In what is finally a clear official word on the issue of the data breach at the Indian Council of Medical Research (ICMR) and on the authenticity of the allegation, Rajeev Chandrasekhar, the union minister of state for electronics and information technology and one who has been passionate about data protection, says the matter is being investigated and that a detailed report could be expected. In fact, according to him, it is almost like a standard operating procedure in such cases that the matter gets entrusted by the government to CERT-In which investigates and submits a detailed report.
Speaking to Financial Express Online, he said, “after that report on data breach was out, since the designated organisation to look into such cyber-related incidents is CERT-In, it was entrusted with the task of investigation. This is a normal practice in such cases. It will investigate and see if there are any data breaches and if there are indeed breaches that have happened then it will identify the causes and submit a formal report and once the report is out the necessary follow up action would be taken.” He however did not indicate any timeline.
There have also been concerns since this happens at a time when the country in seeking to migrate to a stricter data protection regime. However, the minister reminded, “I have also said during the data protection bill consultations that government organisations will require a longer time to transition to the new data protection regime because the systems are very inconsistent across various state governments and central government agencies and there is a whole process and therefore a national data governance policy is being implemented across the government so that within the government the same standards are followed.
Apart from the seriousness of the issue since a huge data breach is being alleged (involving 8.1 crore people), the issue also gains significance in the light of the fact that India is intending to move much more aggressively towards becoming a digital economy with digital health also an area of focus and discussed at length during the recently concluded G-20 deliberations.
While much would now depend on the CERT-In findings and what it says in its report, Chandrasekhar could not give any timelines because “there is no timeline that one can give for investigations,” there is at least some clarity that the government is trying to validate the authenticity of the data leak report and in case there were breaches then one could hope the epicentre for the leak would also be revealed as also the possible causes.
