Topics on Data Theft that can help for an Informed Decision.
DATA THEFT: Let’s understand Data Theft!
Ever had highly confidential data stolen? You ought to read this!
Data is a valuable asset in the modern world of Information Technology. The songs in your laptop, your pictures in your phone or the login details you use for Internet banking, all constitute data. Data theft happens when computer based information is stolen from various devices by using hacking methods. The information stored online on Company databases is extremely prone to be stolen, and the forbidden act is mostly carried out by the most trusted resources. Sensitive information is easily available, making it more prone to theft. As is widely known - Technology breeds insecurity.
Whenever a person illegally downloads, copies or extracts any data from a computer without the permission of owner of such information, it is called ‘data theft’.
These thieves access a person’s or business’s data for monetary gains, blackmailing, spying or any such illegal purposes. For any kind of business, “data” is highly sensitive and includes confidential information such as trade secrets, acquisition plans, financial data, supplier and customer information, etc. For an individual, sensitive data shall refer to personal information such as name, address, date of birth, ID card number, bank account details etc.
A company or an organisation is a highly data sensitive zone therefore, majority of data theft occurs therein. It can both be planned and executed by professionals employed by the Company or an act of hacking by external forces attempting to breach security of an organisation with the purpose of causing destruction, or to make personal monetary gains.
Cyber criminals have devised various methods to steal confidential information of individuals and companies:
- ID Data theft: Even a SIM card can only be purchased through an ID proof nowadays. IDs have a high risk of being stolen, for multiple reasons. Not only do IDs provide a database of people, their information, multiple personalities to perpetrator, etc. they’re related to valuable possessions of the individual including bank accounts, etc.
- Account details: Bank account information is the most sensitive, which if breached by cyber criminals can amount to a huge loss. ATM theft has become a daily occurrence and banks are at a loss of ways to stop these crimes. Internet or mobile banking has left the user even more exposed to such thefts.
- Login credentials: Usernames and passwords are also very sought after by perpetrators. Login information can be stolen by these perpetrators to get access to the social networking accounts or for performing illegal and unauthorised banking transactions.
- Piracy: Theft of copyright material like songs and movies, the pirated versions of which are available on the internet on various websites. It is yet another type of data theft. Even downloading a pirated copy of song from a movie is illegal!
- Medical Records: With the advent of start-ups and the new ways in which technology is being integrated in the business, medicine has seen tremendous technological growth. This growth, needless to say has lead to a growth in Cyber Crimes as well where Criminals use credentials to obtain prescription drugs, medical services and devices for themselves or others.
- Classified data: It could be related to any material data about the company, the product and services etc. which is again highly prone to risk of being stolen.
Data theft is becoming increasingly common these days and many people have fallen prey to it. One may not realise but these thieves are constantly lurking in the corners of internet to steal and exploit sensitive data. Therefore the law provides for certain remedies which are available to a person whose data has been compromised with.
Unlike the United Kingdom, where there is a specific legislation enacted to curb the menace of data theft, known as the Data Protection Act, India does not have a specific Legislation for the same. However, the Information Technology Act, 2000, contains legal remedies available to a user in case their data has been compromised.
The legal remedies against data theft are embraced in the IT Act:
Section 66 : Provides imprisonment up to 3 years, or with fine which may extend up to 2 lakh rupees, or with both.
Section 65: If anyone knowingly or intentionally conceals, destroys, alters or causes another to do as such shall have to suffer imprisonment of up to 3 years or fine up to 2 lakh rupees.
Section 43 of the Act also provides for compensation to be paid if there has been damage caused to the computer system and the value of such damage is one crore rupees;
Section 70: Any attempt to secure access of protected system will make the person liable to be imprisoned for up to 10 years or fine.
Section 72: Imprisonment extendable up to 2 years or fine for breach of confidentiality and privacy of the data.
Section 378 of the Indian Penal Code, 1860 defines theft as Whoever, intending to take dishonestly any movable property out of the possession of any person without that person’s consent, moves that property, is said to commit theft. This definition includes data theft.
The contemporary world is more prone to cyber crimes with new technology and advanced machines popping up everyday. The IT Act is one step towards protecting e-commerce and classifying and punishing any illegal online activity as cyber crimes.
With great power.. Comes great access to data. Sounds familiar? One of the most common issues an Employer faces today is that of data theft by their trusted employees. An Employee who has spent approximately 2 years in a Company, has access to almost all kinds of existing data, sensitive or otherwise, of a company.
For an employee, it becomes easy to steal highly confidential data. The Employee has access to almost every available detail, which the employee can be tempted into stealing for a promised consideration. An employee can steal a company’s data for insider trading, soliciting customers or earning some extra bucks from the rival company in exchange of trade secrets
In 2009, a company named Dupont filed a suit against one of its employee for misappropriation of trade secrets by stealing confidential information. In a banking company if an employee steals and leaks out confidential information then the customers and clients would also suffer along with the banking institution.
Following are few steps that could be taken by employer to prevent data theft:
- The Employer should ensure that a strongly worded Non-Disclosure agreement has been drafted especially as per the Employer’s requirements, and have it signed by his employees.
- The Employer should ensure protection of data and keep a check on any retrieval, extraction, downloading, etc. of such data. Restricting access to certain websites on the company’s server is one of the many steps.
- The Employer should take timely and quick action in any such case where there is a strong suspicion on an Employee. The Employer can appoint an expert to detect and overcome any breach or theft by an employee.
- In addition to a Non-Disclosure Agreement, a Non-Compete Agreement is just as important. Such agreement should mention that the Employee ought not to join any such organisation which may utilise any sensitive information that such Employee may have.
Keeping the trade secrets, a secret and protecting the company’s sensitive information is the Employer’s duty and he must safeguard it with all requisite precautions and quickly respond to any compromise.
Strong anti-piracy laws have been enacted in various parts of the world. Even though a new anti- piracy law was not enacted in India, websites were banned, restraining action was taken against all websites which facilitated movie or song downloads.
The recent ban on everybody’s favorite Kickass Torrent website broke many downloaders’ hearts all over the world! When Bollywood movies like Udta Punjab or Dangal were leaked on these websites, online piracy and data theft became household news.
Download- An act of illegally storing information from another person’s computer system.
Copy- An act of duplicating another person’s data into own device.
Extract- An act of removing or altering the data stored in another’s computer system.
Downloading content available online is an unauthorised act and results in cyber theft of data. In addition to downloading movies, various other downloads, extractions, unauthorised copying, etc. are also activities which lead to what we know as “identity theft”.
When an Employee copies information from their office databases/servers for their personal use, transmission or further distribution, they’re indulging in the activity of theft, which is a criminal offence.
Most people don’t understand that the mere act of copying data in an unauthorized manner is an illegal act and amounts to a criminal offence. There might be classified information available which is not to be copied, and doing so, amounts to theft.
When while using someone else’s device you extract data and store it on yours, without their permission, knowledge or consent - you are guilty of a cyber crime!