| XIV.
DATA SECURITY SYSTEMS National Computerised
Records Security Document
An issue related to
data ownership is that of data and systems security.
It is important that care be taken to protect the
confidentiality and ensure integrity of all critical
data containing information on citizens. A 'national
Computerised Records Security Requirements and
Recommendations Document' should immediately be
prepared for enforcing security requirements. This
document should provide a common set of formal
security standards for all Government data processing
installations to follow. This is all the more
important in the context of increasing vulnerability
to penetration of networks connected to the INTERNET.
Specialised
cells for Info-security
With the fast
expansion of computer networks data security will
become increasingly critical. Professional hackers
and anti-social elements can not only become a
nuisance but can cause serious breaches in the
security of networked systems. There have been
reports about 'information warfare' conducted to
breach military security systems in advanced
countries. It is important to develop within the law
enforcing agencies a specialisation to handle such
crime. Specialised units need to be set up in each
State and at the national level focused on high tech
crime and on the security of computer systems and
networks. Countries like Korea have, for example, set
up an Information Security Agency at the national
level to play the role of cybercop. The Government of
India should allocate suitable funds for setting up
such cells in all States.
National
Data Protection Policy
At the policy level,
Government will also have to frame a national policy
on info-security and privacy. Data Protection Acts
cover the handling of computerised data in most
advanced countries. In the case of the United
Kingdom, data users including Government Departments
have to register with a Data Protection Registrar,
and comply with a set of data protection principles,
combined with more specific provisions for particular
kinds of data. Rights of access, correction and
erasure of inaccurate information and even
compensation in some cases are provided to
individuals under the Act. In some countries
protection of privacy stipulates that personal data
can be used only to provide a service or for
accounting purposes. They must be deleted after they
have been used. Consumers may also protect themselves
from the technology which enable advertisers to track
network users.
Cyber
infractions
Cyber infractions in
the form of pornography, racism, etc., will also have
to be addressed within the legal framework.
|
