Internal Security·Legal Reforms
Data Breaches and Privacy Concerns — Legal Reforms
Constitution VerifiedUPSC Verified
Version 1Updated 7 Mar 2026
| Entry | Year | Description | Impact |
|---|---|---|---|
| Information Technology (Amendment) Act, 2008 | 2008 | This amendment introduced significant provisions related to data protection, specifically Section 43A and Section 72A into the IT Act, 2000. Section 43A deals with compensation for failure to protect data, making a body corporate liable for negligence in maintaining reasonable security practices. Section 72A prescribes punishment for disclosure of information in breach of lawful contract. These sections, along with the IT Rules, 2011, formed the primary legal basis for data protection in India prior to the DPDP Act, 2023. | Provided the first specific legal recourse for individuals affected by data breaches and unauthorized disclosure of personal information by corporate entities. It established a 'reasonable security practices' standard and introduced penalties, albeit limited, for non-compliance. This amendment was a crucial step in acknowledging the need for data protection in India's burgeoning digital economy, laying the groundwork for more comprehensive legislation. |