act, 2000. India
has brought now privacy law with immediate effect and wide area covering how companies
will do the business.44
The rules under this act applies only to these certain areas:-
 Body corporate and not to the government.
 Electronically generated and transmitted information.
 A limited scope of sensitive personal information.
 A body corporate when contractual agreement is not already in place45
“Increase in the use of online banking and internet use in the country, this has become the
favourite place for the cybercrimes and cyber criminals to reside at. “According to 2014
statistics India ranks third after US and Japan in the banking malware.46
LATEST CASE OF CYBER CRIME TOOK PLACE IN INDIA AND ITS RELIEF:-
Andhra Pradesh Tax Case:-Dubious tactics of a prominent businessman from Andhra
Pradesh was exposed after officials of the department got hold of computers used by the
accused person. The owner of a plastics firm was arrested and Rs 22 crore cash was
recovered from his house by sleuths of the Vigilance Department. They sought an
explanation from him regarding the unaccounted cash within 10 days.

The accused person submitted 6,000 vouchers to prove the legitimacy of trade and
thought his offence would go undetected but after careful scrutiny of vouchers and
contents of his computers it revealed that all of them were made after the raids were
conducted.

It later revealed that the accused was running five businesses under the guise of one

44
http://www.astrealegal.com/right-of-privacy.
45
http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india
46
http://tech.firstpost.com/news-analysis/number-of-cyber-crimes-in-india-may-touch-300000-in-2015-
248116.html

19
company and used fake and computerised vouchers to show sales records and save
tax.47

Talk on Section 66a of the IT Act:-

Section 66a talks about the sending of the offensive messages that is discussed broadly and
which is in violation of art19 (1)(a) of our constitution. Therefore it can be protruded out that
some messages are grossly offensive and cause “annoyance” or “inconvenience”, even
though when the information is false.48
 . Legislations are expected and presumed to be consistent in their use of terms. When
the Act uses "publication" in one sense in select provisions (Section 67), but does not
use "publication" in Section 66A, it means it does not intend to include mere
publication by posting. In other words, although "sending" may result in publication,
all publication cannot be equated to sending.
 The limited circumstance when publication on website would amount to "send" is
when information published on the portal is "sent" and "received" by subscribers of
the site/blog/social networking site. Simply put, we'll have to distinguish between
publication simpliciter on a website/an update on Twitter or Facebook and a message
which is communicated.
 Not just that, there's a reason why the IT Act or Section 66A does not provide for
defamation by publication on a site. Section 499 of the IPC is broad enough to apply
to defamation using any medium, therefore one does not need any provision under the
IT Act for it. This applies to obscenity and the like offences as well.49
The cyber privacy laws has been made but its effectiveness cannot be seen as the cybercrimes
are increasing at an alarming rate. The crime rate has been increased from 966 to 4356 in 3
years from 2011-14.50

47
http://www.cyberlawclinic.org/casestudy.asp
48
http://cis-india.org/internet-governance/blog/breaking-down-section-66-a-of-the-it-act
49
http://thedemandingmistress.blogspot.in/2011/10/section-66a-of-information-technology.html
50
http://cis-india.org/internet-governance/news/hindustan-times-january-20-2015-devanik-saha-indiaspend-
350-per-cent-surge-in-cyber-crimes-in-last-3-years

20
Conclusion:-
As Cory Doctorow put it in his article for the, “we trade our privacy for services.”51 Till
now the matter of privacy is on debate in our country as laws has been made in our country
but the crimes rates are also increasing at an alarming rate. There has been raised a public
opinion that something should change regarding personal information online whereas
solution is unclear. The above essay consists of various statutes, information which relates to
cyber privacy and consequences and tortuous liability arising out of it. The only way in which
we, as a connected society, will be able to shape the changing scene of the Internet positively
is if people are aware of what Internet privacy really means today.52 Therefore, we come to
an end with the belief that strengthening of the privacy laws and true picture of the internet
could be enacted soon.

51
http://p3internetprivacy.weebly.com/in-conclusion.html
52
Ibid

21
RESOURCES:
In order to conduct a qualitative evaluative study of the subject, the researcher has used
several relevant cases, books, articles, statutes, websites, reports etc.

BOOKS:
a. A reference book on torts that is WINFIELD and JOLOWICZ ON TORTS 18th edition By
W.V.H ROGERS, M.A.
PUBLISHED BY- THOMSON REUTERS
b. THE LAW OF TORTS by JUSTICE G.P.SINGH Published by RATAN LAL AND
DHEERAJLAL

E- resources:
ManuPatra
Itlaw.in
STATUTES AND LAWS-
a. LAW OF TORTS
b. Cyber laws

22