In a move to enhance internet safety and protect citizens' sensitive information, the Government of India has acted swiftly to block several websites that were found exposing personal identifiable information, including Aadhaar and PAN Card details. The Ministry of Electronics and Information Technology (MeitY) in a statement Thursday said it has prioritised cybersecurity and personal data protection in light of these violations.
Also Read: Telecom Tariffs Driven by Market Forces: Ministry of Communications
Immediate Response to Data Breach
The Unique Identification Authority of India (UIDAI) has filed a police complaint under the Aadhaar Act, which prohibits the public display of Aadhaar information. An analysis conducted by the Indian Computer Emergency Response Team (CERT-In) revealed security flaws in these websites, prompting guidance to their owners for strengthening their ICT infrastructures, the Ministry said.
Cybersecurity Measures
CERT-In has also issued comprehensive "Guidelines for Secure Application Design, Development, Implementation and Operations," urging all IT entities to adopt robust information security practices as mandated by the Information Technology Act, 2000.
MeitY has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which provide for non-publication and non-disclosure of sensitive personal data. Any adversely affected party can approach the Adjudicating Officer under section 46 of the IT Act for filing a complaint and seeking compensation. The IT Secretaries of the States are empowered as Adjudicating Officers under the IT Act, the official release from MeitY said.
Also Read: Government Enforces New Sections of Telecommunications Act 2023
Awareness Programs
Additionally, the recently enacted Digital Personal Data Protection Act, 2023, is set to introduce further regulations, with rules currently in the drafting stage. The government said it has launched awareness programs aimed at educating citizens, industries, and government entities on the responsible use of personal data and preventative measures to curb unnecessary exposure.
