Tag Archive for: Guidelines

Draft Data Anonymisation Guidelines Pulled Down a Week After Being Put Up For Public Comments


Last week, the draft document that listed guidelines for data anonymisation was removed from the information technology ministry’s website. The draft had been put up for public feedback just a week prior to being withdrawn. This is not the first instance of sudden retraction of draft Bills. In the past two years alone, major changes have been made to data-related Bills – the draft Indian Data Accessibility & Use Policy, 2022, was updated without any notification, and in 2021, the draft amendments to the IT Rules, 2021, were unceremoniously taken down during public consultations.

MeitY was in the news in August when it withdrew the Personal Data Protection Bill after facing much pushback from several quarters. The ministry said a new legal framework incorporating several changes and amendments would replace it. 

Data anonymisation draft pulled down

Two drafts – the Guidelines for Anonymisation of Data (AoD) and Mobile Security Guidelines (MSG) – listing guidelines on data anonymisation were put up on the IT ministry’s website for public consultation. The website had announced that all the public comments made until September 21 would be considered. It may be noted that the documents were released on a new website, instead of the official website of MeitY. Interestingly, no press release accompanied these documents at the time of uploading. 

A government official told ET that data anonymisation is a complex issue that needs wider consultation. “We will talk to experts again, look at global examples, examine them, and then put up the draft for public consultation in a few days,” the source said.

The data anonymisation draft included guidelines for all stakeholders involved in personal data processing and its subtypes through the e-governance projects. The draft aimed to lay down the recommendations for processing of the data collected through…

Source…

Everything You Need To Know About India’s New Guidelines Related to Cyber Incident Reporting by CERT-In | Ankura


On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In), a functional organization under the Ministry of Electronics and Information Technology (MeitY), Government of India issued directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet. [1]

The directions are issued to augment and strengthen cyber security in the country. The directions will be effective from June 27, 2022 (60 days from the date of issue).

  • Synchronization of time clocks to NTP servers of NIC – This is applicable to all service providers, intermediaries, data centers, body corporate and government organizations. For the servers and infrastructure hosted in India the time can be synced with the following:
    • National Informatics Centre (NIC):
      • samay1.nic.in
      • samay2.nic.in
    • National Physical Laboratory (NPL):
  • For servers and infrastructure outside India the time can be synced with the nearest server having atomic time. You may use https://pool.ntp.org/
  • While storing the logs of any device, application, database, etc. make sure the local time as , as well as the UTC time, is recorded in separate columns, if possible, along with time zone details alongside the timestamp.
  • Reporting Cyber Incidents in 6 hours to CERT-In – While many other developed countries expect the incidents to be reported in 48-72 hours, CERT-In has given a very aggressive time frame of 6 hours for reporting incidents. This means companies need to have a monitoring mechanism in place to identify cyber security incidents and a well-equipped incident response team along with an incident response plan must be in place. The relevant stakeholders should get immediate intimation in case of a suspected security breach, and they must be in a position to triage and avoid false positives. A readiness assessment can help check if the timeline can be met.
  • POC to Interact with CERT-In – Companies will need to assign a Point of Contact with whom CERT-In can communicate for any information. CERT-In has also provided a format in which such information needs to…

Source…

Germany proposes security guidelines for routers, but not everybody is happy

Germany proposes security guidelines for routers, but not everybody is happy

The German government has published draft guidelines on how it believes broadband routers should be secured. But some people think more could be done.

Read more in my article on the Bitdefender Box blog.

Graham Cluley