Chandigarh's e-Admission portal forced students to submit sensitive data over an unencrypted connection. A PIL highlights how this exposes Aadhaar and bank details, while the UT's IT systems are already end-of-life. This immediately puts thousands of student applicants at privacy risk.
How We Got Here
Advocate Raja Vikrant Sharma filed a PIL on June 23, citing the DPDPA 2023 and other constitutional violations. The PIL specifically calls out the portal's lack of SSL/HTTPS, despite requiring biometric and bank data.
The Numbers
- An RTI revealed no itemised budget for SSL/HTTPS or cybersecurity infrastructure; these expenses are folded into a Rs. 17.1 crore (FY24-25) e-Governance budget.
- Most UT Data Centre IT infrastructure has reached its "end of life," with fresh procurement still "under progress."
- Cybersecurity audits are ad hoc and request-based, not via a standing SOP; a security auditor was only empanelled for FY26-27.
- The UT Administration claims SSL is "not feasible" on legacy infrastructure, promising full SSL after migration to the upgraded State Data Centre.
- While 94 of 127 government websites are secured, 33 remaining websites will take five to six months to migrate to SDC and get SSL.
What Happens Next
🇮🇳 Why This Matters for India
For citizens in Tier-2 and Tier-3 cities engaging with digital government services, such legacy system vulnerabilities erode trust in data protection mandates.
The Take
Chandigarh's "legacy infrastructure" excuse for unencrypted portals misses the point: basic HTTPS isn't a complex, high-budget item. This signals a systemic failure in routine security provisioning, which the DPDPA 2023 will increasingly expose across state governments.
Source:
MediaNama ↗