Today the world is unimaginable without computers, smart electronic devices and digital content. With the mass usage of these technologies, we get a lot of data that is stored in electronic devices and with that, comes the risk of data manipulation. In many organisations, data manipulation has currently become an emerging issue. This article deals with the important facts and laws related to the recognition of data manipulation and the evidentiary value of electronic devices laid down in various Indian legislations.

With an increased amount of usage of a huge quantity of data, there is also the risk of manipulating these data for the purpose of various unethical advantages. Is data manipulation considered an offence? Well, yes. Following are some laws enacted in India that convince that such activities constitute an offence.

Under IPC

1. Section 424 of the IPC states that “whoever dishonestly or fraudulently conceals or removes any property of himself or any other person, or dishonestly or fraudulently assists in the concealment or removal thereof, or dishonestly releases any demand or claim to which he is entitled, shall be punished with imprisonment of either description1 for a term which may extend to 2 (two) years, or with fine, or with both.” This aforementioned section will also apply to data theft.

• Penalty- The maximum punishment under section 424 is imprisonment of up to 2 (two) years or a fine or both.

2. Section 425 of the IPC deals with mischief and states that “whoever with intent to cause, or knowing that he is likely to cause, wrongful loss or damage to the public or to any person, causes the destruction of any property, or any such change in any property or in the situation thereof as destroys or diminishes its value or utility, or affects it injuriously, commits mischief”. Also, damaging computer systems and even denying access to a computer system will fall within the section.

• Penalty- The maximum punishment for mischief as per section 426 of the IPC is imprisonment of up to 3 (three) months or a fine or both.

3. Criminal Breach of Trust: Section 405 of the Indian Penal Code (IPC) lays down-

“Whoever, being in any manner entrusted with property, or with any dominion over property, dishonestly misappropriates or converts to his use that property, or dishonestly uses or disposes of that property in violation of any direction of law prescribing the mode in which such trust is to be discharged, or of any legal contract, express or implied, which he has made touching the discharge of such trust, or wilfully suffers any other person so to do, commits ‘criminal breach of trust.” To constitute the offence of criminal breach of trust, “it must be established that the accused was entrusted with the property or with dominion or power over the property of another and that he dishonestly misappropriated it or converted it to his use.”

• Penalty- section 406 of the Indian penal Code, 1860. “Whoever commits criminal breach of trust shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both.”
• Case example: In the case of, Mohammed Sulaiman vs Mohammed Ayub^[2] it was held that Section 405 IPC requires committing an act of doing something to the property which would indicate either misappropriation or conversion or its use or disposal in contravention of any legal contract, express or implied. A mere dispute of civil nature will not attract the provisions of this section.

Under IT Act

1. Section 43A of the IT Act- compensation for failure to protect Data- when any corporate dealing, handling, or processing any personal or sensitive data in a computer system that is owned, controlled, or operated by them and they are negligent in providing reasonable security and measures because of which it causes a wrongful gain or wrongful loss to some the person then such corporate is liable to compensate the affected person.

• Penalty- The maximum punishment for the above offences is imprisonment of up to 3 (three) years or a fine or Rs. 5,00,000 (Rupees five lac)

2. Section 45 of the IT Act- Liability of data breach- this section is a residuary clause that states that whoever contravenes any rules made under the IT Act, for the breach. Section 45 applies to an individual, company, employer, employee.

• Penalty- liable to pay compensation or penalty of up to 25,000 rupees.

3. Section 66D of the IT Act for ‘cheating by personation by using computer resource’- “any person who by means of any communication device or computer resource cheats by personation, shall be punished”

• Penalty- imprisonment of either description for a term which may extend to 3 (three) years and shall also be liable to fine which may extend to Rs. 1,00,000 (Rupees one lac).
• Section 66 of IT Act 2000 case example- Revision vs By Advs.Sri.Nireesh Mathew^[4], Kerala High Court.

