Before going into detailed explanation of Data security and protection, it is necessary to define 'Data". The term "Data" has been defined under Information Technology Act, 2000 under section 2(1)(o) as:-
1.Data means representation of knowledge, facts, concept or instructions.
2.Which are being prepared in a formalised manner.
3.And is intended to be processed, is being processed or has been processed.
4.In a computer system or computer network or may be in any form.
5.Or stored internally in the memory of computer.
Computer Data Base is defined under section 43 of I.T. Act, 2000. The ingredients of the section are:-
1.Representation of Information, knowledge, facts, concepts.
2.In a text, audio, video, image.
3.Those are being prepared or have been prepared.
4.In a formalised manner.
5.Or have been produced by a computer, computer system or computer network.
6.Intended for use in computer, computer system, computer network.
Data bases are created by two process, i.e.,
1.It is created by programming tools, e.g., Microsoft Outlook.
2.It is created by automated process(es).
Computer database are protected under I.T. Act. They are protected due to various reasons:
1.It is commercially valuable.
2.It is a product in which there is an investment of time, intellectual capital and money.
3.It is convenient to use.
UK's Data Protection Act, 1998.
It is built around eight data protection principles that apply to all personal data. It is also processed by data controllers including companies, business organizations, employers, local and Central Governments.
Data controllers also determine the purpose for which the personal data is processed and they also explain the manner and procedure in which personal data is processed.
UK's Data Protection Act applies to all personal data. Therefore, it is necessary to understand what is Personal Data.
Personal Data is nothing but a Data that relates to a living individual. That individual can be:-
· Identified from the Data.
· Other information which is in possession or likely to come into possession of data controller.
· Any expression of opinion, view about the individual.
There is also a sensitive personal Data. This type of Data is sensitive in nature and it cannot be shared with everyone. In India, there is no such Data Base Protection Act which defines personal or sensitive personal Data. Sensitive personal data includes:-
(a)Racial and ethnical origin - Which some individuals want/desire to keep it personal.
(b)Political opinions - Political opinions by various political thinkers and answers to the questions by general public are confidential if data controller desires so. If political news, opinions are disclosed in computer then it may result in rivalry or corruption or any bad evil.
(c)Religious belief or other beliefs of similar nature - Various religious institutions keep their customs, ritual and their beliefs confidential in nature.
(d)Membership of a trade union - Also confidential or sensitive in nature if data controller desires so.
(e)Physical or mental heath condition - Physical or mental health condition of an individual, or group of company or association need not be disclosed in computer. It is a sensitive issue and if data controller does not want to disclose this information, he can keep it confidential in nature.
(f)Sex life of an individual is also a sensitive personal data.
(g)Criminal offences - The offences which are criminal in nature, cannot be disclosed on computer because it may affect the human mind and corrupt it.
(h)Criminal proceeding and convictions are also a part of personal data in which data controller does not disclose the data to general public.
The Eight Principles of Personal Data are:-
Personal Data:
1.Shall be processed lawfully and fairly.
2.Must be accurate and kept up to date.
3.Must be held only for lawful purposes which are described in registered entry.
4.Must be relevant and not excessive in relation to the purpose for which they are held.
5.Must be accessible to individuals who were to correct it, or erase it.
6.Must be protected by proper security.
7.Must be used or disclosed only for lawful or compatible purposes.
8.Must be there only for purpose for which they are held.
Parties to confidentiality agreements are:-
1.Disclosing party.
2.Receiving party.
In confidentiality agreement, there must be an express or implied term in a contract which imposes an obligation of confidence on both or either party. The person who has received any information in confidence shall not take unfair advantage of it. He must not make use of it to prejudice the person who gave it without obtaining the consent of that person.
Information becomes confidential only when its content needs to be protected or hidden from others. It needs protection merely because it is sensitive. If there is disclosure of information, it must be prevented from breach of an obligation to keep the information confidential.
The elements of confidence are:-
1.Quality of confidence - The information which is sensitive and which needs protection must have the necessary quality of confidence.
2.Communication - The information must be communicated by one person to another and must have been communicated in circumstances imparting an obligation of confidence.
3.Unauthorized use of information - An unauthorized use of information which is detriment of party communicating it.
The confidential information is sensitive in nature. It needs protection by the person who knows the confidential information. The information must be such, the release of which the owner believes would be injurious to him or his rivals or others. The information is injurious that is the only reason why the owner wants it to be protected and keep it confidential. The owner believes that the information is confidential in nature and it is not in public domain.
The information becomes information only when it is deliberately disclosed by one party that is known as disclosing party to another receiving party. The obligations of confidence arise in an express or implied term of a contract. Disclosing party request the receiving party to keep the information confidential or secret. Sometimes, the nature of dealing between two parties show that the information should be kept confidential. Their terms and conditions show that the information related to business transaction must be kept confidential.
Any information, unauthorised disclosure of which could cause serious damage to the interest or cause serious embarrassment to the parties concerned or could effect functioning of an organisation.
Confidential materials mean all tangible materials. Tangible materials are those which cannot be seen by naked eye and which can only be felt and can be in possession of one person. It includes confidential information which includes written or printed documents, computer disks, CDs, tapes, whether machine or user readable.
A confidential material does not include any information that:-
1.Is publicly available without breach of any obligation owed to disclosing party by the receiving party.
2.There has been no disclosure by disclosing party to any one but the information has been known to the receiving party prior to it became pubic.
3. The receiving party got the information from any other source other than disclosing party. There has been no breach of an obligation of confidentiality owed to the disclosing party.
4.The information has been developed by receiving party himself and not became known from any other source or disclosing party.
The receiving party shall not disclose any information to third parties following the date of its disclosure by disclosing party to the receiving party.
Receiving party also should take reasonable security to protect the confidential information and keep the information confidential. It is the duty of receiving party not to disclose information to any one. The receiving party can only disclose the information to the receiving party's employees, consultants on a need to know basis or on circumstantial basis. Whenever the need arises to know any information about business, product to the employees, then it is the duty of receiving party to disclose the information to employees because the receiving party has executed or shall execute written agreements with its employees and consultants sufficient to enable it to comply with all provisions of agreement.
After disclosing the confidential information by receiving party to its employees or consultants, the receiving party should immediately on disclosure of confidential information or confidential materials or any other breach of obligation agreement by receiving party, should notify the disclosing party. Receiving party should also co-operate with the disclosing party to regain possession of confidential information or confidential materials and should try best in every possible manner to protect the confidential information. It is the only right of receiving party.
When it is notified to disclosing party that receiving party has disclosed all confidential information to the employees, consultants, etc., then receiving party shall return all original documents, copies, CDs, tapes, records, reproductions, summaries of confidential information or confidential materials at disclosing party request and all materials will be destroyed by them at their option.
All confidential information and confidential materials remain the property of disclosing party. When the confidential information is disclosed by disclosing party to the receiving party, the disclosing party do not grant any express or implied right to receiving party, or under patents, trademarks, copyrights or trade secret information.
When disclosing party and receiving party come into an agreement that they will keep the information confidential or secret and will not export or import the confidential information or any product or service that is the part of confidential information and do not utilize them in design, development or production of nuclear chemical or biological weapons.
© Universal law Publishing Co.