India's Telecom Commission to Be Guardian of DataRenamed Digital Communications Commission in Recognition of Broader Role
Rather than creating a new commission to take the lead role on data security, the government of India is giving the Telecom Commission that role and renaming it the Digital Communications Commission.
The government also is expected to eventually rename the Telecom Regulatory Authority of India as the Digital Commission Regulatory Authority of India.
Privacy experts are hopeful that converting the Telecom Commission to a digital commission will enable it to serve as the primary custodian of citizen's data, empowering it to establish data privacy, security and cybercrime policy.
Because consumers in India access most of their data via mobile phones, the telecom agencies needs to get involved, government officials tell the Economic Times.
Expanding Telecom Commission's Scope
Sandesh Anand, managing consultant at Synopsys Inc, an electronics software firm, says broadening the role of the Telecom Commission is a logical follow-up to the National Digital Communication Policy, or NDCP, that the government made public a few months ago. The NDCP 2018 policy projected telecommunications as a business-enabling segment that permeates across various sectors and recommended renaming the telecom commission and changing its role.
"The policy presents a broad mandate. It required a high-level agency like the Telecom Commission to take the data security framework forward," Anand says. "Instead of creating a new one, I guess the government intends to expand the scope of the telecom commission."
Some 93 percent of all India's data, including data for e-commerce, is consumed on telecom networks, a senior government official tells the Economic Times. "Aspects of data privacy, etc., should all come under one ambit - the Digital Commission and the Digital Communications regulator," the official said.
The broader role and renaming of the Telecom Commission complies with the draft national telecom policy focusing on data security recently put forth by the department of telecommunications for public comment that focuses on data security.
The policy states that a new Digital Communications Commission will be responsible for ensuring sovereignty, safety and security of digital communications and secure the interests of citizens and safeguard the digital sovereignty of India.
The commission will focus on ensuring individual autonomy and choice, data ownership, privacy and security, while recognizing data as a crucial economic resource.
"Empowering the Telecom Commission under its new name to control data is a step in the right direction, which recognizes the need to ensure all digital data created or consumed in India is regulated by a single entity," says Shashidhar C.N., founder and CEO of SecureIT.
Data Security: A Collaborative Approach
The proposed National Telecom Policy under NDCP 2018 has set goals for 2022. A digital commission is accountable for securing India by:
- Establishing a comprehensive data protection regime for digital communications that safeguards the privacy, autonomy and choice of individuals and facilitates India's effective participation in the global digital economy;
- Developing and deploying robust digital communication network security frameworks.
- Building capacity for security testing and establish appropriate security standards;
- Addressing security issues relating to encryption and security clearances;
- Enforcing accountability through appropriate institutional mechanisms to ensure citizens have safe and secure digital communications infrastructure and services.
The policy recommends the Telecom Commission establish a Security Incident Management and Response System for Digital Communications Sector by instituting a sectoral CERT.
It also recommends improving information sharing and coordination between various security agencies, including CERT-In and sectoral CERTs as may be necessary.
The new Digital Communications Commission needs to take a collaborative approach to meet its goals of securing India's data, says Hanish Bhatia, senior analyst at Counterpoint Research. "To realize the full potential of the telecom sector, greater participation of the private sector is critical and a partnership between government and private players is required," he says.
He also emphasizes that the government needs to be better prepared for the growth of 5G, artificial intelligence, machine learning ant the internet of things. "A separate body with participation from the private sector should be constituted to oversee and regulate newly developing areas like 5G, AI, ML and IoT to harness the power of digital technologies," he told the Gadgets.ndtv.com.
Latha Reddy, co-chair of the Global Commission on the Stability of Cyberspace and former deputy national security and cybersecurity adviser of India, calls for a "privacy by design" approach for data security.
"Support for building in privacy and security by design is growing as a result of the explosion of new technologies, like artificial intelligence and IoT. The commission should look into these," she says.
Aruna Sundararajan, secretary of telecom and chairman of the Telecom Commission, says a collaborative approach will help develop effective and appropriate security solutions to meet the new technology demands.
Meanwhile, collaboration between the government and academia is planned to help develop workers with skills in big data and artificial intelligence, she says.