Indian cyber security rules which will start being operational later this month have been criticised by a technology industry body.
The Internet and Mobile Association of India (IAMAI), which represents organisations including Google and Facebook, warned that the new rules will create an environment of fear rather than trust. It called for a one-year delay before the rules take effect, in a letter sent to India’s IT ministry seen by Reuters.
The new rules were set by the Indian Computer Emergency Response Team (CERT) in April and require tech companies to report data breaches within six hours of noticing the incident and maintain IT and communications logs for six months.
IAMAI proposed extending the six-hour window, highlighting that the global standard for reporting cyber security incidents is usually 72 hours.
CERT has also asked cloud service providers, like AWS, and virtual private network companies to retain the names of their customers and IP addresses for at least five years, even if they stop using the company’s services.
IAMAI said that the cost of complying with these directives could be massive, and the proposed penalties for violating them include prison, which would lead to entities ceasing operations in India for fear of running afoul.
RELATED RESOURCE
How governments can build resilience in a new normal
The cloud enables the flexibility public organisations need to overcome disruption
The government has said that the new rules are needed as cyber security incidents were reported regularly but the information needed to investigate them was not always readily available from service providers.
The new rules led to ExpressVPN removing its servers from India last Thursday. Users in the country will still be able to connect to VPN servers, but its virtual India servers will be physically located in Singapore and the UK.
The company said CERT’s new data law is incompatible with the purpose of VPNs, which are designed to keep users’ online activity private. “ExpressVPN refuses to participate in the Indian government’s attempts to limit internet freedom,” the company said in a press release.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Latitude Financial's data policies questioned after more than 14 million records stolenNews Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach responseCase Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
-
Australia commits to establishing second national cyber security agencyNews The country is still aiming to be the most cyber-secure country in the world by 2030
-
Medibank bleeds $26 million in cyber costs following hackNews The company believes this figure could rise to $45 million for the 2023 financial year
-
TikTok's two new European data centres to address data protection concernsNews The company is under pressure to prove its user data isn’t being accessed by the Chinese state
-
Cyber attack on Australia’s TPG Telecom affects 15,000 customersNews It is the third cyber attack on a major Australian telco since October
-
Telstra blames IT blunder for leak of 130,000 customer recordsNews Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
