How safe is your data - Meet India’s Non-Resident Data (File Photo)
Do you live under the impression that your data – private, personal or work-related is safe and sound within India? You are wrong! This write-up ventures to address the issue in a comprehensive fashion, notwithstanding the pros and cons which have been appearing in the media.
What is (or are) data, after all? Technically, it constitutes a representation of facts, concepts or instructions in a formatted style, suitable for communication, interpretation or processing – typically anything other than voice. By now, we have become all too aware of the myriad benign and hurtful uses and applications which data can extend to us.
Financial transactions, mobile telephony, governance activities, strategic information, personal and corporate information – almost anything you can think of – are maintained in data form. It is thus axiomatic that our data should remain on our geographical domain and within India’s control.
Here, let us first look at a few fundamentals. The Indian Telegraph Act stipulates: “Within India, the Central Government shall have the exclusive privilege of establishing, maintaining and working telegraphs” The Act defines “telegraph” as “any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, visual or other electromagnetic emissions, radio waves or Hertzian waves, galvanic, electric or magnetic means.
The International Telecommunication Regulations also state that each country shall have sovereign right to regulate its telecommunications. However, data travels on the Internet which is a global network, without a central governing body, encompassing many countries and autonomous networks, each setting and enforcing its own policies and therefore the matter should be looked at carefully.
Towards achieving sovereignty on data, it is naturally important that our data – or the major portion - resides in India. Towards this end, it shall obviously be necessary to take several measures on the technical front. First and foremost - adequate data-centre capacity must be established within India. The large funds needed for this purpose, which could run into a few thousand crores of rupees, could be provided possibly through the cooperation of the corporate world (PPP style), which should function under the overall control of the Central Government.
These data centres, servers etc. should, of course, be established at suitable locations so that information signals travel the least distance beyond Indian territory - only when so needed e.g. to globally access or interact with overseas points. This entire secure network would need 24x7 power supply - the requirements are going to be huge.
Two equally vital requirements of this exercise are--to set up appropriate cybersecurity arrangements equipped with 24x7 monitoring group and to establish a dedicated workforce which must set up and commission these facilities.
Only after these activities have been completed, would India be in a position to assert its rightful position with relevant organisations at the international level for acquiring sovereign control of its data. This is not only desirable but also necessary in view of India’s demographic as well as geopolitical situation. In other words, there is the need for sovereign control. Such control is the national prerogative in peace-time, when it touches all walks of the nation’s life, and cannot be compromised owing to its strategic importance even in times of emergency. Hence to safeguard national interest, it is necessary that measures be adopted at policy as well as implementation level.
(The writer is Chairman and Convener, Infocom Think Tank, former Special Secretary to Government of India)