What provision have been made in information technology act regarding failure to protect data?

According to Section 43(a) where a corporate body or an individual fails to protect the data of its user and thereby causes wrongful loss or wrongful gain to any person then such body corporate shall be liable to pay damages by way of compensation to the person so affected.

Section 44: Penalty for failure to furnish information, return, etc

If any person who is required under this Act or any rules or regulations made thereunder to –

(a) furnish any document, return or report to the Controller or the Certifying Authority, fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;

(b) file any return or furnish any information, books or other documents within the time specified therefor in the regulations, fails to file a return or furnish the same within the time specified therefor in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues:

(c) maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

Section 45. Residuary penalty.-

Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.