What Do MeitY's Data Governance Guidelines Mean?3 Experts Discuss How the New Guidelines Will Affect Startups and Other Industries
A new draft of the National Data Governance Framework Policy published late last month by the Ministry of Electronics and Information Technology is a significant revision from the previous version issued in February. What did MeitY change, and how will the new guidelines affect privacy professionals and CISOs from various industries?
Three experts - Dipti Shroff, head of information security at Ugam Solutions; Anand Krishnan, policy manager at Data Security Council of India, or DSCI; and Shivangi Nadkarni, co-founder and CEO at Arrka - share their thoughts on the new guidelines.
"There is a focused approach with respect to improving governance outcomes and also a focused approach toward building of AI with startups. The guidelines have a very clear stream of data utilization and a centralized system. We have a lot more clarity on how data governance will be carried out," Krishnan says.
"The new draft is focused on data anonymization, and this is something that is getting discussed globally since true anonymization is hard to do. The framework has actually taken on the onus of laying down the processes and procedures for anonymization, and it is not black and white," Nadkarni says.
"The concern that I have is we are saying that we will come up with a framework, rules, etc. But we don’t know what it turns out to be on the ground. We have to wait and see. I need to know how I will be able to leverage this framework. There is a lot of clarity needed on that," Shroff says.
In this video interview, the three also discuss:
- The highlights of the new draft;
- How the data storage structure needs to work;
- Top recommendations on how to meet the guidelines in the new draft.
Shroff is head of information security and data privacy with Ugam Solutions. Previously, she worked with L&T Infotech, IBM and CitiusTech. She has more than 17 years of experience in the field of governance, risk and compliance.
Krishnan is a policy manager at DSCI. In this role, he leads identifying technology, privacy and security-related policy issues and developing policy positions for advocacy. He also leads privacy certifications and privacy content development.
Nadkarni is CEO at Arrka, which helps companies manage their information risks, data security and data privacy functions. She has more than 22 years of experience in information risk and privacy, e-commerce and networks. She previously headed the global application security and identity management practice at Wipro and established India's first licensed certifying authority for digital signatures in collaboration at Sift.