AA manager discloses an employee's personal data to a third party without consent
BAn employee accidentally sends a confidential email to the wrong recipient
CA company discloses information about a public figure that is already available publicly
DSharing publicly available information within the company
Answer:
A. A manager discloses an employee's personal data to a third party without consent
Read Explanation:
Section 72: Penalty for breach of confidentiality and privacy
Definition:
Section 72 of the IT Act deals with unauthorized access to or disclosure of information without the consent of the person concerned. It is intended to protect individuals' confidential information and privacy from unauthorized actions by those who have lawful access to such information.
Whoever, in pursuance of any of the powers conferred under this Act, has secured access to any electronic record, book, register, correspondence, information, document, or other material without the consent of the person concerned and discloses such information to any other person, shall be punished.
Punishments:
Imprisonment for a term which may extend to two years.
Fine which may extend to one lakh rupees, or both.
Key Aspects:
Secured Access: The section covers individuals who have obtained access to electronic records or information lawfully, as part of their job, legal powers, or other authorized means.
Without Consent: The breach occurs when the individual discloses the information without the explicit consent of the person to whom the information pertains.
Confidential Information: This includes any data or material that is supposed to remain private and confidential, such as personal records, financial data, communication, or any other sensitive information.
Examples:
Unauthorized Disclosure by an Employee: If an employee who has access to sensitive company data (e.g., customer information, trade secrets) shares this information with a third party without the company’s consent, they could be prosecuted under Section 72.
Leak of Personal Data: If a service provider (like a telecom or internet service provider) shares a customer's private information (e.g., browsing history, personal identification data) with an advertiser or any other entity without the customer's permission, they are liable under this section.
Accessing and Sharing Medical Records: If a person working in a healthcare facility accesses a patient’s electronic medical records and shares them with others without the patient’s consent, this would constitute a breach under Section 72.
Government Officials Misusing Access: A government official who, while exercising their official duties, accesses private data (like income tax returns, Aadhar information) and discloses it to an unauthorized party would be committing an offense under this section.