This Article is From Aug 17, 2021

Court Asks Centre To Reply To Plea Seeking Review Of Data Breaches

The petitioner said data breaches of BigBasket, Domino's, MobiKwik and Air India have compromised sensitive personal information of millions of users

Court Asks Centre To Reply To Plea Seeking Review Of Data Breaches

Justice Rekha Palli has asked centre and others to file a reply and listed the matter for September 23.

New Delhi:

The Delhi High Court today asked the centre to file a reply in a petition seeking direction to Computer Emergency Respondent Team -India (CERT-In), for commencing investigation and review of the recent data breaches of BigBasket, Domino's, MobiKwik and Air India.

Justice Rekha Palli has asked centre and others to file a reply and listed the matter for further hearing on September 23.

Advocate Ajay Digpaul, the centre's standing counsel, appeared with Himanshu Pathak and Kamal Digpaul and sought time to obtain instructions.

The court was hearing a petition by Yarlagadda Kiran Chandra through advocates Prasanth Sugathan, Prasanna S, Apurva Singh and Yuvraj Singh Rathore.

The petitioner has urged the court to issue directions to CERT-In to respond to the petitioner's representations for investigation into the data breach at Domino's, MobiKwik, Air India, and BigBasket.

The petitioner has urged the court to issue appropriate writ, order or direction to CERT-In to comply with its citizen's charter and respond to the grievances raised by the petitioner.

The grievance raised in the petition was that the respondent is not taking any action on the incidents of cybersecurity breaches and data leaks committed by various entities, despite the same being brought to its notice by the petitioner vide detailed representations.

The petitioner said the data breaches have compromised the sensitive personal and financial information of millions of users of these services.

Under Section 70B of the Information Technology Act, 2000, CERT-In is responsible for collecting and analysing information on cyber incidents; take emergency measures for handling cybersecurity incidents; issue guidelines, advisories, vulnerability notes on security practices, procedures, prevention, response, and reporting of cyber incidents; and to call for information and give directions to the service providers, intermediaries, data centers, body corporate, and any other person, the petitioner said.

.