Dominos India should take responsibility for data breach of Apr-May 2021

0 have signed. Let’s get to 100!

At 100 signatures, this petition is more likely to be featured in recommendations!

Ministry of Electronics and Information Technology (MeitY)  is responsible for formulation, implementation and review of national policies in the field of information technology, electronics, internet (all matters other than licensing of Internet Service Provider), UIDAI and associated services & applications. 

In the Citizen's Charter it is mentioned that MeitY is responsible for "Matters relating to Cyber Laws, administration of the Information Technology Act, 2000 (21 of 2000) and other IT related laws. "

In a recent cyberattack, The data that has allegedly been compromised include 10 lakh credit card details and even addresses of people who ordered Pizza from Dominos. However, Dominos India in public statements had denied leak of financial details of users.

Jubilant FoodWorks, which runs Dominos India, should issue a public apology & immediately issue a statement of (1) what action they have taken to protect consumers' data privacy, (2) what action they have taken on this breach & (3) prove that financial data of customers is secure through a third-party audit.

MeitY should mete out an exemplary punishment to the company for being careless about PII data.

This is required as per - Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, Rule number 8.

8. Reasonable Security Practices and Procedures.— (1) A body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business. In the event of an information security breach, the body corporate or a person on its behalf shall be required to demonstrate, as and when called upon to do so by the agency mandated under the law, that they have implemented security control measures as per their documented information security programme and information security policies.