Section 43A of the Information Technology (Amendment) 2008 Act mentions that 'Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation,to the person so affected. ' However, the upper limit of compensation that may be claimed under this section is not mentioned. Does this mean that the liability on part of the company is unlimited?
