NASSCOM research group to come up with standards for data anonymisation

'Unfiltered access not advisable', says CEO of Data Security Council of India

A research paper being prepared by the Data Security Council of India (DSCI), a group set up by IT services lobby group NASSCOM, will propose standards for data anonymisation, said the council’s leader on Tuesday.

Anonymisation removes or modifies personally identifiable information, resulting in data that cannot be associated with any one individual. The government has expressed its intent to share anonymised data with start-ups and researchers to enable artificial intelligence and boost innovation.

The Information Technology (IT) Ministry has released a policy paper that aims to ensure that non-personal and anonymized data of the government and private entities are safely accessible for the innovation ecosystem. Similarly, many state governments have also shown interest in the idea of utilising anonymised non-personal data.

However, there have been concerns over the process of anonymising user data and its irreversibility.

Vinayak Godse, the chief executive officer of DSCI, said his organisation is working on a paper examining anonymization as a tool for digitisation.

“Giving unfiltered access is not advisable from various perspectives. Privacy is one of them, but the possibility of significant harm and maintaining ethics are also important to consider. There has to be a mathematically proven assurance that tracing back to an individual is not possible after anonymising the data. The strength of the crypto that has been used for anonymisation is also very important,” Godse said in an interview.

Defining anonymisation is a challenge and technology standards and best practices would deal with that. “I think this is an interesting area from the research and solution-building perspective, especially when data is made available abundantly.”

DSCI has collaborated with researchers, mathematicians, and professors to come up with the research paper.

“It’s not an easy answer as of now, but it needs a critical examination. We don’t claim that we will have a 100 per cent perfect solution to this, as technology is emerging so rapidly. With quantum computing and processing power coming down to almost 2-3 nanometres for end devices, breaking anonymisation is also improving.”

Godse said completing the research paper may take up to two-three months.

The IT Ministry in September released guidelines on data anonymisation on the official portal for e-governance standards website. It aimed to lay down recommended practices for processing data gathered by e-governance portals such as Cowin vaccination, Aarogya Setu, National Health Mission, etc. However, the guidelines were taken down from the portal within a week.