The IT ministry has mandated cloud service providers and VPN firms to store users’ data for at least five years. Know details.
The Indian government thrashed out new cybersecurity rules and will take action against the cloud service providers as well as VPN operators who will fail to comply with them. Rajeev Chandrasekhar, the minister of state for electronics and IT has made clear that those Virtual Private Network or VPN (Virtual Private Network) service providers not ready to follow the new guidelines will have only one option ahead of them – to exit from India!
While releasing FAQs on the current regulation on reporting cyber breach cases, the IT minister stated that “any well-intentioned firm or entity recognises that a safe and reliable internet will help it.” He suggested that cloud service providers, VPN firms, data centre companies, and virtual private server providers must maintain users’ data for at least five years, the Ministry of Electronics and Information Technology mentioned. Also Read: SBI customer ALERT: Government warns of fake SBI SMS threat – Did you get it?
“There is no opportunity for somebody to say we will not follow the rules and laws of India. If you don’t have the logs, start maintaining the logs. If you are a VPN that wants to hide and be anonymous about those who use its VPN and you don’t want to go by these rules, if you want to pull out, then frankly you have no other opportunity but to pull out,” PTI report quoted the IT minister Chandrasekhar. Also Read: Stay Alert! Google Chats will now protect you THIS way
According to the Indian Computer Emergency Response Team, popularly known as CERT-In, VPN providers in India must now keep names, addresses, contact numbers, subscription period, email addresses, IP addresses, as well as the client’s reason for using their services. These new rules will take into effect at the end of June.
For those who are unaware of the VPN services, by using remote servers, VPNs allow users to hide their location and access the internet without disclosing their search history to internet service providers. Generally, investigative journalists and ethical hackers frequently use the programme to gain access to websites that are blocked in their countries. However, CERT-In also stated in its instructions that any organisation that fails to follow the directions will be subject to action under subsection (7) of section 70B of the Information Technology Act. This will bring a year in prison, a fine of up to Rs. 1 lakh, or both.