A research paper being prepared by the Data Security Council of India (DSCI), a group set up by IT services lobby group NASSCOM, will propose data anonymization standards, the council’s chief said on Tuesday.
Anonymization removes or alters personally identifiable information, resulting in data that cannot be associated with any individual. The government has expressed its intention to share anonymized data with start-ups and researchers to enable artificial intelligence and drive innovation.
The Department of Information Technology (IT) has released a guidance document to ensure that non-personal and anonymized data from government and private entities is securely accessible to the innovation ecosystem. Similarly, many state governments have also shown interest in the idea of using anonymized non-personal data.
However, the process of anonymizing user data and its irreversibility have raised concerns.
Vinayak Godse, chief executive of DSCI, said his organization was working on a paper examining anonymization as a tool for digitization.
“Giving unfiltered access is not advisable in several respects. Privacy is one of them, but the possibility of significant harm and maintaining ethics are also important to consider. There must be a mathematically proven assurance that it is impossible to trace an individual after the anonymization of the data. The strength of the crypto that was used for anonymization is also very important,” Godse said in an interview.
Defining anonymization is a challenge and technology standards and best practices would take care of that. “I think it’s an interesting area from the perspective of research and creating solutions, especially when the data is made available in abundance.”
DSCI collaborated with researchers, mathematicians and professors to write the research paper.
“It’s not an easy answer right now, but it does require critical examination. We’re not claiming that we’ll have a 100% perfect solution to this, because the technology is emerging so quickly. With quantum computing and processing power dropping to near 2-3 nanometers for end devices, the anonymization breakthrough is also improving.
Godse said writing the research paper could take up to two or three months.
The Ministry of Information Technology published guidelines on data anonymization on the official portal of the e-Governance Standards website in September. It aimed to establish recommended practices for handling data collected by e-governance portals such as Cowin Vaccination, Aarogya Setu, National Health Mission, etc. However, the guidelines were removed from the portal within a week.