Following an exclusive report in HuffPost India, the Andhra Pradesh (AP) government has started taking steps to prevent the leak of citizen's personal data from government websites, and we have learned that the government's new incident reporting portal called Andhra Pradesh Computer Response Team (APCRT) is likely to go live in about a week, according to sources in the government.
Two weeks ago, after HuffPost India reported that an AP government website was leaking the details of medicines people purchased, such as the name and phone number of a man in Anantpur in Rayalseema who bought Suhagra - a generic version of viagra - the government ordered audits on data leaks, and the creation of an incident reporting mechanism.
At the time, the Principal secretary of IT, K Vijayanand, said the government had directed the Andhra Pradesh State Cyber Security Operations Centre (APCSOC) to conduct an audit of all the departments' websites to identify if any sensitive public data is available on them. APCSOC will carry out regular audits of all departments' websites, and is also about to launch a website to educate individuals and organisations about the importance of security. The same site can also be used to report incidents - individuals can report incidents they find, while organisations can bring up their security issues, which APCSOC will try and offer assistance with.
The APCSOC was inaugurated in April, and from May, it began the process of security auditing the government departments' online presence. "Security is one issue. Privacy is another, and it is important and pertinent," said V Premchand Managing Director of Andhra Pradesh Technology Services, which oversees cyber security issues in the AP government, and is the authority running APCSOC.
"We started doing security audits in May, and it has been a very time consuming process," he added. "The different departments have their own systems and a lot of the decisions on security have so far been taking place on an ad hoc basis, so one of the first tasks for us was to establish the SOP (standard operating procedure) to be followed. We are now going to do this for privacy along with security."
However, it's up to the departments to determine what constitutes a breach of privacy. "We are not going to define privacy, we are a technological agency," he said. "What we can do is tell the department, 'hey, this data is available,' and then they can determine whether that is intentional or not."
Sources in the government showed what the APCRT would look like once live, with sections showing the latest security news updates, and advisories for the general public on how to secure their gadgets, aside from a page to report cyber security issues with different options for government agencies, organisations, and individuals to make their reports.