Position Papers & Whitepapers

Over the past few years, we have published several position papers expressing our positions on salient issues related to the various domains we work in including Cyber Security, Privacy, Cloud, e-Governance and Transborder Data Flows, to name a few. Our position papers define the approach we adopt as an organisation, in these areas.

    • NASSCOM-DSCI Inputs on TRAI Cloud Computing Consultation Paper

      Jul 10, 2017

      NASSCOM believes that a uniform cloud adoption policy in the nation at all levels, across the centre and states and the broader industry, has the potential to revolutionize India and accelerate the pace of digital transformation, India has embarked upon. When dealing with cloud based service delivery, given the global reach and spread of the business, it is suggested that the regulations so framed, may have a light touch and be cognizant of what aspects can be regulated in the country.

      Read More
    • Nasscom-DSCI Submission on RBI Master Directions on PPIs

      Apr 15, 2017

      The Reserve Bank of India(RBI) recently released Master Directions on Issuance and Operation of Prepaid Payment Instruments(PPIs) in India and sought comments and suggestions from the stakeholders to finalize the draft. DSCI-NASSCOM analyzed the draft, consulted member organizations operating in this space and accordingly have prepared attached inputs that is submitted to RBI for further action. The inputs have been provided at principal level on the overall approach this framework should take, followed by section specific comments.

      Read More
    • NASSCOM –DSCI Submission to TRAI on Net Neutrality consultation paper

      Apr 01, 2017

      TRAI recently released its consultation paper on Net Neutrality and sought comments from different stakeholders including the Industry. The consultation paper could be accessed at Net Neutrality

      Read More
    • DSCI-NASSCOM inputs on MeitY ‘Security of Prepaid Payment Instrument Rules 2017- Draft’

      Mar 20, 2017

      Ministry of Electronics and Information Technology (MeitY) recently released the draft rules with the objective of enhancing Security of Prepaid Payment Instruments (PPIs) and sought comments and suggestions from the stakeholders to finalize the draft.

      Read More
    • DSCI communication on clarification of reporting onus of Cybersecurity Incidents to Cert-In/ICERT

      Jan 25, 2017

      DSCI issued a communication to its members clarifying the reporting responsibility of cybersecurity incidents to Computer Emergency Response Team of India (CERT-In or ICERT). Cert-In’s communication reiterated the notice of 2013, and rules issued under section 70B of IT Amendment Act 2008, issued on January16, 2014 focusing on entities such as ‘Service Providers’, ‘Intermediaries’, ‘Data Centers’ and ‘Body Corporates’, and qualifying cyber security incidents to be reported by them to CERT-In.

      Read More
    • NASSCOM-DSCI Response on TRAI Consultation on M2M Communications

      Jan 01, 2017

      The Internet of Things or M2M ecosystem poses unique security challenges as the Internet grows steadily and rapidly. It is widely acknowledged that IoT will be disrupting various Industries like healthcare, agriculture, smart city etc. TRAI/DOT should consider establishing an enabling environment to experiment with different security architectures, including proactive systems for self-defence, both at network and device level. The DoT along with CDAC should continue to focus on standards to drive security in M2M configurations.

      Read More
    • Whitepaper on Contemporary Issues for MEAs

      Aug 25, 2016

      The whitepaper covered three dimensions- technical, standardization, resource allocation and assignment and human conduct on the Internet.

      Read More
    • Discussion Paper on Data Localization

      Aug 25, 2016

      DSCI prepared a discussion paper on ‘Data Localization’ based on the DSCI-BSA Workshop held during BPM 2014. The goal of the workshop was to examine how issues and concerns that are being used to justify data localization can be suitably addressed at the global and national level. The paper summarizes the issues involved, examines the definition, drivers and methods of data localization, and includes recommendations for possible courses of action.

      Read More
    • Discussion Paper on Legal and Policy Issues in Cloud Computing

      Aug 25, 2016

      The Cloud promises immense benefits for businesses and even governments. The global technology architecture of the Cloud and the Internet are making it possible to deliver benefits and value including elasticity, cost advantage, flexibility, user experience, among others. The national concerns esp. those relating to national security are important, and must be respected by the industry. However, the solutions to challenges must be pragmatic, forward leaning and business friendly. Cloud is being claimed as the next growth frontier for the IT industry, and it could only be exploited to its full potential, if there is global consensus on the solutions to the issues hampering cloud adoption including those discussed in this note.

