Nepal IGF 2019, Kathmandu, 28 Sep
Report of the Panel Discussion: Data governance challenges in Nepal
This panel discussion organized by Nepal Internet Governance Forum 2019 explored the status of Data Governance in the Nepalese context and the importance of evidence-based decision-making from a National perspective. The expected outcome of this discussion is to bring out issues of data governance and building an acceptability framework and framework of trust and controls.
The speaker Mr. Vivek S. Rana, IT professional working for a Global IT Advisory practice specializing in Enterprise Architecture, IT strategy, and ICT governance put forward his views on what entails data governance and importance the of Data Governance to ensure data integrity, confidentiality, availability, and privacy. Vivek has worked on data architecture through TOGAF practices and certified professional in Enterprise IT Governance, he was able to bring out the core issues, challenges, and ways forward to deliver possible workable solution ensuring all stakeholders are prepared and committed to the changes involved from moving from a current Adhoc/non-existent data governance state to a desired future state enabling data-driven, evidence-based decision making.
The presentation started from an overarching theme – Data is political and how Nation states need to start thinking of data as economic fuel and currency of future in support to their national development agenda to spur evidence-based development interventions and data-driven decision making which impacts its citizens.
The presentation delved into aspects of governance and decision domains and the importance of involving stakeholders in governance structure to ensure there is a correct process followed in the collection, dissemination, visualization, and decision about data, including and for each type of decision made clearly mentioning
(1) who will be involved,
(2) How will the decision be made
(3) what tools will be used
(4) What value measures will be used
(5) How exceptions will be handled from a holistic enterprise approach not just satisfying reporting requirements from a particular ministry/department.
The presentation was structured in the following manner –
- Issues about Data Governance in Nepal
- Challenges concerning data governance
- Possible solutions and way forward
- Issues about Data Governance in Nepal:
Governance continues to be an esoteric domain in Nepali systems with the term Governance often being misinterpreted as management and operations of data. Governance continues to be thought of as a discipline in terms of IT systems rather than a useful tool and a decision-making process-oriented around Data.
- Challenges concerning data Governance:
Governance continues to slip as a management role and very often there is very little separation between the Governance and management role. As the management role is more visible in society, people get allured and attracted in this role and neglect the importance of Governance. This attraction has resulted in Governance structured developed from the perspective of management and not the other way around, i.e., from Governance to management. This missing link has increasing caused serious issues on data Governance especially in developing countries that try to mimic well-established structures from developed economies and fail because of a lack of understanding of the pertinent inputs that are required to have well-functioning governance system benefiting the stakeholders.
- Possible solutions and way forward:
Having the right stakeholder approach and developing Governance systems to address the needs from a stakeholder perspective is vital for any governance process. Understanding the Business drivers, accountability framework Data governance implementation practices, Government processes, and cultural change by translating objectives into actions and aligning data collection, analysis, visualization, recording practices standards and frameworks to the needs and culture of Nepal is very important.
More importantly, as Nepal has transitioned from a unitary system to 3-tier federal systems; the impact of these changes and the need to choose the correct time and way to achieve the possible desired results, considering different but possible scenarios need to be considered by understanding the stakeholder groups whose motivation, maturity and intent are diverse and different need to be assessed and developing Business scenarios could significantly assist in making the transition smooth a=and in minimizing negative effects.
In the context of Nepal, the focus has always been IT systems and databases and not the data. There is a strong need for goal-oriented leadership, strong institutional mechanism for coordination, collaboration and communication across multiple stakeholders and agile practices for value creation as critical success factors for the data governance implementation. The fact that Governance is misunderstood by the majority of the people in the region and have opted to use the definition that best suits their project hence data management and data operational issues are tackled as data governance part leaving behind the most critical and difficult issues that need to be tackled addressed first and foremost.
These points were reiterated by all other panelists as well as participants, pointing to the need for the more regulatory framework for data governance that promotes inclusion, accessibility, ease of use, consistency and better decision making. The following is the report of the proceedings.
Mr. Hempal Shrestha is a lawyer by profession and has worked in several multi-national and bi-lateral donor agencies in areas of ICT for development, Knowledge management, and communications.
- Manish Pokhrel is faculty at the Department of Computer science and Engineering, Kathmandu University and specializes in e-governance.
- Ashutosh M Dixit is a fellow of Australia National University (ANU) and specializes in economic research and data-driven development initiatives. He has worked as a consultant for the National planning commission and several bilateral and multilateral donors.
- Ramesh Pokharel is the Deputy Director at the National Information Technology Center, Government of Nepal. He overseas NITC IT operations where government systems are hosted and managed.
