NEW DELHI: The railways is planning to disinvest Indian Railway Catering and Tourism Corporation (IRCTC) but the sale might raise concerns over data privacy. In June, the government put on hold disinvestment of IRCTC because it wanted to tap the massive pile of user data.
Recently, the Telecom Regulatory of Authority (TRAI) has issued various recommendations on security and ownership of and rights over telecom data. TRAI said companies that collected and process user data had no right over it. It said the entities controlling and processing user data were mere custodians.
“There is huge data with the company and that is not getting captured in the valuation. We are trying to see how we can utilise that,” Railway minister Piyush Goyal had told a news conference in June.
“Something about this just rings strange to me,” Vasant Dhar, a data scientist and professor at the Stern School of Business and the Center for Data Science at New York University, told. He said passengers giving the railways their data did not expect it to be sold further for profit.
Sharing IRCTC data as part of a disinvestment deal, he said, would mean that data given to the railways as a custodian would be passed on to unknown third parties. “Companies should monetise data,” Dhar said. “You should expect something very different from the government.”
The IRCTC website and other information channels of the railways generate huge passenger data. “The Indian Railways is one of the largest data creators in the world. It has to handle a large volume of data which needs to be used wisely. Data analytics is a way forward,” the then railway minister Suresh Prabhu said at a round table conference on data analytics last year.
“All of this together creates mammoth data which is probably one of the largest in the world but data itself is of no use unless it is tabulated into something.”
Highlighting the need for proper data analytics for the future management information system, he said, “It would help to take appropriate decisions and also to eventually monetise it without compromising any privacy law and privacy ethics.”