IT Taskforce
Basic Background  Report
9th June 1998


 

XIV. DATA SECURITY SYSTEMS

National Computerised Records Security Document

An issue related to data ownership is that of data and systems security. It is important that care be taken to protect the confidentiality and ensure integrity of all critical data containing information on citizens. A 'national Computerised Records Security Requirements and Recommendations Document' should immediately be prepared for enforcing security requirements. This document should provide a common set of formal security standards for all Government data processing installations to follow. This is all the more important in the context of increasing vulnerability to penetration of networks connected to the INTERNET.

Specialised cells for Info-security

With the fast expansion of computer networks data security will become increasingly critical. Professional hackers and anti-social elements can not only become a nuisance but can cause serious breaches in the security of networked systems. There have been reports about 'information warfare' conducted to breach military security systems in advanced countries. It is important to develop within the law enforcing agencies a specialisation to handle such crime. Specialised units need to be set up in each State and at the national level focused on high tech crime and on the security of computer systems and networks. Countries like Korea have, for example, set up an Information Security Agency at the national level to play the role of cybercop. The Government of India should allocate suitable funds for setting up such cells in all States.

National Data Protection Policy

At the policy level, Government will also have to frame a national policy on info-security and privacy. Data Protection Acts cover the handling of computerised data in most advanced countries. In the case of the United Kingdom, data users including Government Departments have to register with a Data Protection Registrar, and comply with a set of data protection principles, combined with more specific provisions for particular kinds of data. Rights of access, correction and erasure of inaccurate information and even compensation in some cases are provided to individuals under the Act. In some countries protection of privacy stipulates that personal data can be used only to provide a service or for accounting purposes. They must be deleted after they have been used. Consumers may also protect themselves from the technology which enable advertisers to track network users.

Cyber infractions

Cyber infractions in the form of pornography, racism, etc., will also have to be addressed within the legal framework.

 

Back to BR-1

Home