Jio breach prompts calls for new cyber law

‘Tougher disclosure laws need of hour’

Updated - July 15, 2017 10:29 pm IST - MUMBAI

Long arm:  Advocates of stronger laws   say a data breach in  the U.K. or the U.S.  would prompt an inquiry.

Long arm: Advocates of stronger laws say a data breach in the U.K. or the U.S. would prompt an inquiry.

 

Fears that Indian telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for India to adopt more robust laws to protect consumers.

Jio has repeatedly denied that any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “unauthentic.” The website was later shut down.

The company, part of Reliance Industries Ltd., said on Monday that its subscriber data was safe and protected by the highest levels of security.

However, Jio filed a complaint the same day alleging unlawful access to its systems, police have told Reuters. Jio did not respond to requests for comment.

In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said.

“It raises questions of security and accountability,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a research organisation.

People complained on Twitter about personal information of Jio users being available on the Magicapk site. Several local news outlets said their checks had led them to believe a leak had occurred.

‘Unenforceable rule’

“A rule to report breaches exists, but it is unenforceable,” says Mr. Prakash. “It says you’re not liable if you’re following reasonable security practices. What ‘reasonable’ means is not defined.”

Advocates of stronger laws in India say a data breach in countries with more stringent cyber laws, such as Britain or the United States, would prompt an inquiry by regulators.

After reports of a data leak at Verizon, for example, the U.S. telecoms firm quickly responded with an explanation of what had occurred, how it had happened and the extent of the problem.

“India is at a nascent stage. For good norms in Asia, look to Singapore. It’s been praised for not having cyber security issues by the UN,” Srinivas Kodali, an independent security researcher, said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.