Website Exposing Aadhaar And PAN Details Blocked The Aadhaar and PAN card details of Indian individuals, among other sensitive personal information, were discovered to be exposed on a number of websites that the Indian government has blacklisted.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
The Aadhaar and PAN card details of Indian individuals, among other sensitive personal information, were discovered to be exposed on a number of websites that the Indian government has blacklisted. The Ministry of Electronics and Information Technology (MeitY) took this move. Additionally, the police authorities have received an official complaint from the Unique Identification Authority of India (UIDAI), alleging that these websites violate Section 29(4) of the Aadhaar Act, 2016.
The public publication of Aadhaar numbers and related data is expressly forbidden by this section. The security of residents' personal information has been seriously questioned in light of the exposure of such sensitive data, leading to the quick implementation of measures to stop future leaks.
After conducting an examination, the Indian Computer Emergency Response Team (CERT-In) discovered multiple security flaws on these websites. Consequently, the proprietors of the websites received comprehensive guidelines on resolving these security breaches and fortifying their information and communication technology (ICT) frameworks.
Comprehensive recommendations for the design, development, implementation, and operation of secure IT applications were also released by CERT-In, and it is anticipated that all enterprises handling sensitive data go by them. CERT-In has also issued directives in accordance with the Information Technology (IT) Act of 2000 in addition to these initiatives. These guidelines describe cybersecurity best practices, how to stop cyberattacks, and what data breaches must disclose back to enterprises.
The 2011, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules have also been underlined by MeitY. Sensitive personal information cannot be disseminated without permission or made publicly available, as these regulations severely require. Adjudicating Officers are state-appointed IT Secretaries that individuals can register complaints with if they think their data has been compromised. Section 46 of the IT Act gives these officers the power to punish violators and compensate impacted parties.
In the meantime, India's efforts to safeguard personal data have been reinforced with the introduction of the Digital Personal Data Protection Act, 2023. The regulations pertaining to this recently enacted legislation are presently nearing completion and should be put into effect shortly. The government has started an awareness campaign to educate the public, businesses, and government agencies on their obligations when managing personal data in order to guarantee that the new regulations are widely understood.
