MeitY orders VPN companies to collect, store user data for at least 5 years - Here's all you need to know

According to reports, the MeitY has given companies 60 days to make appropriate arrangements for securely storing user data. The new laws will come into effect starting July 27.

FPJ Web DeskUpdated:Thursday, May 05, 2022, 08:23 AM IST
article-image

The Ministry of Electronics and Information Technology (MeitY) has ordered virtual private network (VPN), data centres, VPS, intermediaries and crypto exchanges to collect and store user data for five years.

According to reports, the MeitY has given companies 60 days to make appropriate arrangements for securely storing user data. The new laws will come into effect starting July 27.

"Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer duration as mandated by the law after any cancellation or withdrawal of the registration as the case may be", reads a release published by MeitY.

The new directives from India’s Computer Emergency Response Team (CERT-in), the government’s nodal agency for detecting and responding to cyber incidents, said: “The failure to furnish the information or non-compliance with the ... directions, may invite punitive action.”

"This direction will become effective after 60 days from the date on which it is issued", which means the new rule will come in to effect by July 27, 2022.

The companies in question will have to maintain all customer information for five years or longer (as mandated by law), even after “any cancellation or withdrawal of the registration” by a customer.

“With respect to transaction records, accurate information shall be maintained in such a way that individual transaction can be reconstructed along with the relevant elements comprising of, but not limited to, information relating to the identification of the relevant parties including IP addresses along with timestamps and time zones, transaction ID, the public keys (or equivalent identifiers), addresses or accounts involved (or equivalent identifiers), the nature and date of the transaction, and the amount transferred,” it adds.

Service providers, intermediaries and data centres are also ordered to report any type of cyber security incidents to the CERT-in.

Types of cyber security incidents mandatorily to be reported to CERT-In:

1. Targeted scanning/probing of critical networks/systems

2. Compromise of critical systems/information

3. Unauthorised access of IT systems/data

4. Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc.

5. Malicious code attacks such as spreading of virus/worm/Trojan/Bots/Spyware/Ransomware/Cryptominers

6. Attack on servers such as Database, Mail and DNS and network devices such as Routers

7. Identity Theft, spoofing and phishing attacks

8. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

9. Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks

10. Attacks on Application such as E-Governance, E-Commerce etc.

11. Data Breach

12. Data Leak

13. Attacks on Internet of Things (IoT) devices and associated systems, networks, software, servers

14. Attacks or incident affecting Digital Payment systems

15. Attacks through Malicious mobile Apps

16. Fake mobile Apps

17. Unauthorised access to social media accounts

18. Attacks or malicious/suspicious activities affecting Cloud computing systems/servers/software/applications

19. Attacks or malicious/suspicious activities affecting systems/ servers/networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones

20. Attacks or malicious/ suspicious activities affecting systems/servers/software/ applications related to Artificial Intelligence and Machine Learning

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

Watch video: Kiren Rijeju tours strategic Sela Tunnel at 10,000 ft; all-weather road to Tawang by...

Watch video: Kiren Rijeju tours strategic Sela Tunnel at 10,000 ft; all-weather road to Tawang by...

Mumbai: Latest Updates - Heavy traffic on Andheri Kurla Road as truck collides into BEST bus

Mumbai: Latest Updates - Heavy traffic on Andheri Kurla Road as truck collides into BEST bus

Message to China, North Korea: US, Japanese warplanes carry out joint patrols

Message to China, North Korea: US, Japanese warplanes carry out joint patrols

SC sets aside HC order staying SFIO probe into 9 companies related to Sahara group

SC sets aside HC order staying SFIO probe into 9 companies related to Sahara group

Pakistan: Imran Khan gives govt 6-day ultimatum to hold fresh elections

Pakistan: Imran Khan gives govt 6-day ultimatum to hold fresh elections