Skip to content

E-governance: Draft rules on data anonymisation, mobile security released

The Ministry of Electronics and IT (MeitY) on Tuesday released draft documents for guidelines on data anonymization and mobile security for the e-governance projects conducted by the government. The documents are open for public consultation and the comments would be accepted until September 21.

The drafts, titled ‘Guidelines for Anonymisation of Data (AoD) and Mobile Security Guidelines (MSG)’, were shared on the official portal for e-Governance Standards.

The document on anonymisation of data includes guidelines for all stakeholders involved in the processing of personal data and its subtypes through e-governance projects.

However, the department added that the guidelines could also be referred to by private entities processing personal information.

E-governance projects such as the National Health Mission, Cowin vaccination, Aarogya Setu and healthcare data, Smart cities, and Payment ecosystem (Account Aggregators) generate a huge amount of data. The draft rules aim to lay down the recommended practices for processing this data.

In February 2021, the Standardization Testing Quality Certification (STQC) Directorate and Center for Development of Advanced Computing (C-DAC), Pune, were commissioned to formulate standards and guidelines in the areas of e-Governance.

The Mobile Security Guidelines (MSG) have been proposed to achieve mobile security goals such as confidentiality, integrity, authentication, accountability, etc. It categorizes mobile security into three sections such as mobile device security, mobile communication security, and mobile services security.

The document has also defined three categories of mobile security control, such as policy-based measures, technology-based measures, and user-oriented measures. These would help in protecting privacy, sensitive data, and the security of transactions.

The scope of the proposed guidelines covers the stakeholders of the mobile ecosystem including device manufacturers, application developers, network operators, mobile service providers, security testing organizations, and mobile phone users.

The draft also prescribes ideal practices for mobile security testing and application vetting processes. It has defined security levels for entities and technology components. Identifying the present security level of an entity or a component may help measure the gap and improve towards higher security levels, according to the document.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

.