The Ministry of Electronics and Information Technology (MeitY) has ordered virtual private network (VPN) companies to keep and store user data for five years or more. The order was issued to coordinate comment activities related to cybersecurity incidents and emergency measures. VPN companies are required to record the user’s home address, IP address, and user sample.
MeitY has given VPN companies 60 days to securely collect user data and make appropriate arrangements.
MeitY’s new order also states that companies will collect and monitor user logs even after users deactivate their account or unsubscribe.
India’s Computer Emergency Response Team (CERT-In) earlier this month asked data centers and crypto exchanges to comply with the new order.
MeitY has given VPN companies 60 days to securely collect user data. The new laws will take effect on July 27. If a company does not comply with the new rules, the corresponding authorities will face up to a year in prison.
MeitY’s new order also states that companies will maintain and control user records even after users deactivate or unsubscribe from their accounts. Meanwhile, the Computer Emergency Response Team of India (CERT-In) has asked data centers and crypto exchanges to comply with a new order passed earlier this month.
VPN companies are expected to keep financial transaction information and records for a period of five years as part of Know Your Customer (KYC). The measure aims to ensure cybersecurity in payments and financial markets while protecting citizens’ data, fundamental rights and financial freedom in the context of the growth of virtual assets.
Read more: The first Xiaomi cell phone with three 50MP-50MP cameras is launched, know the offer
Service providers, intermediaries and data centers have also been instructed to report any cybersecurity incidents to CERT-in. The government agency has listed 20 things that are missing. This includes scanning or verifying critical networks/systems, critical systems, and unauthorized access to IT systems or data. Report the following cyber attacks to MeitY.
1. Put the data leak code link on external websites, etc.2. Cyber attacks, viruses/worms/trojans/bots/spyware/ransomware/cryptominer attacks. Attacks on databases, mail and network devices such as DNS and routers. 4. Identity theft, phishing and phishing attacks. Daniel of Service (DoS) and Distributed Daniel of Service (DDoS) attacks. Attacks on Critical Infrastructures, SCADA and Operational Technology Systems and Wireless Networks. Attack on electronic government, electronic commerce websites.8. Data leak.9. Attacks on Internet of Things (IoT) devices and related systems, networks, software, servers.10. Attacks or incidents that affect digital payment systems. Attacks by mobile applications.12 .. Fake mobile application.