Continuing from my last post on the Revised CIS Privacy Bill (available over here), I would like to specifically concentrate on the “offences” section in the draft bill. The relevant provisions are as follows:
“Punishment for offences related to personal data. – (1) Whoever, except in conformity with the provisions of this Act, collects, receives, stores, processes or otherwise handles any personal data shall be punishable with imprisonment for a term which may extend to [___] years and may also be liable to fine which may extend to [___] rupees.
(3) Whoever, except in conformity with the provisions of this Act, collects, receives, stores, processes or otherwise handles any sensitive personal data shall be punishable with imprisonment for a term which may extend to [increased for sensitive personal data] years and and may also be liable to fine which may extend to [___] rupees.”
Normally any crime which is punishable by imprisonment has two necessary elements: mens rea & actus reus. The mental element is mens rea and the physical element or the act itself which is called actus reus. There are some crimes for which these elements can be diluted – for example, mere drug possession may be a crime in some countries regardless of intent to consume the drug.
Strict liability offences are typically those crimes for which it is not necessary to establish mens rea and such offences are reserved only for rare crimes because it is inherently unfair to punish a person despite the lack of a criminal intent.
Unfortunately the wording of the provisions from the Revised Draft of the CIS Bill makes the violation of the privacy conditions imposed by the Bill a strict liability criminal offence requiring no assessment of either intent or consequence of the violation. Why should somebody, be threatened with a jail term if he mistakenly violated the conditions imposed by the privacy law, especially if the mistake does not lead to serious harm to any person involved? Even presuming such innocent violations have caused damage, would it not make more sense to let such damage be compensated through civil damages rather a term of criminal imprisonment?
When it comes to criminalizing certain acts, I think it is generally good policy to find ways to keep people out of jail rather than slam the door on them for the smallest of violations.
One more comment: “gazetted officer” sets the bar too low for “authorised officer”: even a Section Officer in a MInistry of the Government of India is a Gazetted Officer. It shouldn’t be below the rank of a Joint Secretary.
great post. Very informative.