Delhi HC asks Centre to file reply over plea to review data breaches of BigBasket, Dominoes, MobiKwik, Air India
Aug 16, 2021
New Delhi [India], August 16 : The Delhi High Court on Monday has asked the Centre to file a reply in a petition seeking direction to Computer Emergency Respondent Team -India (CERT-In), for commencing investigation and review of the recent data breaches of BigBasket, Dominoes, MobiKwik and Air India.
Justice Rekha Palli has asked Centre and others to file a reply and listed the matter for further hearing on September 23.
Advocate Ajay Digpaul, Centre Government Standing Counsel with Himanshu Pathak and Kamal Digpaul appeared for respondents and sought time to obtain instructions.
The Court was hearing a petition filed by Yarlagadda Kiran Chandra through advocates Prasanth Sugathan, Prasanna S, Apurva Singh and Yuvraj Singh Rathore.
The petitioner has urged the Court to issue direction to CERT-In to respond to the Petitioner's representations seeking investigations into the data breach at Domino's, MobiKwik, Air India, and BigBasket.
The petitioner has urged the Court to issue appropriate writ, order, or direction to CERT-In to comply with its citizen's charter and respond to the grievances raised by the Petitioner vide its letters dated 11.11.2020, 30.03.2021, 21.04.2021 and 22.05.2021.
The petitioner was preferred by the General Secretary of FSMI (Free Software Movement of India), which claims to be a national coalition of various regional and sectoral free software movements, operating in different parts of India.
The grievance raised in the petition was that the respondent is not taking any action on the incidents of cybersecurity breaches and data leaks committed by various entities, despite the same being brought to its notice by the petitioner vide its detailed representations.
The petitioner said the data breaches have compromised the sensitive personal and financial information of millions of users of these services. The Petitioner wrote to the CERT-In on 11.11.2020, 30.03.2021, 21.04.2021, and on 22.05.2021 urging it to investigate the data breaches and update the citizens on what had transpired at Domino's, MobiKwik, BigBasket, and Air India as mandated by the CERT-In Rules as notified under Section 70B of the IT Act, 2000.
The citizen charter of CERT-In lays down that the CERT-In shall acknowledge the grievances received by it, and that it shall redress the grievances within one month from the date of receipt of the grievance. However, there was no response or acknowledgment of Petitioner's emails and letters.
Under Section 70B of the Information Technology Act, 2000, CERT-In is responsible for collecting and analysing information on cyber incidents; take emergency measures for handling cybersecurity incidents; issue guidelines, advisories, vulnerability notes on security practices, procedures, prevention, response, and reporting of cyber incidents; and to call for information and give directions to the service providers, intermediaries, data centers, body corporate, and any other person, the petitioner said.