In an information age, Data is the most valuable commodity, and therefore, prone to theft. Cases of Data Theft by disgruntled ex-employees, estranged partners and professional data stealers are extremely common place these days.
Notwithstanding specific provisions under the IT Act, Police often invokes Section 378-379 of the IPC in cases of E-Data Theft. The propriety and legality of this is required to be examined.
Students of Criminal Law may recapitulate that Section 378 defines theft broadly as moving of moveable property with the dishonest intention of taking it out of the possession of any person without that person’s consent. A ‘moveable property’ and ‘possession’ therefore are the essential preconditions for the offence of theft.
‘Moveable Property’ has been defined by S. 22 of IPC as ‘corporeal property’. (Corporeal means having a body/material/physical presence) Data, needless to state, does not qualify as it it is incorporeal, non-tangible and ephemeral. This by itself may take ‘Data’ outside the purview of Section 378 of the IPC.
Besides this, stealing ‘data’ may not necessarily lead to moving of data in the physical sense of the term (as only a copy may be created); the data continues to be in the possession of person entitled. The data continues to reside electronically in the possession of the lawful owner. Though a conclusive decision of the Higher Courts is awaited on this point, but it appears that the general principles of theft cannot be extended to cover Data Theft.
What somewhat fortifies this opinion is another recent decision of the Supreme Court in Sharat Babu Digumarti v. Govt. of NCT of Delhi – 2016 SCC OnLine SC 1464, wherein it was ruled that a more specific penal law shall eclipse the more general one. The decision was delivered in the context of obscenity over the internet which is punishable via a special provision in the shape of Section 67 of the IT Act. In such a case, it was held by the Court that if Section 67 is not made out, person cannot be prosecuted u/s 292 of the IPC, either.
Post 2008, IT Act has some specific provisions that deal with Data Theft. Section 66 provides the liability for the offence of Data Theft. The culpability provision is Section 43 of the IT Act.
43. Penalty and Compensation for damage to computer, computer system, etc..— If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,—
(b) downloads, copies or extracts any data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
(j) steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;]
he shall be liable to pay damages by way of compensation to the person so affected.
Section 66 reads as :
66. Computer related offences.— If any person, dishonestly or fraudulently, does any act referred to in Section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
Explanation.—For the purposes of this section,—
(a) the word “dishonestly” shall have the meaning assigned to it in Section 24 of the Indian Penal Code (45 of 1860);
(b) the word “fraudulently” shall have the meaning assigned to it in Section 25 of the Indian Penal Code (45 of 1860).]
In the presence of these specific provisions, invoking IPC provisions in cases of Data Theft would be an affront to the established principle of “Generalia Specialibus non derogant” but also entail a tortured/strained reading of Section 378 of the IPC. However,