Employee Stole Company Data – Legal Action under IT Act 2000 and IPC
In the modern digital era, companies rely heavily on confidential data — from customer databases to trade secrets, designs, source codes, and financial reports. Unfortunately, cases of employees stealing company data have become increasingly common in India. Whether it’s an ex-employee taking files before resignation or a current employee leaking data for profit, such acts are serious offenses under the Information Technology (IT) Act, 2000 and the Indian Penal Code (IPC).
This blog explains what to do legally if an employee steals your company data, including how to file a complaint, what sections apply, and how to protect your organization in the future.
What is Considered Data Theft by an Employee?
When an employee accesses, copies, downloads, or shares confidential company data without permission and uses it for personal gain or to harm the organization, it constitutes data theft.
Examples include:
-
Copying client lists or project data before resignation.
-
Sending confidential documents to a competitor.
-
Using internal databases for personal business.
-
Leaking trade secrets to a third party.
Such acts are not only unethical but also punishable under law.
Legal Provisions Applicable in Employee Data Theft
Under Indian law, both the IT Act, 2000 and IPC (Indian Penal Code) apply in data theft cases.
(a) IT Act, 2000
-
Section 43(b) & (c):
Deals with unauthorized downloading, copying, or extracting of data from a computer system. -
Section 66:
When such actions are done dishonestly or fraudulently, they become criminal offenses punishable by imprisonment up to 3 years and/or a fine up to ₹5 lakh. -
Section 72:
Penalizes breach of confidentiality and privacy by any person who has gained lawful access to data. -
Section 65:
Covers tampering or destruction of computer source code.
(b) Indian Penal Code (IPC)
-
Section 378: Theft – applies when an employee takes confidential documents, storage devices, or intellectual property.
-
Section 408: Criminal breach of trust by a clerk or servant.
-
Section 420: Cheating and dishonestly inducing delivery of property.
Step-by-Step Legal Action Against Employee for Data Theft
Step 1: Gather and Preserve Evidence
Collect all proof showing the employee’s misconduct:
-
Access logs from company systems or servers.
-
Email records or file transfers.
-
CCTV footage (if relevant).
-
Device or network forensic reports.
Do not delete or alter any data, as it may serve as crucial digital evidence.
Send a Legal Notice
Through your company’s lawyer, send a legal notice to the employee demanding an explanation and immediate return/deletion of stolen data.
If the employee ignores or denies the claim, proceed with a criminal complaint.
File a Cyber Crime Complaint
File a formal complaint at your nearest Cyber Crime Police Station or online at www.cybercrime.gov.in.
Your complaint should include:
-
Company name and address.
-
Name of the employee and designation.
-
Description of data stolen and how you discovered it.
-
Evidence (screenshots, logs, emails, etc.).
Mention the following legal sections:
-
IT Act: 43, 65, 66, and 72.
-
IPC: 378, 408, and 420.
Step 4: File an FIR
If the data theft involves a major financial loss or corporate espionage, request the police to register an FIR under the above sections.
Your cyber lawyer can assist in drafting the FIR and submitting digital evidence.
Step 5: Seek Court Remedies
-
Injunction: To prevent the employee or third parties from using or disclosing the data.
-
Damages: File a civil suit for financial compensation.
-
Criminal Prosecution: The offender may face imprisonment and fines.
Sample Legal Complaint Format
Penalties for Employee Data Theft
-
Under IT Act:
-
Imprisonment up to 3 years
-
Fine up to ₹5 lakh
-
Or both
-
-
Under IPC:
-
Criminal breach of trust – up to 7 years imprisonment.
-
Cheating – up to 7 years imprisonment and fine.
-
Preventive Steps for Companies
-
Limit access to sensitive information to essential employees only.
-
Use access control systems, encryption, and firewalls.
-
Implement NDAs (Non-Disclosure Agreements) for all employees.
-
Regularly back up and monitor data access activity.
-
Immediately disable access for employees upon resignation or termination.
-
Conduct periodic cyber awareness training.
Cyber Safety Measures from Experts
-
Always track who accesses which files and when.
-
Restrict external device usage (USB, HDD).
-
Keep updated antivirus and intrusion detection systems.
-
Store all data on secure servers with audit trails.
-
Report suspicious downloads or large data transfers immediately.
When an employee steals company data, it is not just an internal issue — it is a criminal offense under Indian law. The Information Technology Act, 2000, and IPC provide strong remedies for companies to protect their data and take strict legal action.
By promptly collecting evidence, filing a cybercrime complaint, and working with an experienced cyber crime lawyer, businesses can ensure justice, prevent data misuse, and safeguard their digital assets for the future.