The government has given smartphone companies time till September 12 to furnish full details of procedures adopted by them to ensure data security, a senior IT Ministry official said today.
The government has given smartphone companies time till September 12 to furnish full details of procedures adopted by them to ensure data security, a senior IT Ministry official said today. Nearly 24 of the total 36 smartphone companies that were approached for the information have sent their responses to the government, and the same is being examined, the official said.
The extension has been granted to the rest to ensure that they have adequate time to furnish detailed responses.
“The idea is to ensure that companies are following the requisite security practices and, if they need a few more days to provide the responses then there is no harm (in giving a few days to them),” said the IT Ministry official who did not wish to be named.
Standardisation, Testing and Quality Certification (STQC), a body under the Ministry of IT and Electronics, is being asked to “look into” the responses that have come in so far.
More information could be sought in those cases where the responses are not adequate, the official added.
Last month, the IT Ministry wrote to various smartphone companies asking them to outline the framework and procedures adopted by them to safeguard the data of consumers.
Leading phone makers including leading Chinese brands like Vivo, Oppo, Xiaomi and Gionee were asked to give “detailed, structured written responses” on how they secure data and ensure its safety and security.
Other companies that were asked to furnish data security related information were Apple, Samsung, as well as Indian players.
The IT ministry had cited international and domestic reports about data leaks from mobile phones, and had said devices and preloaded software and apps will be under scrutiny in the first phase.
Based on the response of the companies, the Ministry will initiate verification and audit of devices where required.
It has also warned of penalties under provisions of IT Act 43 (A) in case stipulated processes were not being followed.
The objective of the entire exercise is to ensure that required data security measures are being taken with regard to hardware and software in mobile phones.