The Directorate General of Civil Aviation (DGCA) has revealed that it lost its entire data set regarding to safety and security of planes and pilots, reports Daily Mail. The report mentions that the air safety regulator revealed this information in reply to an RTI query, stating that a server crash in August 2015 caused the data loss.
The data was apparently stored on a NIC (national informatics center) server, which crashed destroying the data it carried. None of the data was recoverable, although some of the records were available in physical form. The data included number of hours flown by pilots, logging of duty time, digital identities of pilots etc., essentially making pilot data easy to fake. Note that NIC servers have been reportedly hacked several times – in 2011 by Anonymous, in 2014 by ‘LEET’ and by Legion just last year.
This is a pretty big error on the DGCA’s part as it will now be difficult to verify pilot data, logged hours and other such details that were otherwise digitized. The agency has since started re collecting information, and digitizing the information of new pilot licenses and renewals, but the data lost is impossible to recover, and the task of re digitization of old data from physical files, if at all all are available, will be pretty difficult. It’s not clear if the agency is taking further measures this time around to prevent such incidents from recurring.
This data loss once again underscores the need for privacy and security laws in the country. Government agencies should be especially wary of losing or exposing important information that can cause public security risks – for example this data loss could lead to an increase of under qualified pilots ending up flying planes they shouldn’t be. Note that a leak of user information by a Mumbai-based pathology lab had caused the government to setup an agency for enforcing privacy and security measures for electronic health data. However, what we need is a long term law that can define how user data should and can be handled/stored/consumed, how much and what privacy is offered by data collectors and the security measures and responsibilities that come with holding that data.