      Read More
    • DSCI Inputs on Comprehensive Approach on Personal Data Protection in the European Union

      Aug 25, 2016

      The above approach from the European Commission addresses the new challenges for the protection of personal data based on the inputs received from various stakeholders during the 2009-10 when it launched the review process for updating the Data Protection Directive 95/46. In the above paper, EC highlights the key objectives of the comprehensive approach to data protection. DSCI is pleased to submit its views on the global dimension of data protection, self-regulatory initiative and EU Certification Scheme and enhancing data controller's responsibility.

      Read More
    • Position Paper on Building an Ecosystem for Cyber Security and Data Protection in India (Published in 'Ethics and Policy of Biometrics', Springer)

      Aug 25, 2016

      Governments across the globe are gearing up through policy enactments and necessary investments to fight the menace of rising cybercrimes. These policies and investments also assure citizens of their privacy rights in the cyber space. India, with its high growth rate, is rapidly integrating itself with Internet Economy, where transactions are predominantly carried out electronically. The ecosystem for cyber security and data protection necessitates a strong legal framework, proactive government initiatives, active involvement of, and contribution by the industry and effective law enforcement mechanism. This paper discusses how India is responding to cyber security and data protection challenges, and how a new ecosystem is underway in recent years.

      Read More
    • DSCI Comments on National Cyber Security Policy

      Aug 25, 2016

      The National Security Policy not only promotes best practices which provide assurance and compliance but also creates a sense of trust in electronic transactions. The policy touches the need for a strong R&D requirement and enabling people through security education and awareness, skills training and certification. DSCI is fully supportive of these steps and has a few observations and comments on the National Cyber Security Policy.

      Read More
    • Whitepaper on Building an Ecosystem for Cyber Security and Data Protection in India

      Aug 25, 2016

      Governments across the globe are gearing up through policy enactments and necessary investments to fight the menace of rising cybercrimes. These policies and investments also assure citizens of their privacy rights in the cyber space. India, with its high growth rate, is rapidly integrating itself with Internet Economy, where transactions are predominantly carried out electronically. While Internet offers a new means for expanding economic and business avenues, it offers ease of operations and promises outreach. It is, however, subject to ever increasing dangers of cybercrimes and escalating misuse of personal information being collected by businesses. Individuals need legal protection to protect their personal rights and secure their transaction in cyberspace. This paper discusses how India is responding to cyber security and data protection challenges, and how a new ecosystem is underway in recent years.

      Read More
    • NASSCOM-DSCI Response to TRAI – Net Neutrality

      Jul 01, 2016

      NASSCOM and its members firmly believe that net neutrality is a core to the future of the India’s digital economy and that the Government must implement adequate safeguards to ensure that principles of net neutrality are preserved, and ensuring that no new hurdles are created that could potentially stifle the innovative digital ecosystem like OTT services. Therefore, interventions being contemplated by TRAI should be guided by the broader objectives of promoting innovation and universal connectivity for all Indians, without compromising on the principles of net neutrality.

      Read More
    • Advisory on functioning of Matrimonial Websites in accordance with IT Act, 2000

      Jun 06, 2016

      DeitY has issued an advisory for the Matrimonial Websites /Matrimonial mobiles apps. It reiterates the need for matrimonial websites and mobile apps to comply with Information Technology (Amendment) Act, 2008 and Rules such as providing the details of the Grievance officer and complaint redressal mechanism to the users.

      Read More
    • Cybersecurity - Mobilizing for International Action

      Jan 18, 2016

      It is time for the international community to start debates and discussions to encourage nations to create domestic public-private partnerships for cybersecurity, establishing laws for cyber crimes, and, more importantly, to take steps for international cooperation to secure cyberspace.

      Read More
    • DSCI Inputs on IANA Stewardship Transition Coordination Group (ICG) Draft Proposal

      Sep 08, 2015

      After NTIA's announcement of 14 March 2014, ICANN launched a 'multi-stakeholder' process and discussion to gather community views and inputs on the principles and mechanisms for transitioning of NTIA's stewardship of the Internet Assigned Numbers Authority (IANA) functions. The proposal, although detailed in many aspects, fails to address contentious issues that were primary reasons for initiation of the stewardship transition process. Read DSCI inputs on the draft proposal.

      Read More
    • Whitepaper on Best Practices for Cloud Adoption by Indian Banks as Member of Security WG Established by The Open Group

      Mar 01, 2015

      Cloud computing is an obvious option for banks in order to have efficient and cost-effective IT strategy. Nowadays the infrastructure is augmented by advanced analytics, real-time campaign management, and customer experience analytics. Which are compute heavy. The whitepaper provides insights so that management of various banking institutions can embrace and adopt cloud computing.

