The Karnataka police, investigating the case, are in a fix as they cannot book the accused Nadeem Kashmiri for data theft. The simple reason: There is no provision to deal exclusively with data theft in the Indian Information Technology Act 2000.
As a consequence the case may be rendered weak and the accused might escape stringent punishment.
The police feel that data protection laws would have assisted them to strengthen the case against Kashmiri, who is accused of siphoning off £ 2.3 lakh (about Rs 2 crore) from the accounts of HSBC customers in the UK.
"There is no provision for data theft in the IT Act. If we have data security laws, it will be a good tool for enforcement authorities to pin down cyber criminals. If there was a separate provision for data theft, the case against Kashmiri would have been stronger," Karnataka's inspector general of police (economic offences) Sushant Mahapatra told Business Standard.
Now, Kashmiri has been booked under Sections 66 and Section 72 of the IT Act and under Indian Penal Code 408, 468 and 420. These sections cover hacking, breach of trust and cheating.
The IT Act covers only unauthorised access with a maximum penalty of Rs 1 crore and imprisonment. Cyber law experts point out that existing Indian IT regulations, which is aimed more at e-commerce transactions, are not effective enough to deal with cases like those involving the Kashmiri.
Such trends may harm the BPO industry's image, according to Feedback Consulting CEO V Ravichandar. "Firms abroad care about the level of 'protection' in India be it about IPR, data security, data privacy or transactions.
For firms abroad to be reassured that India is safe for business, it is necessary that Indian partner firms and security environment work in tandem to deliver on the promise.