Data Protection: A Compulsory Rule?

Section 43A of IT Act says, "any person, who is in possession, collection, handling or processing of any sensitive personal data or information, shall implement the reasonable security practices and procedures, and shall ensure a policy to ensure confidentiality, integrity and availability of such data." Now, you have a question from Cyber Law, don't you? Here it is:

What is the time limit within which an aggrieved person can file a complaint under Section 43A of IT Act?

A) 1 month B) 3 months C) The complaint can be filed at any time D) The complaint must be filed within 3 years

My attempt: B) 3 months (nah, didn't read the sec 43A properly). What's your answer and explanation?