Cybersecurity activists apparently are willing to drag the country’s cybersecurity watchdog to the court for having failed in taking action against the companies that have experienced data breaches, the main cause being their failure to provide clarity on steps being taken to protect customers amidst rising cases of personal information leaks in the pandemic era.
Their complaint is that the Indian Computer Emergency Response Team (CERT-In) has done nothing regarding the same, while the data breach incidents included reputed names like that od Air India, BigBasket, and Domino’s in recent months.
There’s a seemingly a chance of at least one petition to be filed in the Delhi High Court in near future.
Activists are debating whether to file a single petition or to approach the various high courts individually. According to them, the electronics and information technology ministry (MeitY) may also be made a party to the petition.
According to the CERT Rules, 2013, the government body is supposed to provide services such as responding to cybersecurity incidents and conducting analysis and forensics on cybersecurity incidents, according to the digital rights think tank Software Freedom Law Centre (SFLC.in).
“Since making the IT Act in 2000, there has not been a single penalisation of any company which has faced a data breach,” – Srinivas Kodali, researcher at FSMI. He further emphasized on seeking a valid justification from the authorities on the mitigation of such losses.