IT secretaries of the state empowered to address complaints and compensations for data privacy violations
PIB, September 26, 2024: The Government of India is committed to having an open, safe, trusted, and accountable internet. It has come to the notice of the Ministry of Electronics and Information Technology (MeitY) that some websites were exposing sensitive personal identifiable information, including Aadhaar and PAN Card details of Indian citizens. This has been taken seriously as the government accords highest priority to safe cyber security practices and protection of personal data. In line with this, prompt action has been taken to block these websites.
The Unique Identification Authority of India (UIDAI) has lodged a complaint with the police authorities concerned for violation of the prohibition under Section 29(4) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016 on public display of Aadhaar information.
The analysis of these websites by the Indian Computer Emergency Response Team (CERT-In) has shown some security flaws in these websites. The concerned website owners have been provided guidance about the actions to be taken at their end for hardening the ICT infrastructure and fixing the vulnerabilities.
CERT-In has issued “Guidelines for Secure Application Design, Development, Implementation, and Operations” for all entities using IT applications. CERT-In has also given directions under the Information Technology Act, 2000 (“IT Act”) relating to information security practices, procedures, prevention, response, and reporting of cyber incidents.
MeitY has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which provide for non-publication and non-disclosure of sensitive personal data. Any adversely affected party can approach the adjudicating officer under Section 46 of the IT Act for filing a complaint and seeking compensation. The IT Secretaries of the States are empowered as adjudicating officers under the IT Act.
Further, the Digital Personal Data Protection Act, 2023, has already been enacted, and the rules under this Act are in the advanced stage of drafting. With the aim of sensitizing the government, the industry, and the citizens about its impact, an awareness programme has also been initiated. This will help in creating a nationwide awareness and understanding among diverse stakeholders about responsible use and proactive measures that will curb unnecessary exposure of personal data by various entities.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
