India’s digitalisation efforts are reaping fruits as Information Technology led developments are making an impact in various sectors. Simultaneously, the adverse effects have become more pronounced, with 6,07,220 cyber security incidents being reported in just the first half of 2021. Given this background, CERT-In’s (Indian Computer Emergency Response Team) recent directions try to enhance cyber security by bridging the gap in cyber incidence analysis.
In this regard, CERT-In’s approach involves mandating data collection, retention and integration by data centres, Virtual Private Server (VPS) providers, cloud service providers and Virtual Private Network service (VPN service) providers, etc. While it is imperative to enhance cyber security, some directives suggested by CERT-In may not be privacy-friendly and may hamper data security, increase costs for Indian startups and have market implications.
Privacy Concerns over CERT-In Directions
While it is imperative to enhance cyber security, asking data centres, VPS and cloud service providers and Virtual Private Network service (VPN service) providers to register and retain some of the metadata (listed in the directive) may…
