Privacy concerns related to the mandate to retain customer records
ANALYSIS Virtual Private Network (VPN) providers are digging in after the introduction of a new law India the obligation to collect user data and keep it for at least five years.
Under a new policy (PDF) from the country’s Computer Emergency Response Team (CERT-In), VPN Providers in the country must keep records and logs of customer names, physical addresses and contact numbers – all of which must be verified – along with email and IP addresses.
service provider must also record and retain the customer’s “Rental Term” (timestamp used at registration), contract purpose and “Ownership Pattern”.
Catch up on the latest cybersecurity news from India
That regulations will go into effect at the end of June, along with possible imprisonment or a ₹100,000 ($1,300) fine for violations of…
