The Government of India has taken decisive action to block several websites found to be leaking sensitive personal information, including Aadhaar and PAN card details of Indian citizens. This move was spearheaded by the Ministry of Electronics and Information Technology (MeitY), in response to growing concerns over the privacy and security of citizens’ data. Additionally, the Unique Identification Authority of India (UIDAI) has lodged an official complaint with the police, citing violations of Section 29(4) of the Aadhaar Act, 2016, which strictly prohibits the public disclosure of Aadhaar numbers and related personal information.
The exposure of such sensitive data has raised alarm about potential security risks, prompting immediate efforts to prevent further leaks. The Indian Computer Emergency Response Team (CERT-In) conducted an investigation, identifying several security flaws in these websites. As a result, website owners were given specific instructions on how to address these vulnerabilities and enhance the security of their information and communication technology (ICT) systems. CERT-In also issued detailed guidelines for building, implementing, and maintaining secure IT applications, which organizations handling sensitive data must adhere to.
In response to the security lapses, CERT-In has enforced directives under the Information Technology (IT) Act, 2000. These guidelines cover best practices for cybersecurity, procedures for preventing data breaches, and reporting protocols for organizations experiencing security incidents.
MeitY has further stressed the importance of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These rules mandate that sensitive personal data must not be disclosed or shared without proper authorization. Individuals concerned about the misuse of their data can file complaints with Adjudicating Officers, who are state-appointed IT Secretaries. These officers have the authority to impose penalties and grant compensation to affected individuals under Section 46 of the IT Act.
Meanwhile, the recently introduced Digital Personal Data Protection Act, 2023, aims to strengthen personal data protection in India. The final rules under this legislation are in the drafting stage and are expected to be implemented soon. To ensure a smooth transition, the government has launched a public awareness campaign, educating citizens, businesses, and government bodies about their responsibilities regarding data protection under the new regulations.
Thank you for reading. We hope this gives you a good understanding. Explore our Technology News blogs for more news related to the Technology front. AdvanceDataScience.Com has the latest in what matters in technology daily.
