Data theft, as a civil violation or Criminal offence predominantly relates to theft of commercial data. In some circumstances it could relate to personal data also if it is stolen without the consent of the owner of the system through dishonest means.
Case 1: Employees of a Bank were arrested for stealing customer data. The Bank after having been notified of the possible data leak by a former employee conducted an internal investigation and noted that two employees using the Shared Access Network of the Bank had illegally gained access to 447 customer accounts and had mailed the said information to their personal email addresses.
Case 2: An IT Firm, recently learned that one of its former top level employees, who had resigned to join a competitor had stolen proprietary data and information belonging to the IT Firm before he resigned.
The IT Firm, as part of its routine process upon the resignation of an employee, conducted a forensic analysis of the systems used by the said ex-employee. The Company discovered that the employee had, without authorization of the Company, used a personal USB and had accessed and transferred several documents and presentations from his office laptop on to his personal USB, which proprietary data and information belonging to the IT Firm.
Use of strong data usage policies were needed even before COVID19 situations of lockdown and work from homes. Now companies will be required to review their existing policies and Employee Agreements, as work from home also mandates accessing of proprietary data of companies from private homes and possibly from personal devices.
Such situations further aggravate the alternate possibility also – that employees may be victimised in some instance – either due to misunderstanding or when they leave and join competitors or when they set up businesses, which become strong competition for the parent company.
Effective Employee Agreements, which are balanced and fair; data policies including on use, retention and return; IT Audits; Cyber hygiene are just some of the aspects that companies and businesses will require for protecting their proprietary data on one hand and also for employees to avoid vexatious litigations on the other for alleged data thefts.
For such violations the Information Technology Act, 2000 (as amended) (“IT Act”) provides both civil and Criminal remedies under S.43(b) IT Act.
It is important to know that removing of proprietary data without the consent of the owner is a civil violation and commission of the same act with dishonest or fraudulent intent is a Criminal offence. It may be work done by the employee or created by the employee whilst working for the company or business or employer. It does not give the employee the right to remove such content. Similarly employers cannot initiate vexatious actions merely to scuttle competition. Such vexatious actions can also be contested through counter claims.
Know your law and your rights and ensure that data is not illegally removed. Prevention in such cases is the best remedy and if inspite of preventive measures a breach occurs, file your complaint. – you can do this online on cybercrime.gov.in . Protect yourself and protect others. Be A Cyber Saathi!
“The website and modules therein contain details of different kinds of cybercrimes and violations and some of such content or material on Cyber Saathi may contain language or details which may not be explicit / sensitive in nature and may not be appropriate for Users below the age of 18 years. For users below18 years of age, parental consent and guidance is mandatory. Parents are advised to review content in advance. “