"It has been observed that a number of officials in the ministries/departments in the central and state governments are using the private mail services particularly hosted and operated from outside India for official communications. Such official communications are government and also the public records.''
It is to mention that data pertaining to such emails and web services is stored by these service providers outside Indian and is fully under their control.
"At the time of any security breach incident or data loss it becomes very difficult to obtain data from those service providers apart from the possibility of leakage of information as they are controlled by the service providers outside the country," the circular-cum-advisory issued last month said.''
The agency, while issuing the circular, has invoked Section 4 of the Public Records Act, 1993 (Prohibition against taking public records out of India) and some recent concerns raised by the Delhi High Court to buttress its point.
Keeping in view both the things in mind, the circular said, "All the ministries, departments of central and state governments should either use email services provided by National Informatics Centre (NIC) or they should use their own email and web services being fully controlled by them and hosted in India for official communication. CERT-In security guidelines/advisories as issues time to time should be followed."
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.