4. Section 65 of the IT Act lays down that “whoever knowingly or intentionally conceals, destroys, or alters any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall punished.”

• Penalty- imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

5. Section 72A of the IT Act provides that any person who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain, discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person. Any person found guilty under the aforesaid section 72A shall be punished.”

• Penalty- imprisonment for a term upto three years, or with fine upto five lakh rupees, or with both.

Triable by whom?

1. Code of Criminal Procedure Act, 1973^[5]

Section 4.Trial of offences under the Indian Penal Code and other laws.-

(1) All offences under the Indian Penal Code(45 of 1860) shall be investigated, inquired into, tried, and otherwise dealt with according to the provisions hereinafter contained.

(2) All offences under any other law shall be investigated, inquired into, tried, and otherwise dealt with according to the same provisions, but subject to any enactment for the time being in force regulating the manner or place of investigating, inquiring into, trying or otherwise dealing with such offences.

2. Information Technology Act, 2000^[6]

Section 78. power to investigate offences:  “a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under Information Technology Act”.

3. PDP Bill^[7]

Personal data Protection Bill 2019 categorises certain personal data as sensitive personal data.  This includes biometric data.

Electronic Evidence

When any kind of recorded data in an electronic device becomes an important proof related to a case at trial it is called electronic evidence as the type of evidence is collected from electronics. Electronic evidence is any document or recorded information that has been stored in an electronic device and which a party to any case may use in the trial. An electronic evidence may involve recordings of many types such as audio, video or written digital recordings like e-mails, visual recordings like pictures, and DVD, CD, pen drives, hard drives etc.

Electronic Evidence has been defined in the Indian Evidence Act, 1872^[8]. Both the Sections 65A and 65B of the Act deal with the procedures of producing and admissibility of the electronic evidence or records. U/S 65B of the Act provides that emails, and other recordings generated through mobile, calls and other form of media are recognized as authentic sources of evidence.

Recognition of Electronic evidence in company law

On the basis of technical grounds and to provide safety to data generation in companies, it was very much important to make the electronic evidences admissible in the court of law. Information Technology Act, 2008 lays down the formats and circumstances related to the evidentiary value of electronic evidences and their admissibility in the courts. Companies rely on the Section 4^[9] of the Act which provides that information in electronic form whether typewritten or in printed format will be legally recognised.

Leading case laws

In many leading cases, Supreme Court has relied on the Sections of 65A and 65B to give judgements related to cases where electronic recordings were the primary evidence.

Supreme Court in a recent judgment^[10], held that under section 65B of the Indian Evidence Act, 1872 it is essential to admit the electronic record as evidence. The certificated submitted under this legal provision specifies the particulars of the electronic records and identity inclusive of the authorized person responsible in managing and operating the electronic device which holds the evidentiary value. The certificate u/s 65B of the Indian Evidence Act, 1872 specifies that the electronic device was in the lawful control of the authorized person during the relevant period and that the piece of information presented as the proof was in form of the ordinary course of activities.

In the case of Anvar P.V. v. P. K. Bashir^[11] the Supreme Court has observed that any electronic evidence in the form of secondary evidence which is not produced from the original source of the electronic device and the copy of such electronic recording, shall be admissible in the court only if accompanied by the certificate in terms of Section 65B obtained at the time of taking the electronic data.

Also, other than the usual electronic medias like emails, the WhatsApp messages has also begun playing an important role in commercial litigations and it has been recognised as one of most emerging electronic evidence in the recent times.^[12]

Conclusion

With the enactment and amendments related to electronic evidence in the Indian laws the use of electronic records in judicial proceedings holding a great importance. However, the certificate issuance according to the Section 65B of the Indian Evidence Act has become quite challenging and also, the continuous upgrading of technologies in the cyber space requires the courts to keep up with the improvements in the judging the cases to promote certainty in the admissibility of electronic records while taking into consideration all the facts and circumstances.