What are the possible criminal penalties envisaged against the fraud or unauthorized access to data?

Following are the possible criminal penalties in the Bill:

  • Impersonation by providing false demographic or biometric information is an offence – imprisonment for 3 years and a fine of Rs. 10,000.
  • Appropriating the identity of an Aadhaar number holder by changing or attempting to change the demographic and biometric information of an Aadhaar number holder is an offence - imprisonment for 3 years and a fine of Rs. 10,000.
  • Pretending to be an agency authorized to collect Identity information of a resident is an offence – imprisonment for 3 years and a fine of Rs. 10,000 for a person, and Rs. 1 lakh for a company.
  • Intentionally transmitting information collected during enrolment and authentication to an unauthorized person is an offence – imprisonment for 3 years and a fine of Rs. 10,000 for a person, and Rs. 1lakh for a company.
  • Unauthorized access to the central identities data repository (CIDR) and hacking is an offence – imprisonment for 10 years and a fine of Rs. 1 crore.
  • Tampering with the central identities data repository is an offence – imprisonment for10 years and a fine of Rs. 10,000.
  • Providing biometrics that is not one’s own is an offence – imprisonment for 3 years and of Rs. 10,000.

Following are the Civil Penalties:

  • Penalty for failure to comply with provisions of this Act, rules, regulations and directions [Section 33A] – upto Rs. 1 crore for each contravention.
  • Power to Adjudicate [Section 33B] – by Adjudicating Officer, not below the rank of JS, appointed by the Authority.
  • Appeals to Appellate Tribunal [Section33C] – the Telecom Disputes Settlement and Appellate Tribunal.
  • Procedures and Powers of Appellate Tribunal [Section 33D] - sections 14-I to 14K (both inclusive), 16 and 17 of the Telecom Regulatory Authority of India Act, 1997.
  • Appeal to Supreme Court of India [Section 33E]
  • Civil Court not to have jurisdiction [Section 33F]