This move comes in after a number of data breach incidents were reported by Google and Facebook
At present, penalties for failing to report a data breach are reportedly very low
Reports say that companies willfully delay responses to investigations of potential breaches
The Indian government is reportedly considering higher penalties on companies which fail to immediately report data breach incidents affecting Indian users.
According to reports ,the Ministry of Electronics and Information Technology (MeitY), is working on introducing new rules under the IT Act, after a spate of data breach incidents reported by Google and Facebook which had affected Indian users.
Earlier this month, Google had to shut down its social network, Google+, after the personal data of about 500K users was leaked.
Following the Facebook-Cambridge Analytica data breach scandal, which affected about 5.62 Lakh Indian users in April, the social media company reported another security breach, affecting as many as 50 Mn accounts worldwide in September.
At present, under the Information Technology Act, 2008, companies are liable for financial penalties if they fail to report a leak of user data to MeitY or other government cyber agencies.
However, citing unnamed sources, an ET report stated that the current penalties are too low.
The report added that most of the companies do not actively follow the law and also delay their response when letters are sent to them seeking information.
With a focus on on data protection norms and user privacy, government agencies have taken a firm stance with tech companies over data leaks. The Centre is also currently drafting a Data Protection Bill, which if passed in its current form, will require internet companies to store user data in data centres located in India.
[The development was reported by ET]