- Bimal P. Shah is an e-governance specialist with special interest in public policy reform. He has worked for several multilateral donors, Government of Nepal as ICT policy specialist and researcher on policy research analyzing the impact of ICT in National development initiatives
The panel discussion was organized by Nepal Internet Governance Forum on 28 Sep 2019. In his opening remarks, Mr. Hempal Shrestha underlined the context and background on the rise of interest in data governance in public discourse. He shared his conversation with CTO of Rediff, Ajit Venki Nishtala about the need of data governance for the private sector to remain competitive as well maintain the integrity and confidentiality of the data that the business may hold. He raised very critical questions regarding the regulation of data that transit and store across different geography with the proliferation of cloud computing, social media.
He started the panel with the questions of what does data governance mean, challenges and opportunities of the data governance. After the panel, comments and questions from the floor were taken and responses from the panelists followed.
Initiating the discussion Dixit said he has a keen interest in data governance from the viewpoint of an economist for both personal and institutional reasons as he has worked on data-driven initiatives to calculate the cost of financing with the baseline indicators on meeting Sustainable Development Goals in Nepal. According to Dixit, contrary to the traditional approach to drafting economic policy, accurate and consistent data sets are needed to map policy documents that are practical and realistic.
By adopting, the UN 2030 Agenda, Nepal has committed “Leaving No One Behind” in its implementation of the Sustainable Development Goals (SDGs) to enjoy sustained, inclusive and sustainable economic growth and social progress. He quoted, “If we don’t have enough data, how can we know who is left behind?”
There are challenges and opportunities in data governance. For an economist, data points are vital to write policy discourse. He explained the challenges in periodic data collection, data stored in multiple silos such as data landscape of MIS systems of different levels of government resulting in lack of accuracy, availability, consistency, reliability, and interoperability. If these data do not speak to each other, they only function as a standalone MIS. There are tremendous opportunities in data aggregation from micro to macro level and integration across different government agencies for better policy mapping to address the challenges across federal, provincial and local level government structures.
Concluding his points, Dixit opinioned data governance in the micro-level and if we are not able to ensure the quality of data at the local level, it will not work at a macro level. He emphasized the revision of government policies to ensure the privacy, confidentially and accuracy of data for the common good and better governance.
Bimal P Shah
Shah mentioned millions of terabytes of data are being collected, processed by Facebook, Netflix, Youtube, Google, and global tech companies. These tech companies analyze these data by using Artificial Intelligence for massive revenue generation by means of advertisement and changing consumer behaviors, public discourse across the world. He put across his views on the erosion of individual privacy in the age of the internet revolution. Individual privacy which is predominantly coming from Anglo Saxon school of thought still matters a lot of us but is it really so. The conceptual framework of privacy, which was developed during the late 70s to early 80s might be hard to achieve these days. He quoted Mark Zuckerberg, CEO of Facebook “Privacy is not the social norm anymore in Internet Age.” He agreed on this quote.
He presented different schools of thought prevalent in the Scandinavian economy like Sweden where the government ensures open data culture for transparency and accountability for the benefits of public and communities over individual rights.
With the surge of data generated every second by IoT devices connected to the internet and wide usage of social media, he stressed the need of privacy to be refined. Users do not go through the End User’s Agreement when the opening account in facebook, google, Linkedin. It is an individual’s choice by opting out of these social networks to maintain some degree of privacy online. However, we cannot opt-out of the government services provided online like license, NID, passport, taxes. He concluded by expressing the approach of fine balance between data privacy and innovation when the government is handling the public data on the formulation of strong data protection act.
Dr. Manish Pokharel
As an academician, Dr. Pokharel outlines the new research and development in the field of data governance. Apart from providing data integrity, data security, data availability and data accessibility, data governance must ensure quality and intelligent data for prompt and proper decision making. Raw data should be converted into intelligent and quality data for the current industrial revolution 4.0.
Simply storing data and using it for reporting practices is not enough to remain competitive and ahead in today’s context. Traditionally, cities with economies of scale flourished near big rivers but in this age where data is being driven by three pillars of technology, climate change, and globalization, cities flourish where an enormous chunk of data flow and analyzed. UN report on digital economy states that 100 GB of data transacted per day in 1992, by 2022 it is estimated to rise exponentially by 200,000 GB of data per second. 75 Billion IoT devices in the field of disaster management, office management, climate change, home appliances, wearable devices will be online by 2025. This will provide huge challenges in management of data generated by these devices as well as opportunities to the next generation of innovative businesses.
He provided the eminence of China in the field of Artificial Intelligence-driven by growth in data. He stated that China is new Saudi Arabia, they have enormous data to fuel the development of Artificial Intelligence across different industries. “If AI is a rocket, data is its fuel. Without data, the machine cannot learn and AI will not work.”
