Saturday, September 11, 2021

Is Service Delivery Data Hungry?

 -Santulan Chaubey[1]

Recently, I noticed that mobile app of my bank pops up a message where it tried to make me understand that the bank intent to collect and monitor my financial transaction related SMS which includes name of transaction party, transaction description and amount for the purpose of performing credit risk analysis assessment. They also want to read my contacts to understand my profile better which helps them provide best loan offers, etc. The pop up has only one button “I understand”. It is a forceful intent to make me understand that if you want to avail the services of the bank then reveal financial transaction information. I never requested any loan from them.

 The Problem:

It is generally observed that organization try to obtain blanket consent from the user to read SMS, contact details, use Mic and Camera, etc. Especially in case of mobile app, User Interface (UI) is designed in such a way that one must first give consent, only then mobile allows them to access the application. The user is generally unaware of consequences of her consent. It leads to misuse of personal sensitive information.

 

Regardless, it is Government or Private/Public Sector, there is a general tendency to ask more information than required to provide service to a citizen. The service provider should not ask the information, not necessary to process immediate service request.

 

Available Instruments:

Mr. Clive Humby, a British Mathematician and Data Science Entrepreneur, in 2006,  stated that “Data is the new Oil” underlining its importance in terms of monetization power[1]. It establishes the importance of data in new digital economy. Indeed, there is need to flourish Digital Economy in India. But the owners of data, an individual, cannot be treated as oil fields. Therefore, necessary legal framework is to be kept in the place to ensure protection of personal data. To empower Indians, it is necessary to protect their personal data. Such legal framework will encourage innovation, development and progress of the country[2].

 

In absence of an enabling legal framework on Personal Data Protection, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 are framed under Section 43A of the Information Technology Act, 2000 (21 of 2000) to address the privacy of personal data issues.[3]. As per the provisions of above-mentioned Rule under para (5)- Collection of Information, the consent to share the data is to be taken either in writing or through email or fax from the personal data owner. There is no mention of obtaining consent for the service not requested. The consent of personal data owner cannot be obtained to share the data in anticipation of the service demanded in the future.

 

To protect privacy of the Indians and to empower them, the committee of experts under the chairmanship of Justice BN Srikrishna has drafted a report on Data Protection Framework and a draft bill. The committee has submitted its report to Ministry of Electronics and Information Technology on July 27, 2018[4]. The report detailed insight on fiduciary relationship and obligations, definition of personal data, consent-based processing, etc. Once the Parliament accepts the bill, India will have its own Sensitive Personal Data (SPD) protection legal framework.

 

Business Process Reengineering (BPR) will help in minimizing the requirements of data / uploading of files by using existing enabling technologies like Web Services or linking with databases. The services provider in most of the case is not required to keep data after online/real time verification. Obligations of Data Fiduciaries have been well defined in the proposed bill. Even in the present Rules under Section 43(A), agencies collecting data are to adhere standards like ISO 27001.

 

Mobile/Web Application Development agencies are also to ensure that unnecessary demand for accessing information of the customer may be harmful in the coming data protection regime. For example, permission to read and send SMS “occasionally” is flexuous and out of context in most of the transactions.

 

Immediate Solution:

Considering Rules framed under IT ACT, there is a need to regulate the mobile/web apps to ensure they adhere to the provisions of the IT Act as such. This is like the websites certified for the Guidelines for Indian Government Websites (GIGW)[5]. All mobile/web app having requirements of collection of personal data should be certified for adhering best practices in data protection and privacy by an identified agency say RBI or MeitY before releasing to the public. The first screen of the app should promptly display the certificate with verification mechanism.

 

In existing grievance management systems like ombudsman, CPGRAM, etc, there is no specific category for data protection breach by various agencies, leading to either rejection or no addressal for the grievances. A separate category on data protection breach is also required to add in existing grievances management applications for a proper redressal of the grievance under the existing provisions.

There is a necessity to make public aware on the provisions of Rules framed under Section 43(A) of IT Act. It will help public in knowing right to privacy and being the owner of data consent process to share the data with others.

 

Bibliography:

[1]       A. Mavuduru, “Is Data Really the New Oil in the 21st Century?” https://towardsdatascience.com/is-data-really-the-new-oil-in-the-21st-century-17d014811b88 (accessed Sep. 08, 2021).

