Electronic mail or e-mail has become an indispensable part of government, companies, individuals and businesses alike. However, the obligations and liabilities to use e-mail are different for different stakeholders. Of all the stakeholders, the government owes the strictest responsibility to ensure that it has a robust and cyber secure e-mail infrastructure and policy at place.
Indian government and its departments have not only failed to formulate and implement a robust and cyber secure e-mail policy but they have also been negligent on the front of securing crucial and sensitive government and public data. As on date many sensitive data and documents are residing on the servers of foreign e-mail service providers from where they are openly available to foreign intelligence and security agencies to analyse.
The e-mail policy of India has been in pipeline for long but till now nothing has been done on this regard. This is a serious issue as e-mail is one of the favourite methods of cyber criminals to compromise computer systems and to gain sensitive and personal information. Further, service providers like G-mail are abetting and encouraging commission of cyber crimes as well. E-mail service providers like g-mail, yahoo, hotmail, etc are also facilitating violating the provisions of Public Records Act, 1993 wherever public records are involved.
Realising the seriousness of the situation, Delhi High Court is analysing e-mail policy of India and complaint mechanism to Facebook. The Delhi High Court has also directed central government to issue notification regarding electronic signature under Information Technology Act 2000. An advisory by Maharashtra Government to use official e-mails has already been issued. The Delhi High Court has once again chided the central government and department of electronics and information technology (DeitY) and given them four weeks time in totality to come up with the e-mail policy of India.
DeitY has already issued policy documents in this regard. These include email services and usage policies of Government of India (PDF), NIC policy on format of e-mail address (PDF), password policy of Government of India (PDF), security policy for users by Government of India (PDF) and service level agreement by Government of India (PDF).
Indian government has also failed on the fronts of privacy protection and data protection (PDF). Even the Parliament committee slammed Indian government for poor privacy laws in India. The Supreme Court of India has also prohibited UIDAI from sharing sensitive biometric details of the registered Aadhar users. There is no sense in delaying enactment of e-mail policy of India, privacy law and data protection law of India and the same must be done as soon as possible.