Data protection

08 Jun 2019


AN alarming yet little discussed practice has become routine in the lives of mobile users across the country; citizens find themselves being subjected to a flurry of unsolicited mass messages which can be categorised as spam, the objective being to sell a product or service. From home tutors and visa services to restaurants, refrigeration products and even matrimonial companies, a large range of brands and sellers target citizens through these SMS adverts with the hope of luring them into buying a product or service. Most citizens haven’t a clue about how these companies obtained their personal information, such as their mobile phone number or email — a fact that has been underscored in a detailed investigation published in this newspaper recently. The report lays bare how people are selling subscriber details of numbers from various mobile networks in Pakistan, as well as their call history and location. Data being sold in Pakistan has to do with Nadra number details, CNIC pictures, call detail record (CDR), IMEI scanning, bank account details and secure active Sims. Shockingly, when one such seller was asked if a family tree of an individual could be provided if CNIC details were given, the reply was in the affirmative and the price tags for family trees, with and without photos, were quoted.

The phrase ‘data has become the new oil’ prompts the reckoning that it is data that oils the engines of modern e-commerce. Companies both big and small are after the personal data of consumers in order to target their marketing campaigns to attract prospective customers. It is no secret that the personal information of citizens has been compromised. As rightly highlighted in this report, threats to Pakistanis’ personal information are growing as the country’s digital footprint expands, allowing businesses — and even criminals — to misuse private data they should not have access to. Other than instances where this data is obtained directly and with consent, it is largely disseminated after being leaked from databases which should be secure. In the report, the general secretary of the Pakistan Software Houses Association has argued that many leaks of mobile numbers from telecom companies are reported to have been carried out by individuals who either worked for these companies or had worked for them in the past. Nadra employees have faced the same allegations — but law-enforcement agencies did not act against the individuals due to the absence of complaints.

The government must immediately turn its attention to data-protection laws. It is clear that there is a systemic issue of leaks within institutions that have databases like telcos or Nadra which have private information. The breach appears to be more of a human problem than a technical one, and laws must be formulated so that action can be taken against individuals who leak data to various entities and make citizens vulnerable to exploitation.

Published in Dawn, June 8th, 2019