The mystery was called to the NSUD - Newspaper Kommersant No. 165 (7366) of 09/08/2022

The mystery was called to the NSUD - Newspaper Kommersant No. 165 (7366) of 09/08/2022



In the new version of the bill regulating the work of the National Data Management System (NCMS), the Ministry of Economy introduces the concept of data sanitization - the separation of restricted access information, for example, constituting a communication secret, banking or tax. This is intended to simplify the procedure for exchanging data between government agencies, and will allow companies to use information from government systems to train artificial intelligence and build business models. But experts warn that if such information is enriched with other data, it may be compromised.

“Kommersant” got acquainted with the new version of the amendments to the law “On Information” prepared by the Ministry of Economy, which regulate the work of the National Data Management System. First of all, we are talking about fixing in the law the procedure for sanitizing data of limited access.

In accordance with the document, sanitized data is either personal information that has been changed so much that it is impossible to restore its ownership to a specific person, or related to banking, tax secrets, communication secrets, and so on, from which all confidential details that create the need for protection have been removed (details about transactions, paid taxes, etc.). It is assumed that for each type of restricted access information, special technologies and sanitization algorithms will be developed.

Creation of NSUD is provided by the national project "Digital Economy". It is planned to combine data from hundreds of state systems, registers and databases on the platform so that departments and businesses can exchange them. One of the main innovations of the previous version was the consolidation of the ability for businesses to access data on a reimbursable basis (see "Kommersant" dated May 26).

The Law “On Information” has end-to-end regulation, within the framework of its changes, the possibility is being developed to sanitize data for both the state and business, the Ministry of Economy specified, “while each sectoral by-law requires the development of technologies and algorithms, as well as special approaches to regulating sanitization ".

Sanitization does not contradict the policy in the field of data protection, assures the Ministry of Digital Development.

The mechanism can be used in working with databases of legal entities within the framework of the NSUD, the ministry added, “there is no personal data in the information on taxes and fees for the year, but there is confidential data.” As the interlocutor close to the development of the initiative explained to Kommersant, the processing will be handled by the NSUD. If the data sets are stored in the NSUD, then this system will be engaged in sanitization, and if the data belongs to the business, the procedure is carried out by the companies themselves, says Alexey Lukatsky, Positive Technologies security business consultant.

Mechanisms that, by removing confidential information, remove the use of data from regulatory restrictions, expand opportunities for reuse and should be introduced for business, says the president of the Big Data Association (incorporates MTS, MegaFon, Sberbank, Yandex, VK, Gazprombank etc.) Anna Serebryanikova.

Sanitization, notes Kirill Lyakhmanov, chief legal adviser of the EDB intellectual property practice, can help provide access to data collected by GIS for business, for example, it can be data on weather, housing and communal services, transport and pedestrian traffic, and air pollution.

Now Russian legislation does not stipulate any procedure for getting rid of data from the confidentiality regime, business cannot use information that is limited, for example, to secret communications or banking secrecy, says Karen Kazaryan, CEO of the Internet Research Institute.

In his opinion, the sanitization procedure allows businesses to use processed information of limited access for analysis by artificial intelligence. More familiar depersonalization is a special case of sanitization when it comes only to personal data, the expert specified. However, he warns, if sensitive information is handled incorrectly, there are risks of compromise, especially if it is enriched with other data.

Anastasia Gavrilyuk



Source link