Chandigarh’s Directorate of Higher Education is under scrutiny after a public interest litigation was filed over its admission portal’s failure to implement SSL/HTTPS encryption. The petition highlights the risks of transmitting sensitive personal data on an unsecured platform and questions the administration’s cybersecurity practices amid legacy infrastructure constraints.

  • Admission portal lacks SSL, exposing sensitive data.
  • Legacy infrastructure cited as barrier to HTTPS.
  • Migration to upgraded State Data Centre planned in 5–6 months.

What happened

Advocate Raja Vikrant Sharma filed a public interest litigation on June 23 challenging the Chandigarh Directorate of Higher Education’s e-Admission portal for operating without SSL or HTTPS encryption. Applicants were required to submit critical personal information, including bank details and biometric data, on this unsecured platform. An RTI response revealed the absence of a dedicated budget for cybersecurity measures and that the majority of the IT infrastructure at the UT Data Centre has reached end of life.

The PIL contends that this setup violates multiple constitutional protections, sections of the Information Technology Act, the Digital Personal Data Protection Act, and government accessibility standards. The Chandigarh administration admitted in the High Court that implementing SSL on the admission portal is not currently feasible due to reliance on legacy infrastructure, pledging to enable SSL once migration to an upgraded State Data Centre is completed.

Why it matters

Operating government portals without HTTPS encryption puts sensitive applicant data at risk of interception or misuse by third parties. This is particularly critical as the portal processes highly confidential information such as Aadhaar numbers and biometric data. Ensuring robust encryption aligns with legal mandates for data protection and accessibility, critical for safeguarding citizens’ privacy and trust in public digital services.

The administration’s acknowledgment of legacy infrastructure limitations highlights broader challenges in modernizing IT systems within government institutions. The phased upgrade approach impacts the timeline for secure data handling and compliance with updated cybersecurity standards, underscoring the need for prioritizing infrastructure investment in e-governance.

What to watch next

Monitoring the Chandigarh Administration’s progress on migrating its applications and infrastructure to the upgraded State Data Centre is key, as the assurance to implement SSL/HTTPS encryption post-migration is pivotal to resolving the security concerns raised. The administration estimates this process will take five to six months, during which interim data protection measures will continue to be scrutinized for effectiveness.

The outcome of the PIL under the Punjab and Haryana High Court will also set important precedence for enforcing cybersecurity requirements across Indian government portals, driving future policy and budgetary decisions on IT security. Stakeholders and users should watch for any court directives and subsequent administrative actions enhancing overall cybersecurity compliance.

Source assisted: This briefing began from a discovered source item from MediaNama. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings