Section 43: Penalty and Compensation for damage to computer, computer system, etc

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network –

(a) accesses or secures access to such computer, computer system or computer network or computer resource;
(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
(e) disrupts or causes disruption of any computer, computer system or computer network;
(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network;
(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injurously by any means;
(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage,

he shall be liable to pay damages by way of compensation to the person so affected.

Explanation – for the purposes of this section –

(i) “Computer Contaminant” means any set of computer instructions that are designed –
(a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
(b) by any means to usurp the normal operation of the computer, computer system, or computer network;

(ii) “Computer Database” means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;

(iii) “Computer Virus” means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource;

(iv) “Damage” means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means.

(v) “Computer Source code” means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

---

More on Section 43: Penalty and Compensation for damage to computer, computer system, etc:

Comments: Section 43 of Information Technology Act basically provides for civil liability as against criminal liability which is dealt with Chapter 11: Offences. Under this section you can claim for compensation before an Adjudication Officer appointed under section 46 of Information Technology Act, if any of the above acts listed under this Section have been committed against you… this includes unauthorized access to a computer, downloading/extraction of data as in JIO case, damage to a computer system, introduction of computer virus and so on. This remedy is in addition to any criminal liability you may have under Chapter 11.

News #1: A dropout from Rajasthan arrested in the Reliance JIO susbciber data leak matter

Reliance Jio owned by Mukesh Ambani had registered an FIR with the Navi Mumbai police under section 379 (theft) of the IPC and section 43 (2) (data theft – downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium) and 66 (computer related offences) of the Information Technology Act. In this respect, the Maharashtra police has arrested a computer course dropout from Rajasthan for allegedly leaking database of Reliance Jio customers on a website – Magicapk.com. He will be produced in a court in Rajasthan for transit remand and will then be brought to Navi Mumbai. Also, Forensic analysis is under way to find out if Jio’s database has been leaked and how the accused managed to get his hands on the data.

Case # 1: Poona Auto Anillaries Pvt. Ltd., Pune Versus Punjab National Bank, HO New Delhi & Others

Summary: In 2013, in one of the largest compensation awarded in legal adjudication of a cyber crime dispute, Maharashtra’s IT secretary Rajesh Aggarwal had ordered PNB to pay Rs 45 lakh to the Complainant Manmohan Singh Matharu, MD of Pune-based firm Poona Auto Ancillaries. A fraudster had transferred Rs 80.10 lakh from Matharu’s account in PNB, Pune after Matharu responded to a phishing email. Complainant was asked to share the liability since he responded to the phishing mail but the Bank was found negligent due to lack of proper security checks against fraud accounts opened to defraud the Complainant.