In India, virtual private network companies will be required to collect extensive customer data — and maintain it for five years or more — under a new national directive from the country’s Computer Emergency Response Team, known as CERT-in.
The directive isn’t limited to VPN providers. Data centers and cloud service providers are both listed under the same provision. The companies will have to keep customer information even after the customer has canceled their subscription or account. And, in all case, CERT-in will require the companies to report on their users’ “unauthorized access to social media accounts.”
bad day for privacy,
Read the full article here: