Tuesday, April 22, 2014

Need to Security Private Information - Requirement in India

Unique Identification Authority of India (UIDAI) data center in Bangalore is reported to have got a cover of 65 star guards from multi-skilled security agency, the Central Industrial Security Force (CISF) - Your identity is guarded by 65 armed men (article on times of India).

It indeed is a commendable step by the authorities, but my question here is - Is this measure enough to secure the Identity and avert the threat from identity theft? Actually Speaking NO and the reasons that attribute to the answer NO are -

  1. The personal information of an average Indian is scattered across the Government Offices, Public and Private Banks and other Financial Institutions to a large extent.  More scary portion is the availability of this information on papers across the offices
  2. There is no defined mechanism to destroy the paper work by the various organizations and agencies.  Many a times some or other people from various organizations sell of these as waste papers to the scrap dealers.  There have been various incidents in past where papers with critical and sensitive information have been located with the road side vendors (bhel puri and other chat senders)
  3. There is no defined guideline by the Government of India on how to use / dispose / destroy the information whether in paper or on computers
  4. There are no set standards in India with respect to destruction or recycling of magnetic / optical media that may contain sensitive / private / identity information.  Such media may be Hard-Drives, Pen-Drives, Backup Tapes, CDs, DVDs, SD Cards etc among others
  5. Nasscom has also not worked to this effect to advice with any standard guidelines to be utilized to this effect

Saying all this, we should not actually be cheering the news as published as it is the least of the measures that is required at deployment.  Another aspect to look at is - Has Government also provisioned a DR site for the UIDAI Data Center? Is that location also guarded with similar set of Security Personnel?  Unless we get that information, I guess this news is just a hogwash,

If you feel I am trying to belittle Government's efforts, then well I am not.  But my effort is to sensitize that there are additional steps required by the Government to ensure that the information related to the Identity of Indians as well as tourists / visitors to India is treated as sensitive and private.  Adequate measures as detailed below need to be put in place to ensure that such information is treated in fair and just manner - 

  1. Enact a Data Privacy Law - Government needs to take immediate measures to ensure that the Data Privacy Law is enacted and enforced to set the expectations on dealing with Private and Sensitive Data.  The Information that needs to be treated as private and sensitive should include - Aadhar Number (as part of the UIDAI effort), PAN Card numbers (from Income Tax Authorities), Voter ID (from election commission), Ration Card, Passports and any other similar set of documents and information that can help establish the identity of any individual
  2. Define Data Handling Guidelines - As part of the Data Privacy Law, Government must define the treatment of information classified as Private and Personal in a manner cognizant to safeguard the Identity of person holding it
  3. Define Data Destruction Guidelines - As part of the Data Privacy Law, Government must also define how the data no more needed is to be destroyed.  For the data on paper and optical media for that matter must be destroyed by using shredders. The data on magnetic media for that matter must be destroyed by using programs that would over-write the data multiple times using different algorithms and thus rendering data as unreadable
  4. Define Consent Requirement - Often this is one of the most overlooked case where the private and personal information of any individual is circulated / shared for commercial benefits.  There are cases where the Customer Relationship Officers or the Marketing Staff carries over the contact and similar other information to the next organization without consent of the Data Owners.  It needs to be noted that the receiving Organizations / Agencies are Data Custodians and not Data Owners, meaning they can use data for their internal processing purpose only.  For sharing or using data for any other reason than intended reason should not be permitted without consent from the Data Owners (Data Owner is the person about whom the information is)
  5. Define Agreement Forms - Government must ensure that the Agreement forms used for the purpose of providing services are defined only for those services for which the Information is obtained.  Such Agreements must not any Clause or Fine Prints like "Organization / Agency may use this information for any of the required processing as may be deemed required by the organization / agency.
These are the basic steps to be taken to ensure Data Privacy & Protection.  These needs to be enforced along with the Indian IT Security Act 2008 Amendment Act to ensure that adequate Information Security Risks are addressed including the identity theft and information compromise.....
Post is also available on 

Tech Notes GuruCool - Security and More

Monday, April 21, 2014

Walk Together

Walking on the path to success, One can't afford to walk slow. The competition is smart today and has added pace to the path to success.  Today, one has to really walk and work with a pace that was never seen before and to add to the complicity, one has to walk with the team. The success today does not depend how hard you worked, it now depends on how effective you were with you work and Communication.

Yes Communication today holds the key to success as the tasks are completed by the teams and success is achieved together.  So that would mean that you have to ensure that you walk and work together with the team as one unit.

They rightly said those famous lines - "If you want to walk fast, Ensure you walk alone, But to cover a long distance walk together". 

In today's context many would challenge the stuff and ask how is that possible? How can we walk fast as well as together?  

But look at the aspect that you can walk fast if the team can match the speed.  For the team to match up to the speed, every team member needs to help and support each other and get things going seamlessly for others.  You don't leave anyone behind when you are working as a team and you don't dump who are slow enough in their work.  What you rather do is help them complete their jobs and tasks in an efficient manner. 

So if all in the team would work in harmony and in synchronous manner, the speed wouldn't be lost and you would be walking fast...as a team.....as a unit....and since to tread the Success, you need to walk a long way....certainly you would be walking together...ensuring that if one is tired or is feeling exhausted the rest are their to support...

The essence of the lines quoted above doesn't change, though the context may change.....

Walk together....

Monday, April 14, 2014

Electoral Dance

With the recent elections progressing, we see a daily dance of electoral constituencies and the electors as well as politicians. The political parties have gone so berserk that they open any front including personal life of the leaders for just gaining that extra browny points.

How great is that?  Raising issue on personal life of each other is seriously a very bad representation or the way I put it across represents an ill state of mind.  For example, case of Narendra Modi where Congress leaders attacked him on non-declaration of his wife Jasodaben in his earlier electoral nomination forms.  The most recent case of One of the BJP leader commenting on Priyanka Gandhi being a devote drinker.

I am not sure what have these personal attacks to do with the Political Governance model?  If Mr. Swamy had to attack Priyanka gandhi, he needs to look at the senior BJP leaders - Shri Atal Bihari jee as well as Lal Krishna Adwani before opening his mouth and wagging his tougue at sweet nothing.

Similarly, if someone has to attack Mr. Modi, then they need to look at the case of Mr. Singh who had left the space for spouse name blank in his previous nomination forms.  If someone says that Mr. Modi couldn't respect his own wife, how would he respect women in the country? then the person needs to look at Mr. Gandhi, who is still an eligible Bachelor and has to settle down at home front....so how can he take care of the country if he has no time for personal life?

So coming back to the issue, attacking someone on personal grounds is certainly a display of sick mentality and we as the voters and the citizens of this country must assert on discussion on national issues.  I personally don't care if a person in particular is a bad husband or bad father at home, if that person can provide able leadership and is capable of leading good governance model for the country, I would support that person.

For me, anyone wagging his tail/tongue on someone's personal issue is not the candidate I would vote for.....

Bring on an open debate and discussion on Governance issue to get your sights right...on the country, the issues this nation wants to address....be the voice of nation and not of the filth in your mind...

Update 10:46 IST: Stumbled upon a video relevant to the post - Video

Wednesday, April 9, 2014

Land Reforms - My Thoughts

With regards to the ongoing industrialization and the conversion of agricultural land into industrial land, I have had discussions with various set of people including the farmers themselves. The people and the farmers as I mt have been from various parts of the country spanning across the states of Punjab, Haryana, UP, Bihar, MP, Maharashtra & Gujarat.  The discussions have been around the Land conversion and the experiences of farmers.  Some have had positive thinking on the way they sell their land and move away from traditional farming, others felt that they needed a better deal with respect to the land that they sell.

One common grudge that each one had was the way their land was bought by the government at x amount and is then sold to the industries and other housing developers at 4x or 5x the original price offered to the farmers.

Another issue that I personally noticed and have discussed with the farmers was availability of counselling on how to invest / use the money received from selling the land.  The farmers certainly are not well educated to ensure that they invest money wisely and that's where they fall pray to the nova rich they discover. All of sudden when the windfall arrives, they lookout to save the last penny and at the same time they look for a stable income source.

Here I feel or say I opine that the government needs to take more constructive efforts with providing free counselling to the farmers.  Additionally, I feel that the contracts from selling the land needs to be devised in the manner that the farmers get share or the overall earning of the industries.  The way I look at it - 

"Government rather than paying X should pay X-Y to the farmers and that Y then should be treated as the investment by the farmers towards the setting up of the industry or so.  This investment then needs to yield a return of anything between 7.5% to 10% on an yearly basis.  This way the land prices would be in check and at the same time this would help ensure continued income for the farmers even after then selling off their land.

Certainly, this needs to be an option provided to the farmers rather than making it compulsory, for some farmers may have other plans. But at least this would serve as a good option for those who don't know what to do with the huge chunk of money as received by them....and then when they lose all, they search for stray jobs....