New Delhi: The Ministry of Electronics & Information Technology (MeitY) has taken immediate measures to block websites exposing sensitive personal identifiable information of Indian citizens, including Aadhaar and PAN card details.
The government swung into action after the Unique Identification Authority of India (UIDAI) lodged a complaint with police expressing concern about violation of the prohibition under section 29(4) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 on public display of Aadhaar information.
The analysis of these websites by the Indian Computer Emergency Response Team (CERT-In) showed some security flaws in these websites.
Owners of the concerned websites have been provided guidance about actions to be taken at their end for hardening the ICT infrastructure and fixing the vulnerabilities.
MeitY has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which provide for non-publication and non-disclosure of sensitive personal data.
CERT-In has issued ‘Guidelines for Secure Application Design, Development, Implementation & Operations’ for all entities using IT applications. CERT-In has also given directions under the Information Technology Act, 2000, (IT Act) relating to information security practices, procedure, prevention, response and reporting of cyber incidents.
Any adversely affected party can approach the Adjudicating Officer under section 46 of the IT Act for filing a complaint and seeking compensation. The IT Secretaries of the states are empowered as Adjudicating Officers under the IT Act.
Further, the Digital Personal Data Protection Act, 2023 has already been enacted and Rules under this Act are in an advanced stage of drafting.
An awareness programme has also been initiated to sensitise the government, industry and citizens about its impact.