International School of Business

and Media,
Bangalore

Subject : Legal Aspect of Business

Assignment : IT Section 43 & 66

Submitted to : Advocate Vittal B R

Submitted by : Simran Mandal (B2325032)
Date : 22/02/2025
 Cyber Laws and Information
Technology
THE ACT OF THE PARLIAMENT RECEIVED THE ASSENT OF THE PRESIDENT
ON THE 9TH JUNE 2000

Objectives of IT legislation in India

The Government of India enacted its Information Technology Act 2000

with the objectives stating officially as:

“to provide legal recognition for transactions carried out by means of

electronic data interchange and other means of electronic
communication, commonly referred to as “electronic commerce”, which
involve the use of alternatives to paper-based methods of communication
and storage of information, to facilitate electronic filing of documents with
the Government agencies and further to amend the Indian Penal Code,
the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891
and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.”

What does IT Act 2000 legislation deals with?

The Act essentially deals with the following issues:

 Legal Recognition of Electronic Documents

 Legal Recognition of Digital Signatures

 Offenses and Contraventions

 Justice Dispensation Systems for cybercrimes.

Why did the need for IT Amendment Act 2008 (ITAA) arise?
The IT Act 2000, being the first legislation on technology, computers, e-
commerce and e-communication, the was the subject of extensive
debates, elaborate reviews with one arm of the industry criticizing some
sections of the Act to be draconian and other stating it is too diluted and
lenient. There were some obvious omissions too resulting in the
investigators relying more and more on the time-tested (one and half
century-old) Indian Penal Code even in technology-based cases with the IT
Act also being referred in the process with the reliance more on IPC rather
on the ITA.

Thus, the need for an amendment – a detailed one – was felt for the I.T.
Act. Major industry bodies were consulted, and advisory groups were
formed to go into the perceived lacunae in the I.T. Act and comparing it
with similar legislations in other nations and to suggest recommendations.
Such recommendations were analysed and subsequently taken up as a
comprehensive Amendment Act and after considerable administrative
procedures, the consolidated amendment called the Information
Technology Amendment Act 2008 was placed in the Parliament and
passed at the end of 2008 (just after Mumbai terrorist attack of 26
November 2008 had taken place). The IT Amendment Act 2008 got the
President assent on 5 Feb 2009 and was made effective from 27 October
2009.

Notable features of the ITAA 2008 are:

 Focusing on data privacy

 Focusing on Information Security

 Defining cyber café

 Making digital signature technology neutral

 Defining reasonable security practices to be followed by corporate

 Redefining the role of intermediaries

 Recognizing the role of Indian Computer Emergency Response Team

 Inclusion of some additional cybercrimes like child pornography and

cyber terrorism

 Authorizing an Inspector to investigate cyber offenses (as against

the DSP earlier)

Section 43: Penalty and Compensation for Damage to Computer,

Computer System, etc.

Section 43 of the Information Technology Act, 2000, addresses

unauthorized access and actions affecting computers, computer systems,
or networks. It enumerates specific acts, including unauthorized access,
data extraction, introduction of malicious software, data damage,
disruption of services, denial of authorized access, assistance in
contravention of the Act, service charge manipulation, and tampering with
computer source code. Individuals affected by such unauthorized
activities are entitled to seek compensation for damages from the
responsible party. The provision serves as a civil remedy, focusing on
restitution for harm caused by the enumerated actions.

Unauthorized Computer Activity

Section 43 Civil
Remedy

Types of unauthorized Legal Action

Acts

Access Computer File Civil Suit

Download Data
Claim compensation for
damage
Insert Virus

Damage Data

Disrupt System
Section 66: Computer-Related Offences Section 66 pertains to
computer-related offenses committed dishonestly or fraudulently. It
criminalizes acts described in Section 43 when performed with criminal
intent. Offenders under this section are subject to criminal prosecution,
with penalties including imprisonment for up to three years, a fine
extending to five lakh rupees, or both. This section serves as a deterrent
against malicious activities involving computer systems and emphasizes
the criminality of such conduct.

Computer Related Offense with Criminal

Intent

Section 66 Criminal Prosecution

Legal Consequences

Imprisonment Fine Imprisonment and Fine

Up to 3 Years Up to 5 Lakhs
Rupees
II. Case Law Analysis

1. Poona Auto Ancillaries Pvt. Ltd. v. Punjab National Bank

Citation: Adjudicating Officer, Maharashtra IT Secretary, 2013.

Facts: The complainant, Manmohan Singh Matharu, Managing Director of

Poona Auto Ancillaries Pvt. Ltd., fell victim to a phishing attack resulting in
an unauthorized transfer of ₹80.10 lakh from his account with Punjab
National Bank (PNB). Matharu had responded to a fraudulent email,
leading to the compromise of his account credentials.

Issue: Whether the bank was liable for the financial loss incurred due to
the phishing attack, considering the customer's inadvertent disclosure of
sensitive information.

Judgment: The Adjudicating Officer held PNB liable and directed the bank
to compensate Matharu ₹45 lakh. While acknowledging the customer's
negligence in responding to the phishing email, the judgment emphasized
the bank's failure to implement robust security measures and monitor for
fraudulent activities. The bank's negligence in preventing the opening of
accounts with fake credentials, which facilitated the unauthorized transfer,
was a significant factor in determining liability.

Validity: This judgment is valid and underscores the responsibility of

financial institutions to maintain stringent security protocols to protect
customers from cyber fraud, even when customer negligence is a
contributing factor.

2. Delhi Police v. Proprietors of a Web-Hosting Company

Citation: Delhi Police Case, February 2001.

Facts: In one of the early cases under the Information Technology Act,
2000, the Delhi Police arrested two individuals operating a web-hosting
company. The company had shut down a client's website due to alleged
non-payment of dues. The client contended that payment had been made
and filed a complaint.

Issue: Whether the actions of the web-hosting company constituted an

offense under Section 66 of the Information Technology Act, 2000, and
Section 408 of the Indian Penal Code (IPC) concerning criminal breach of
trust.

Judgment: The Delhi Police charged the proprietors under Section 66 of

the IT Act for hacking and Section 408 of the IPC for criminal breach of
trust. The accused were detained for six days in Tihar Jail pending bail.
This case highlighted the applicability of the IT Act in situations involving
unauthorized access and emphasized the legal repercussions of denying
access to digital assets over payment disputes.

Validity: This judgment is valid and illustrates the enforcement of the IT

Act in protecting digital property rights and the legal consequences of
unauthorized access or denial of service, even in commercial disputes.

Conclusion

Sections 43 and 66 of the Information Technology Act, 2000, provide a

comprehensive legal framework addressing unauthorized and malicious
activities involving computer systems. Judicial interpretations, as
evidenced by the aforementioned cases, reinforce the Act's provisions,
ensuring both civil remedies and criminal penalties are effectively applied
to uphold cybersecurity and protect stakeholders in the digital domain.