      Read More
    • Provisioning 2.0: The Future of Provisioning

      Dec 01, 2014

      This white paper from Goode Intelligence (GI) explores how existing provisioning solutions are failing to support the business in an era where new IT service models are rapidly being deployed. New IT service models that support mobile and cloud computing have created problems for organizations that are already struggling with outdated identity and access governance tools. The paper explores a vision for Provisioning 2.0 where the goal is to weave provisioning into the very fabric of business process. Provisioning 2.0 is business driven, is easy to deploy and maintain and is built for today’s agile IT.

      Read More
    • Risk Intelligence: Harnessing Risk, Exploiting Opportunity

      Jun 01, 2014

      This white paper explains how organizations can change discussion about risk from the “Risk Landscape” to the “Opportunity Landscape.” Organizations need to show how proactively managing risk becomes an enabler to explore opportunities, rather than simply avoiding landmines. It all starts with the ability to manage operational risk in a manner that frees up resources to focus on the company’s long term, strategic objectives. Risk Intelligence gives companies the confidence to harness risk to explore new opportunities.

      Read More
    • NASSCOM-DSCI Position Paper on Internet Governance and ITU ITRs

      Nov 01, 2012

      There have been debates globally on whether in its attempts to create new International Telecommunication Rules (ITRs), the ITU trying to control the Internet, and encourage censorship. India has joined countries like US, UK and Canada to oppose government regulation of the Internet at the ITU WCIT meetings at Dubai, concluded on 14th Dec 2012, where new ITRs are being negotiated - the existing ITRs agreed upon in 1988 covered only international telephony. This paper details out NASSCOM-DSCI position on the emerging global issue of Internet Governance and ITU ITRs.

      Read More
    • NASSCOM-DSCI position on Internet Governance and ITU ITRs

      Nov 01, 2012

      Internet governance is an important policy and governance issue that has been raised at international level. Since the World Summit on Internet Society in 2003, nations have called for a transparent, democratic and multilateral governance of the Internet. This is against the current global governance by Internet Corporation of Assigned Names and Numbers (ICANN) – a company incorporated in the state of California, governed by the US Laws, and accountable to the US Department of Commerce under an agreement. While ICANN is responsible for technical operations of root and domain names infrastructure, it also acts as a transnational governance institution that makes global Internet public policies, some of which are sovereign interests of the nations.

      Read More
    • Whitepaper on EU Adequacy Assessment of India

      Jan 07, 2012

      DSCI, along with NASSCOM, is working with the Department of Commerce (DoC) and Department of Information Technology & Electronics (DeitY) on the issue of transborder flow of data from the European Union (EU) to India. This white paper attempts to evaluate the adequacy of India’s information privacy regime in light of the ‘third country’ assessment mandated under Article 25 of the Directive. The paper attempts to provide a response against each assessment criteria as identified in the 2010 Report. This paper draws arguments from the social and cultural context prevalent in India, its constitutional provisions, judicial attitudes to information privacy and the legal provisions - generic and specific - to data protection in India.

      Read More
    • DSCI Response on Future of Data Protection Submitted to EU

      Aug 26, 2010

      DSCI submitted its consultation on the Future of Data Protection by contributing to the Questionnaire for Stakeholders Consultation on 1 July 2010 on the revision of EU Data Protection Directive 95/46. It entails responses to 11 questions put forward for discussions.

      Read More
    • DSCI Response to EU - Future of Data Protection

      Aug 26, 2010

      DSCI submitted its consultation on the Future of Data Protection by contributing to the Questionnaire for Stakeholders Consultation on 1 July 2010 on the revision of EU Data Protection Directive 95/46.

      Read More
    • Comments on the Proposed Draft Bill on the National Identification Authority of India

      Jul 13, 2010

      The Unique Identification Authority of India (UIDAI) invited public comments on the draft National Identification Authority of India Bill, 2010. The Bill provides for the establishment of a National Identification Authority of India (NIAI) for the purpose of issuing identification numbers to individuals residing in India and to certain other classes of individuals and manner of authentication of such individuals to facilitate access to benefits and services to such individuals to which they are entitled and for matters connected therewith or incidental thereto. DSCI submitted its comments on the proposed draft Bill on the National Identification Authority of India.

