Systematic utilization of personal information corresponds to the needs and technologies of times. From Herman Hollerith’s 1890 Hollerith Tabulator to Seymour's Cray-1 in 1976 and thenceforth, information can be exploited through techniques for manipulation and interpretation with ever rising levels of sophistication, unimaginable a few decades back. While the individual may not exercise control over the creation or attribution of personal information, he undeniably has a vital interest in controlling the manner of collection, use and storage of his personal information.
India is witnessing a steady rise in data processing activities and though they may still be at a nascent stage, they have gained enough momentum for stakeholders to take notice of the subject. With information revolution, India is perhaps undergoing the next defining moment in its economy since the green revolution. This work commences with an analysis whether, and to what extent, conventional criminal laws may be applied to serve the interests in protection of personal data, with reference to the U.K. Theft Act, 1968 and the Indian Penal Code, 1860. A distinct discussion on the role played by intellectual property laws in protection of personal data is essential since any account in favour of adequacy of data protection in India is sustained on such laws being one of the pillars. Information technology laws supply one of the most important aspects of protection to personal data - that of ensuring security and integrity of information age resources and this work highlights the significance of information technology laws in safeguarding personal data. The U.K. Computer Misuse Act, 1990, the U.S. Computer Fraud and Abuse Act, 1986 and the Indian Information Technology Act, 2000 are referred for his purpose. Supranational data protection schemes in the form of guidelines of the OECD, resolutions and convention of the Council of Europe and the directives and regulations of the Europe Union leading to the U.K. Data Protection Act forms major portion of this work. India's sectoral approach is studied through laws providing for data protection as a necessary and indispensable ingredient of their primary objectives. Such sectoral approach is discernible in the Advocates Act, the Indian Medical Council Act, 1956, the Aadhaar Act, 2016, the Credit Information Companies (Regulation) Act, 2005, the Consumer Protection Act, 1986, the Telecom Unsolicited Commercial Communications Regulations, 2007 and, in a few limited instances under the Constitution of India. The role played by law of contract and self-regulation, which step in to fill the voids left by sectoral statutory data protection mechanisms has also been considered here. The work finally analyses the actual conflict or perceived differences between data protection and claims arising from increased application of personal data towards law enforcement strategies and concludes with the extent of protection of personal data provided and the way ahead in India.