Case Note & Summary
The appellant, Himanshu Pathak, proprietor of CyberX9, filed six writ petitions before the Madras High Court seeking a writ of mandamus directing the Ministry of Electronics and Information Technology, Ministry of Finance, Ministry of Home Affairs, Ministry of Corporate Affairs, Insurance Regulatory and Development Authority of India (IRDAI), and Securities and Exchange Board of India (SEBI) to take action against the 7th respondent, Star Health and Allied Insurance Company Limited, based on a complaint regarding an alleged data breach. The learned Single Judge dismissed the writ petitions by a common order dated 23.10.2024, holding that no mandatory duty was cast upon the respondents to act on the complaint. Aggrieved, the appellant filed intra-court appeals under Clause 15 of the Letters Patent. The Division Bench, comprising the Chief Justice and Justice G.Arul Murugan, heard the appeals together. The court noted that the appellant's complaint pertained to a data breach by the insurance company, but the appellant did not pursue the remedies available under the Information Technology Act, 2000, such as adjudication by the Adjudicating Officer or appeal to the Cyber Appellate Tribunal. The court observed that a writ of mandamus can only be issued to compel performance of a statutory or public duty, and the appellant failed to establish any such duty on the respondents. The court also noted that the regulatory authorities have discretionary powers and are not bound to act on every complaint. The Division Bench found no error in the Single Judge's order and dismissed the writ appeals, upholding the dismissal of the writ petitions. The court did not award costs.
Headnote
A) Writ Law - Mandamus - Mandatory Duty - The writ of mandamus can only be issued to compel performance of a statutory or public duty, and not to direct authorities to exercise discretionary powers in a particular manner. The court held that the appellant failed to establish any legal duty on the respondents to act on his complaint. (Paras 3-5) B) Information Technology - Data Breach - Complaint Mechanism - Sections 43, 66, 67, 67A, 67B, 70B, 72A of Information Technology Act, 2000 - The appellant alleged a data breach by the insurance company but did not demonstrate that the respondents had a mandatory obligation to investigate or take action. The court noted that the IT Act provides for adjudication and appeal mechanisms, which the appellant did not pursue. (Paras 6-10) C) Insurance Law - Regulatory Oversight - IRDAI - The Insurance Regulatory and Development Authority of India (IRDAI) has powers to regulate insurance companies, but the court found no statutory duty to act on every complaint of data breach. The appellant's grievance was primarily against the insurance company, and the writ court rightly declined to interfere. (Paras 11-15)
Issue of Consideration
Whether the writ court can issue a mandamus directing regulatory authorities to take action against an insurance company based on a complaint of data breach, in the absence of a statutory duty to do so.
Final Decision
The Division Bench dismissed the writ appeals, upholding the common order of the learned Single Judge dated 23.10.2024, and consequently dismissed the writ petitions. No costs.
Law Points
- Writ of mandamus
- Mandatory duty
- Data breach
- Insurance regulatory framework
- Information Technology Act
- 2000
- IRDAI regulations
- SEBI regulations
- Letters Patent Appeal
- Maintainability of writ petition




