Skip to main content

Q5 - Are SDFs subject to stricter penalties compared to ordinary Data Fiduciaries?

Answer

The maximum penalty under the Act (₹250 crore) applies to all Fiduciaries, but in practice:

  • SDFs face stricter scrutiny because their failures usually affect millions of individuals.
  • Penalties for SDFs are likely to be higher in scale compared to smaller entities, since the risks and harms caused are much greater.
  • SDFs are also more frequently audited, making it harder for them to escape accountability.
Example

If a small retailer mishandles 500 customer emails, the Board may impose a warning or a modest fine.

If a national bank (SDF) leaks millions of customers’ Aadhaar and PAN details, the Board could impose penalties at the top end of the scale (₹200–250 crore).