On 28 April, the Indian Computer Emergency Response Team issued guidance on information security practices, procedure, prevention, response and reporting of cyber incidents under the Information Technology Act. Effective 60 days after issue, the guidance includes mandatory cyber-incident reporting to CERT-In and follows the agency’s identification of gaps and issues in facilitating incident-response measures. “These directions shall enhance overall cyber security posture and ensure safe & trusted Internet in the country,” the news release stated. According to CNET, virtual private network companies will be required to collect and store customer data for up to five years.
CERT-In releases guidance on cyber-incident reporting
Related stories
Privacy in the age of robotics: A discussion with Erin Relford
GPS 2025: Sam Altman, Alex Blania discuss Tools for Humanity's biometric technology
Notes from the IAPP Canada: An evolving approach to privacy amid geopolitical shifts
GPS 2025: European regulators reflect on pay or consent enforcement, concerns
GPS 2025: Collaboration, precision highlight future of US state privacy law enforcement