      Read More
    • Consultation Paper on Cyber Security and Right to Privacy to Standing Committee on Information Technology

      Jul 09, 2010

      DSCI submitted a consultation paper to Standing Committee on Information Technology on 9 July 2010. The paper debates on cybersecurity and privacy issue in Indian context. Finally, DSCI submitted its recommendation to the Standing Committee on the Privacy Bill. DSCI believes that self-regulation with support from legal sanctity and reforms should be the path for the privacy policy, where a Self-Regulatory Organization (SRO) defines the process and codes of practices, which are vetted and recognized by the government through the proposed laws. DSCI believes that co-regulation should be the guiding spirit.

      Read More
    • Legal Framework for Data Protection and Security and Privacy Norms

      Jul 05, 2010

      The first workshop on Legal Framework for Privacy, Data Protection and Security happened on 21 July 2010. Representatives from MHA, Cert-IN, IBA, UIDAI legal and DSCI attended the workshop and expressed their views. The workshop has been organized to elicit views of the practitioners in the field and also the civil society organizations regarding proposed legislation. Data Security Council of India presented its view in the consultation paper submitted to the Department of Personnel and Training (DoPT).

      Read More
    • EU Data Protection Directive FAQs

      Jun 23, 2010

      Transborder data flows from European Union (EU) countries are covered under Article 25 of the EU Data Protection Directive 95/46. In the Working Party document WP 12/98 on “Transfers of personal data to third countries”, Standard Contractual Clauses (SCCs) were proposed as one of the well accepted ways of transferring data to such countries. SCCs were revised in year 2002, and another version was brought out by the Working Party in February 2010. It is important for the IT-BPM service providers, especially the BPM organizations in India to have understanding of the SCCs. With this in view, DSCI requested Ms. Vaiji Raghunathan to create a self-contained FAQs de-mystifying the clauses.

      Read More
    • Policy Paper on Privacy in India for Project RISE

      May 01, 2010

      The paper discusses the importance of privacy in the indian environment. It covers various aspects of privacy in the digital age during data collection or due to the impact of globalization or with the rise of social networking. All these have an impact on information sharing and this mammoth information and its analysis may lead to privacy concerns. The paper further discusses on how the Indian economy is transforming to e-Economy and how privacy impacts new age transactions and service deliveries, and finally provides policy recommendations to various stakeholders of the Indian economy, which includes, the Government of India, e-Governance projects, the Civil Society, Law Enforcement Agencies, Industry Regulatory Bodies, Industry Bodies and the Outsourcing Industry.

      Read More
    • Privacy in India

      May 01, 2010

      The paper discusses the importance of privacy in indian environement. It covers various aspects of Privacy in the Digital Age during Data Collection or due to Impact of Globalization or with the use of Social Networking. All these have an impact during Information sharing and this Mammoth Information and its analysis may lead to Privacy Concerns. The paper further discusses on how an Indian Economy is transforming to E-economy and how does Privacy impacts in the New Age Transactions and Service Deliveries.

       

      Read More
    • Data Protection - Security and Privacy

      Mar 21, 2010

      Privacy protection will grow in importance as people use more and more online applications for banking, e-commerce, and e-governance everywhere, including in India. This is because any privacy breaches resulting in data loss may compromise large number of records. This amounts to identity theft, since data stolen can be used for committing frauds, including financial frauds.

      Read More
    • Data Protection - Security and Privacy : Cyber Society of India

      Feb 13, 2010

      Data Protection - Security and Privacy Cyber Society of India - Delhi Chapter Conference Date: 13 Feb 2010

      Read More
    • Position Paper on Security and Privacy Challenges in UIDAI project

      Jan 21, 2010

      A key necessity of the UID system is to reduce/eliminate duplicate identity in order to improve the efficiency of the service delivery of various government initiatives. UIDAI has chosen biometrics feature set as the primary method to check for duplicate identity. Identity and authentication are distinct components of the steps necessary to use a secure system. Identity without authentication lacks proof; authentication without identity invalidates auditing and eliminates multi-user capability. The paper examines the security and privacy challenges in the project.

      Read More
    • Security & Privacy Challenges In UIDAI

      Jan 21, 2010

      The UID authority will only issue a unique identifier - a randomized number – that will only identify a person with his attributes that will include biometric information (Fingerprints, IRIS, Face). It is clear that only the biometric information will be unique to an individual, and will be used for de-duplication process. While name, photograph, address etc of a person may not be entirely private, since these can be obtained from various sources, it is the biometric information which is unique to an individual that is claimed to be highly confidential and personal, even though we have pointed to evidence contrary to this.

      Read More