Section 72 of the Information Technology Act targets the breach of confidentiality and privacy by persons who have gained access to electronic records, information, or documents through the powers conferred by the Act. It is a critical provision that prevents officials, employees, or contractors from abusing their authorized access to disclose private information without consent. While other laws cover data theft, Section 72 specifically addresses the betrayal of trust by those with legal access.
Who Does Section 72 Apply To?
Unlike general privacy violations, Section 72 focuses on individuals who come into possession of electronic records while performing duties under the IT Act or its rules. This includes system administrators, government officers involved in investigations, and technical staff at intermediaries. If an individual discloses this information—whether it is an email, a financial record, or a personal document—to another person without the consent of the owner, they are in direct violation. This makes Section 72 a key pillar of data protection and privacy for citizens and corporations alike.
Penalties for Unauthorized Disclosure
The law prescribes imprisonment for a term of up to two years, a fine of up to one lakh rupees, or both. This punishment ensures that those with "the keys to the kingdom" understand that their access is conditional on maintaining confidentiality. For companies, this means that even if an employee has a legitimate reason to see sensitive data, they are criminally liable if they share it outside of authorized channels. Implementing a managed security strategy with strict data leakage prevention (DLP) controls is the best way to mitigate this risk.
The Requirement of Consent
The central defense in a Section 72 case is consent. Disclosure is only an offence if it happens without the permission of the person concerned. In a corporate environment, this highlights the need for clear NDAs and employee handbooks that specify which disclosures are authorized. For individuals, it provides a legal shield against the "leaking" of personal records by those who were supposed to be guarding them. If you suspect your data has been disclosed by a former employee or an official, a cyber crime investigation can help trace the path of the leak.
Protecting Confidentiality in Investigations
During a digital forensic audit or a compliance check, sensitive information is often exposed to investigators. Section 72 ensures that these professionals must keep that data confidential. At Central Cybersecurity, we use digital forensics protocols that prioritize data integrity and privacy, ensuring that only the evidence required for the case is processed and that all other information remains confidential.
Secure Your Confidential Records
Trust is easy to break but hard to rebuild. If your organization's confidential data has been disclosed without authorization, or if you need to strengthen your internal data handling policies to prevent a breach, contact our privacy consultants for a secure and confidential strategy session.