THE DELHI High Court has asked the Centre to respond to a petition alleging inaction by Computer Emergency Response Team India (CERT-In) on a complaint seeking an investigation into recent incidents of data leaks at various digital entities.
“The grievance raised in the present petition is that the respondent is not taking any action in the incidents of cyber security breaches and data leaks committed by various entities, despite the same being brought to its notice by the petitioner, vide its detailed representation,” noted Justice Rekha Palli in an order, while listing the case for hearing on September 23.
The general secretary of Free Software Movement of India, Yarlagadda Kiran Chandra, in his representation before CERT-In – which comes under the Ministry of Electronics and Information Technology – has sought an investigation and review of the recent data breaches at BigBasket, Domino’s, MobiKwik and Air India. Chandra has said that these data breaches have compromised sensitive personal and financial information of millions of users of these services.
Stating that the citizen charter of CERT-In lays down that it shall acknowledge the grievances received by it and then redress them within one month, Chandra, in the petition, has alleged there has been no response to his representation from the authority.
“The address data, emails, contact numbers, financial details – credit and debit card details, KYC details leak pose a grave threat to security of users since there is no law governing data protection in India as of now. Therefore, the aggrieved users do not have any legislative recourse against such breaches. Therefore, an investigation and review by CERT-In on frequent data breaches at mass level becomes important to safeguard the privacy of users,” reads the plea.
Chandra has argued that under Section 70B of the IT Act, CERT-In is responsible for collecting and analysing information on cyber incidents as well as taking emergency measures for handling cyber security incidents.