Section 38
Penalty for unauthorised access to the Central Identities Data Repository
Whoever, not being authorised by the Authority, intentionally,—
- accesses or secures access to the Central Identities Data Repository;
- downloads, copies or extracts any data from the Central Identities Data Repository or stored in any removable storage medium;
- introduces or causes to be introduced any virus or other computer contaminant in the Central Identities Data Repository;
- damages or causes to be damaged the data in the Central Identities Data Repository;
- disrupts or causes disruption of the access to the Central Identities Data Repository;
- denies or causes a denial of access to any person who is authorised to access the Central Identities Data Repository;
- reveals any information in contravention of sub-section (5) of section 28, or shares, uses or displays information in contravention of section 29 or assists any person in any of the aforementioned acts;
- destroys, deletes or alters any information stored in any removable storage media or in the Central Identities Data Repository or diminishes its value or utility or affects it injuriously by any means; or
- steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used by the Authority with an intention to cause damage, shall be punishable with imprisonment for a term which may extend to 1[ten years] and shall also be liable to a fine which shall not be less than ten lakh rupees.
Explanation
For the purposes of this section, the expressions “computer contaminant”, “computer virus” and “damage” shall have the meanings respectively assigned to them in the Explanation to section 43 of the Information Technology Act, 2000 (21 of 2000), and the expression “computer source code” shall have the meaning assigned to it in the Explanation to section 65 of the said Act.