The IT Act has legal framework for privacy and security of data in digital format and provides for compensation to the victim in the case of unauthorised access and leakage of sensitive personal information, the government said on Friday.

“Section 43, Section 43A and Section 72A of the Information Technology Act, 2000, and the IT Rules (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) 2011 provide comprehensive legal framework for privacy and security of data in digital form,” Telecom Minister Manoj Sinha informed the Rajya Sabha.

He was responding to a query on the government’s plan to ensure there is no violation of user privacy through Internet-based messaging services. “Sections 43 and 43A of the Act provide for compensation to be paid to the victim in the case of unauthorised access of information and leakage of sensitive personal information, respectively,” Sinha said.

Many mobile applications at the time of their installation in mobile phones force upon users to give permission to access content in their mobile phones, access to call records, microphone and the like without their intervention. Such permissions can be misused for breach of privacy of users.

Sinha said the Section 43A also mandates that the corporate body which collects personal data or information must provide privacy policy for handling of or dealing in personal information, including sensitive personal data or information on their Web sites.