He raised the question, “Who will be the superpower in ten years’ time?” and responded to big tech companies like Google and Facebook as likely superpowers.
He discussed the emergence of data science as a new field of study and research in academics to overcome the challenges and create new opportunities in data acquisition, visualization for better governance. Collaboration between government and universities is a must move forward.
As a custodian of government data, he shared his experience on the challenges faced by the government in managing data. He shared government policy that mandates all government data be must be stored centrally in GIDC. As present, they provide infrastructure, computing and storage facilities to different government agencies across 3 different layers of government.
He briefed on the lack of policy to define data owners, minimum criteria of data quality, the pool of human resources to manage those data, use case of data stored in GIDC.
He explained the recent breach of government sites due to hosting in third-party hosting providers, the security of data stored in GIDC and strengthening the security posture of GIDC by investing on next-generation firewall and web application firewall.
He suggested the first pre-requisite to maintain data security is to develop a secure application by developers. Since the internet is vulnerable, cryptography like SSL, TLS must be made mandatory, however, it is huge national undertaking.
Comments/Questions and Clarification from the Floor
By initiating a debate on the subject, Sarita Lamichhane, visually impaired delegate lamented the inadequate participation of women, disabled and rural communities in the policymaking process and the various debates on the subject. She suggested issues of accessibility, inclusion, and diversity should be accommodated in the analytical papers published by panelist Dixit as well as on the policy-making of data governance. She questions Dr. Pokharel on how universities are creating an enabling environment for students with disabilities to study data science. By sensitizing the disabled community about the data governance, literacy- consent of data gathering, acquisition, a lot can be achieved in maintaining their dignity.
Vivek Silwal comments on the need of data localization in Nepal with the GDPR regulation being made mandatory across the world by the EU. He provided the example of recent Aadhaar Card Breach in Nepal and wanted to know what lessons we should learn to protect personal data vis-à-vis National ID implementation in Nepal. He questions Mr. Ramesh Pokharel on the government’s ability to protect citizens’ personal data and the role of NITC. He also opinioned that investment should be made in data protection by the government.
Rita Baramu pointed on the lack of women in this panel. She raised the concerns on the power structure on people managing data, how data is being used, whether it is being for surveillance in a patriarchal society and how to ensure the informed consent of citizens
Subha Kayastha questioned on who is benefiting from the data, whether it is a rich white man from developed countries. She pointed out the ethnic cleansing in Myanmar by surveillance on religious minorities and ensuing of the same on this region. We need open data, ensure informed consent, limit the collection of too much information in personal data to minimize the risk of misuse, retention policy and assurance of server location and people accessing the data.
Diya Basu, a researcher from India, shared her views of how civil society organizations in India are shaping data protection and privacy agendas in India. No matter how technical architecture of data is maintained, power relations are drivers of these data structures. Data have political, economic and social value Data is never neutral.
Responses from the Panel:
- Following the SDG. The industrial revolution was vertical; it impacted differently to rich and poor people. Industrial revolution – horizontal revolution. Accessibility-
- The tragedy of commons- if data is common good, it helps to enhance the common goals. Open data standards and protocols need to define clearly. Data should be the oil of the industrial revolution. For example, Pathao (motorcycle taxi services in Nepal)
- Academic institute- need to think for marginalized communities. MSC by research,
- MRP passport, why I need to give all the data- we need to understand the data. The government can best utilize the data; increasing the data volume is not a solution. Data should be created in an intelligent manner.
- What is said perfectly is right as regulating agencies, government agencies are getting. As long as the person doesn’t use their pictures;
- Physical security of data, you need to cross the number of steps. Virtual security, network security, firewall, application firewall,
- Our government applied world-class data security. We can’t provide all the details of the server since it is a matter of privacy. We ourselves bridging the privacy since it is common interest….minimum security.
- What about security? – External and internal security, process security and ethical security. I am secure until my neighbor is security. Privacy is always linked to security. I don’t think that privacy is only a matter of political discussion.
- Surveillance concept- what comes first? Privacy first or Security later.
- The debate is good.
- USA government asks all the information of Social Media- fifth-generation security…..
- Security is not possible 100 % privacy is limited.
- World-class security, whichever site you access, with 137 Government data- how do you guarantee the world-class security? My concern is the operating model?
- Ramesh- two-way security- application and network security, public-private security -first the website, which you created, should be secure. Application itself is secure and unsecured. Why people are not creating -NITC (GITC).
- Vivek Rana: An Operating model, in terms of the governing system- how to collect, how to exchange, what are the values and disciplines of data collection, why this data is required for governance. A similar governance system can’t be applied everywhere; a different level of decision making requires different levels of Governance. One body/committee should not be making all Governance level decisions.
- A strong need of data protection Act in Nepal
Author: Vivek S. Rana