Under Section 70(B)(4) of the IT Act, CERT-In has broad powers in relation to cyber security incidents, including the ability to issue recommendations, advisories, and other documents relevant to the information on Cyber security policies, processes, prevention, response, and reporting.
Section 70-B(5) of the IT Act mandated mandatory reporting of recognized cyber security events, but other cyber security occurrences might be reported freely. CERT-In has revised various sections of the CERT-In Rules due to the Direction. While the IT Act authorizes CERT-In to issue directives, the guideline consists of clauses that essentially change the CERT-In Rules, such as the nature of mandatorily reportable incidents and the timelines or reporting.
Indian users’ data is at risk of being traded, duplicated, or misused due to a lack of regulation to secure their privacy.
Over the previous decade, the government has implemented several digital-surveillance tactics. It authorized various organizations on April 28 to obtain and preserve user data, including names, addresses, IP addresses, phone numbers, and emails. According to the paper, the danger of data leaks will increase as the scope of data acquisition advances.
Any sort of data on a person is referenced as a ‘data point,’ which is a numerical object. If a breach occurs and the perpetrators take ‘data points,’ the victim’s age, name, bank accounts, phone numbers, and other personal information become freely accessible.
“Indians lose 3.8 data points every data breach, compared to 2.3 globally.” User behaviours or data harvesting methods of Indian internet services and applications might be some of the grounds behind this. According to the report, “a staggering 962.7 million Indian data points have been compromised thus far, the most of which are passwords, names, and contact numbers.”
Prior to the commencement of the country’s most recent cyber regulations, Surfshark was one of several VPN service providers available to Indian consumers. According to the proposed legislation, any corporation operating in India must report to the government within six hours of identifying a cyber breach of any kind. According to the guidelines, companies that run bitcoin wallets and VPNs must also keep user logs for five years. With the data collecting requirement from Cert-In, India now has to mandate using challenging and sophisticated data protection mechanisms.
Written by: Aarav Gupta
Edited by: Prakhar Tripathi