The Ministry of Electronics and Information Technology (MeitY) has released draft documents for guidelines on data anonymisation and mobile security for e-governance projects conducted by the government. The documents are open for public consultation and comments can be submitted by September 21, 2022.
The draft titled ‘Guidelines for Anonymisation of Data (AoD) and Mobile Security Guidelines (MSG)’ was shared on the official portal for e-governance standards. In the document, MSG have been proposed to achieve mobile security goals such as confidentiality, integrity, authentication, accountability, etc. It defines three categories of mobile security: mobile device security, mobile communication security, and mobile services security. Further, the draft categorises mobile security control measures into three sections: policy-based measures, technology-based measures, and user-oriented measures. The measures will help protect privacy, sensitive data, and the security of transactions.
The scope of the proposed guidelines covers the stakeholders of the mobile ecosystem, including device manufacturers, application developers, network operators, mobile service providers, security testing organisations, and mobile phone users. It also prescribes ideal practices for mobile security testing and application vetting processes as well as defines the security levels for entities and technology components. As per the document, identifying the present security level of an entity or a component may help in measuring the gap and improving towards higher security levels. Besides, it includes guidelines for all stakeholders involved in the processing of personal data and its subtypes through e-governance projects. However, the department added that the guidelines could also be referred to by private entities processing personal information.