[2]       C. of E. under the C. of J. B. N. Srikrishna, “A Free and Fair Digital Economy Protecting Privacy, Empowering Indians - Committee of Experts under the Chairmanship of Justice B.N. Srikrishna,” Minist. Electron. Inf. Technol., pp. 1–213, 2018.

[3]       MeitY, “Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011,” 2011.

[4]       B. Srikrishna, “A Free and Fair Digital Economy.” https://prsindia.org/policy/report-summaries/free-and-fair-digital-economy.

[5]       NIC, “Government of India Guidelines for the Websites (GIGW).” https://guidelines.india.gov.in/ (accessed Sep. 09, 2021).

 


[1] The views of the author are personal.

Posted by at No comments:
Labels:

Friday, August 20, 2021

Disrupting Technologies Transforming Health Care

-Santulan Chaubey[1]

Imagine, you get an alert message on your mobile regarding increased sugar level and blood pressure of your old age father in India while you are on official tour to USA. Before you could take any action, the doctor calls you not to worry, as the necessary action has already been taken. Yes. The patient care is transforming with the help of various emerging technologies. In a life saving process, the availability of vital health parameters at the right time are decisive.

The emerging technologies are now playing a major role in transforming patient care. The word emerging technology some time confuses the decision makers whether to use the emerging technologies or to stick to the proven ones to mitigate the risk of failure. The emerging technologies include advances in edge computing, computer vision, data mining and analysis, statistical machine learning techniques; all driven by general advances in computational power.  All these technologies are now mature enough to use. These technologies have already been deployed by various TOP500 companies for their general business needs. These technologies, therefore, have become proven technologies. We should not keep referring to them as “emerging”. Let us pave the way to other upcoming technologies to take over as emerging technologies.

Any transformation in the society is a journey with bag and baggage’s. Generally, transformation comes with change management. It takes time to adopt the changes. The digital transformation is no different. However, in last two years, Corona pandemic has radically changed the overall dynamics of dealing with data and decision making. Decision maker struggled with quality of data. Most of the data capturing points were not only manual but also quality of the data was in question.

 

Automation in seeding the primary data is the starting point for building a platform for the decision support system. Purity of data is the most critical requirement in building a useful /effective decision support system. Generally, data capturing starts with manual entry of primary data. It always has high probability of erroneous data. Manual data entry highly depends on skills and efficiency of the person keying the data. Internet of Things (IoT) based on sensors is the going to be the most happening thing in Digital Transformation in coming decade especially in health sector. The manual data entry must be avoided as much as possible. Wherever, it is not possible to avoid the manual data entry, enough checks and balances be kept in place into the software developed for this purpose to ensure near error free data.

The journey of brining impact in decision making also starts with data. Following are the stopovers in the journey of data transforming into an Application of Wisdom.

 


Therefore, the next radical change will be in way the data is extracted and inferred using advances in sensor technology. Smart watches laden with aforementioned sensors also hit the market and attracted a lot of users, interpolating useful information like oxygen level, SPO2, heartbeats per minute measurements, etc.  The sensor-interpolated data is sent to the cloud servers of the smart watch company and is further analyzed. The insight of data is provided to the customer helping him to take informed decisions. At present, such facilities are available to very limited segment of individuals.

Privacy of personal sensitive data is a major concern especially in health sector. The thumb rule for data privacy is to protect data but to share the insight and wisdom extracted out of data. The application of wisdom will be visible to the stakeholders automatically. A mechanism is to be evolved so that the overall access control of personal data remains with the patient only. Hospitals, Clinics, Labs and Doctors should be able to access the relevant information with the consent of the patient. In absence of enabling legal provisions, a lot of these technologies are open for misuse and a potential of distrust from the user.

There is a need to take this transformation to the last mile of patient care. Enterprise Patient Care Architecture, factoring in the capabilities of edge computing and data analytics automation, will bring a complete transformation in health care sector. Following are the key enablers in the transformation of patient care using enabling technologies.

·       Umbrella Open Standard Enterprise Architecture embedding Electronic Health Records (EHR).

·       Open APIs to share data

·       Data retention policy to manage voluminous data at various levels

·       Legal framework for the protection of sensitive personal data.

This framework will be completely interoperable and provide freedom to the services providers to use any IT systems capable of plugin with Open Standard Enterprise Architecture and open APIs.

[1] The views of the author are his personal. This paper is also published in ET Government on 16th August 2021 https://government.economictimes.indiatimes.com/news/governance/opinion-emerging-technologies-transforming-healthcare/85370169  

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)