Tech Companies May Face High Penalties If They Keep Cyber Security Breaches Secret

Realizing that tech companies have had more and more security breaches of personal data, the Indian government has set up a plan to increase penalties on them.

Two of the companies had the breaches of personal data in recent time were Google and Facebook and the government only knew about these incidents via their public statements.

Pursuant to the IT Act and subsequent rules, the IT companies who don’t report the incidents of security breaches to cyber agencies or the Ministry of Electronics and Information Technology (MeitY for short) in time will receive financial penalties. However, the current penalties (under Rs 1 lakh) are allegedly too low to force them proactively to inform the authorized agencies. Even when receiving a lot of letters requiring them to give a response, they don’t have any necessary move.

At this time, MeitY is composing the final data protection law and expecting to submit to the Parliament in late 2018. Additionally, new rules are being proposed to impose higher penalties for internet companies which don’t report such incidents if any, under the Information Technology Act 2008.

One month ago, Facebook received a lot of letters from the MeitY relating to the Indian users’ personal data exposed to hackers. For those unknown, there were at least 50 million Facebook users affected in the breach and among them, Indian ones occupied a not small part.

Also in October, Google claimed that a bug existing in the systems of Google Plus for over two years exposed half a million users to external developers. As a result, the company decided to close the social network.

According to a Google spokesman, millions of notifications of bugs and issues of privacy or security are annually sent to users. He also added that the worldwide governments are giving the more stringent rules that revolve around the internet companies’ exploitation of the users’ data. Of which, Greece and Vietnam are two countries that have applied the new legislation of cybersecurity.