Section 43A of the IT Act (Amendment) 2008 mentions that 'Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation,to the person so affected. ' No upper limit has been defined for the compensation that may be claimed by the affected person. Does this mean that there is unlimited liability on the organization to pay the affected person in case of contravention of this section?
