India: Data Security Council 'up and running' in Delhi
After some time in the making the National Association of Software and Services Companies (NASSCOM) have established the Data Security Council of India (DSCI). The DSCI will be an independent regulator responsible for privacy and data protection and other security issues impacting India’s valuable outsourcing industry. Shyamal Ghosh will be the new Chairman of the DSCI which will develop, promote and enforce privacy and data protection standards.
Speaking at the inauguration of the DSCI, Ghosh said,
“Today’s occasion marks an important step towards the DSCI’s mission of ensuring that the Indian Information Security environment benchmarks with the best across the globe. As the Indian IT industry continues on its growth path towards maintaining its global IT super power status, it becomes pertinent that we raise the bar in setting up a best practices framework for data security, privacy, conduct and ensuring its adoption by one and all.”
“With the support of NASSCOM and industry partners we hope to achieve the DSCI’s aim of providing a protected environment for data and privacy for IT and ITeS sector in India in order to maintain our leadership position in the global outsourcing arena.”
The DSCI also has a steering committee led by Jerry Rao, of the electronic data systems company MphasiS.
The committee is made up of members from Indian companies and multi-nationals, security experts, academics, researchers and government agencies.
The DSCI is a self-regulatory body but with a new Indian Data Protection Act on the horizon it is likely that the body will play a significant role in enforcing the legislation.
According to NASSCOM the key objectives of the DSCI will be:
• To enable Indian IT/ITeS organisations to provide high standards of security and data protection by adopting best practices.
• To develop, monitor and enforce an appropriate security and data protection standard for the Indian IT/ITES industry that would be adequate, cost effective, adaptable and comparable with global standards.
• To build capacity to provide security certification for organisations.
• To create a common platform for promoting sharing of knowledge about information security and foster a community of security professionals and firms.
• To create awareness among industry professionals and other stakeholders about security and privacy issues.
At its first meeting the DSCI identified the following priorities and set up sub-groups to look at the following issues:
• The current security status and the interest of organisations.
• A business model for the DSCI.
• Draft model contract templates, which can be used by small and medium sized businesses.
In the long term NASSCOM has indicated that the DSCI will also prioritise the following:
• Raising awareness through Security Forums: Creation and running of Security Forums throughout the country for creating awareness among the involved entities and individuals about the importance and measures for data protection.
• GAP analysis: Analysing the existing standards and best practices adopted by the industry in India and industry at international level.
• Devising standards and best practices: Consolidating, devising and enforcing ethical standards and best practice in line with international standards in order to create a secure environment for data in India that would be cost effective and easily adoptable.
• Research: Carrying out research in the field of data privacy and protection in the context of the Indian situation.
• Conferences: Organising national and regional conferences on data security issues.
• Certification: Certifying the companies who adopt the standard proposed by DSCI.