Part 12.3: Data Theft Litigation Strategy

⚖️ Dual Track Remedies for Data Theft

Data theft victims can pursue both civil and criminal remedies simultaneously. Strategic choice depends on objectives, evidence, and perpetrator identity.

🔵 Civil Remedies

Section 43 IT Act: Compensation for unauthorized access/damage
Section 43A: Compensation for negligent data handling
Contract breach: If NDA/confidentiality violated
Tortious action: Privacy invasion, inducing breach
Injunction: Restrain use/disclosure of stolen data

🔴 Criminal Remedies

Section 43/66: Hacking (3 yrs + ₹5 lakh)
Section 65: Tampering source code (3 yrs)
Section 72: Breach of confidentiality (2 yrs)
Section 72A: Disclosure in breach of contract (3 yrs)
IPC 379/BNS 303: Theft (if physical media)
IPC 405/BNS 316: Criminal breach of trust

📋 IT Act Provisions for Data Theft

Section	Offence	Punishment	Nature
43 + 66	Unauthorized access, download, extraction	3 years + ₹5 lakh	Cognizable, Bailable
65	Tampering with computer source code	3 years + ₹2 lakh	Cognizable, Bailable
66C	Identity theft	3 years + ₹1 lakh	Cognizable, Bailable
66D	Cheating by personation using computer	3 years + ₹1 lakh	Cognizable, Bailable
72	Breach of confidentiality by authorized person	2 years + ₹1 lakh	Cognizable, Bailable
72A	Disclosure in breach of lawful contract	3 years + ₹5 lakh	Cognizable, Bailable

📌 Section 43 — Civil Compensation (Unlimited)

Section 43 allows compensation up to ₹5 crore (Adjudicating Officer jurisdiction). For higher amounts, approach Civil Court. No cap under Section 43A for body corporate negligence.

🔍 Evidence Preservation Strategy

💾

Server Logs

Access logs, timestamps, IP addresses

📧

Email Trails

Communication showing intent/planning

📊

Audit Trails

Database access records, exports

📹

CCTV Footage

Physical access to systems

🔐

Access Control Logs

Who accessed what, when

📱

Device Forensics

Seized devices, USB logs

✅ Evidence Collection Best Practices

Engage certified forensic examiner (Section 79A)
Maintain chain of custody documentation
Create forensic images (not work on original)
Generate hash values (MD5/SHA256) for integrity
Contemporaneous notes of collection process

💰 Damages Quantification

Heads of Damages in Data Theft Cases

Direct Loss: Value of data, cost of recreating/recovering
Consequential Loss: Business disruption, lost contracts, revenue loss
Remediation Costs: Forensics, notification, credit monitoring
Reputational Harm: Brand damage, customer loss (harder to quantify)
Legal Costs: Attorney fees, expert fees
Punitive/Exemplary: In egregious cases (rare in India)

⚠️ Quantification Challenges

Indian courts traditionally require proof of actual loss. Speculative or future losses are harder to recover. Build your case with documented financial impact, expert reports, and industry benchmarks.

🌐 Jurisdictional Considerations

📌 Section 75 — Extraterritorial Jurisdiction

IT Act applies to offences committed outside India if the computer, system, or network is located in India. This enables prosecution of foreign perpetrators.

Forum Selection Strategy

Forum	Jurisdiction	Advantage
Adjudicating Officer	Up to ₹5 Crore	IT Act specialized, faster
Civil Court	Unlimited	Higher damages, injunctions
Consumer Forum	Service deficiency	Consumer-friendly, no court fee
Arbitration	Contract clause	Confidential, faster
Criminal Court	Punishment focus	Deterrence, leverage

Data Theft Litigation Strategy