Telecom companies face tougher data breach rules: Bid to enhance India’s cyber security framework

R. Suryamurthy New Delhi Published 25.11.24, 10:45 AM

Representational image File picture

The government has notified the Telecommunications (Telecom Cyber Security) Rules, 2024, empowering the Centre to request traffic data and other information, excluding message content, from telecom operators to bolster cyber security.

The rules, notified through a government gazette, also mandate telecom companies to establish infrastructure for collecting such data from designated points, enabling its processing and storage.

The collected data may be shared with law enforcement and security agencies for cybersecurity purposes, according to the notification.

The rules prohibit any actions that could endanger telecom cyber security, including the misuse of telecommunication equipment or services, fraud, impersonation, or the transmission of fraudulent messages.

While penalties for violations remain limited to service suspension or disconnection for up to three years, the regulations highlight preventive measures over punitive actions.

Telecom entities are now required to adopt a telecom cyber security policy, incorporating security safeguards, risk management approaches and rapid response mechanisms for addressing security incidents. These policies must include vulnerability assessments and network hardening, along with regular forensic analysis of incidents to mitigate future risks.

The rules mandate operators to report security incidents to the central government within six hours of detection, detailing the number of affected users, the incident's duration and geographical scope, and remedial actions within 24 hours. The government plans to establish a portal for implementing the rules and may issue directions through secure communication channels.

Cyber law expert Karnika Seth described the regulations as a step forward in enhancing India’s cyber security framework. “The rules aim to prevent crimes like phishing and cyber terrorism, improving transparency and accountability in telecommunications,” Seth said, noting their potential to strengthen the nation’s cyber resilience.

However, Nikhil Pahwa, a cyber security analyst, raised concerns about privacy risks. “These measures allow for extensive data collection and storage without judicial oversight, raising surveillance concerns,” he said. Pahwa urged users to adopt encrypted apps and virtual private networks (VPNs) to protect their data.

Telecom companies face tougher data breach rules: Bid to enhance India’s cyber security framework

Telecom entities are now required to adopt a telecom cyber security policy, incorporating security safeguards, risk management approaches and rapid response mechanisms for addressing security incidents

RELATED TOPICS

SC junks pleas challenging words 'socialist' and 'secular' in Preamble to the Constitution

Border-Gavaskar Trophy: India win by 295 runs against Australia in Perth

Bypoll results show TMC’s Bengal fortress is strong; why then is Didi’s party in a flux?

Governor did not unveil any bust of himself at Raj Bhavan nor did he install it on premises

Jaguar roars back: Viral backlash won’t derail ‘fearless’ rebrand of luxury automaker

RS proceedings adjourned till Wednesday amid Opp bid to raise Adani bribery issue

Lok Sabha adjourned till November 27 after Opposition members uproar on various issues

Nine Adani group firms climb in early trade; Adani Energy surges nearly 7%

A.R. Rahman issues legal notice over defamatory social media posts following separation

Social media sites call for Australia to delay its ban on children younger than 16

Certain individuals are trying to control Parliament for their own political gains

Sambhal violence toll rises to 4; prohibitory orders issued, outsiders' entry barred till Nov 30