Introduction
Section 72 of the Information Technology Act (IT Act), 2000, safeguards the privacy of digital data. It penalizes unauthorized access or disclosure of personal information by those in trusted positions. This law ensures data confidentiality in India’s growing digital ecosystem.
What Is Section 72 Of The IT Act?
Unless stated otherwise in this Act or any current law, no person can share secured information without consent.
If someone uses powers granted by this Act, rules, or regulations to access any electronic record, book, register, correspondence, or document, they must keep it confidential.
Sharing such materials without the concerned person’s consent is a punishable offense.
To Whom Does Section 72 Of The IT Act Applies To?
This section has a narrow scope. It applies only to specific individuals.
It targets those who exercise powers under this Act, its Rules, or related Regulations.
The law covers only their actions or failures to act.
Others who do not hold such powers fall outside its reach.
Who Holds Power Under the Act?
The Act grants powers to specific authorities for enforcing its provisions. Here’s a breakdown of who holds these powers:
The Controller of Certifying Authorities under Sections 17 and 18
The Deputy and Assistant Controllers under Sections 17 and 27
Licensed Certifying Authorities under Section 31
Auditors under Rule 312
The Adjudicating Officer under Section 46
The Presiding Officer of the Cyber Appellate Tribunal under Sections 48 and 49
The Registrar of the Cyber Appellate Tribunal under Section 56 and Rule 263
The Network Service Provider under Section 79
What Is The Penalty for Breach of Confidentiality Under Section 72 Of The IT Act?
If a person accesses any electronic record, document, or information without consent and then discloses it to others, they face legal action.
The punishment includes imprisonment of up to two years.
The offender may also face a fine of up to one lakh rupees.
In some cases, both imprisonment and fine may apply.
Popular Cases
Tesla Data Breach Exposes Sensitive Information
Tesla suffered a serious data breach after two former employees leaked over 23,000 internal documents. The exposed files included personal details of current and former Tesla employees, alongside confidential company information.
The breach originated from the actions of two ex-employees who still had access to Tesla’s internal systems. Reports reveal that Tesla failed to revoke their access rights after termination. This oversight allowed the individuals to download and share sensitive files.
Among the leaked data were: Names, contact details, and Social Security numbers of employees, Confidential vehicle design documents, Proprietary production information, Internal communications and security protocols
This data breach not only compromised privacy but also risked Tesla’s competitive edge.
The incident has led to reputational harm for Tesla. Experts say the company could face regulatory scrutiny and potential fines under data protection laws like the CCPA (California Consumer Privacy Act) or GDPR, depending on the data scope.
Tesla confirmed the breach and took immediate steps to secure its systems. The company filed lawsuits against the two former employees, accusing them of theft and misuse of proprietary information. Legal action is ongoing.
Government Official Jailed for Leaking Classified Information in New Delhi
A senior government official in New Delhi leaked classified national security documents to foreign agents. The leak was driven by personal gain and financial motives.
The court sentenced the official to two years in prison and imposed a fine of ₹1 lakh. The ruling came under Section 72 of the Information Technology Act, which deals with unauthorized disclosure of information.
The leaked documents contained critical information related to defense strategies and diplomatic plans. Officials say the breach posed a potential threat to national interests and international relations.
The court stressed that government employees must uphold confidentiality. Breaching this duty, especially for personal benefit, weakens the country’s security framework. The verdict reinforces that violations will lead to strict punishment.
Security agencies identified the leak during a routine surveillance audit. They quickly traced the source and launched an investigation. The official was arrested within days of detection.
IT Employee in Bengaluru Jailed for Selling Client Data
An IT employee in Bengaluru illegally accessed sensitive client data. The information included personal and financial details. The employee then sold this data to third parties without consent.
The court found the employee guilty under Section 72 of the Information Technology Act. He was sentenced to 18 months in prison and fined ₹50,000. The court emphasized the seriousness of violating data privacy laws.
The stolen data involved: Client names and addresses, Bank account and credit card details, Confidential project information
The court ruled that IT professionals must handle data responsibly. Misusing client information damages trust and threatens the integrity of the tech industry.
Conclusion
Section 72 plays a key role in protecting personal data in India. It holds accountable anyone who misuses access to private information. This provision strengthens digital trust and promotes secure online interactions.
