Data protection

Published March 28, 2024

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent another disaster. A JIT formed last year to probe a Nadra data breach, affecting approximately 2.7m citizens between 2019 and 2023, has shared its findings with the interior ministry. The findings reveal that data was compromised in Nadra’s Karachi, Multan, and Peshawar offices. The incident — not the first of its kind — has exposed the vulnerability of our personal data and the crucial need for stringent laws that mandate safeguarding against such breaches. The JIT’s recommendations, including technological upgrades and disciplinary actions against responsible officials, are necessary steps towards addressing the immediate aftermath of this breach. However, piecemeal responses alone are inadequate to prevent future incidents. The root of the problem lies not only in technological shortcomings but also in the absence of comprehensive legislation to hold accountable those entrusted with safeguarding citizens’ data.

While upgrading the technology employed by Nadra, the government must consider the use of stronger encryption and limiting unnecessary access to data. Moreover, restricting database access solely to the office premises can mitigate risks associated with remote breaches. However, these technical solutions must be complemented by legislation that treats the citizens’ private data as sacred and entails severe consequences for negligence. That Pakistanis’ data had surfaced in countries like Argentina and Romania is particularly alarming. Considering the state of identity theft globally, it is imperative that data protection laws are implemented forthwith and encompass both public and private entities, recognising that public bodies often hold the most extensive troves of personal data. Moreover, given the extensive centralisation of data within Nadra, many services such as telephony, transportation, courier, banking and hospitality rely on its database for biometric verification. This centralised approach, seemingly aimed at surveillance, introduces significant vulnerabilities with multiple parties accessing and utilising this database. This data leak must serve as a wake-up call for policymakers to enact and enforce the relevant laws. Bills have been drafted, but there have been no earnest efforts to advance them. A digitised world leaves no room for such massive security gaps. Pakistan must prioritise the protection of its citizens’ privacy and ensure that their data remains secure. Failure to do so would not only undermine individual rights but also hinder socioeconomic progress and security.

Published in Dawn, March 28th, 2024

Opinion

Editorial

Stalled talks
Updated 25 Jan, 2025

Stalled talks

It would have been wiser for PTI to not react to the provocation. However bitter their differences, both parties need something from each other.
Bureaucratic approach
25 Jan, 2025

Bureaucratic approach

WHEN bureaucrats fancy themselves as scholars, universities suffer. It’s a pity this is a lesson the Sindh...
West Bank’s turn
Updated 25 Jan, 2025

West Bank’s turn

It is highly likely that Israel will try and annex the West Bank, with the Trump admin egging it on.
Digital dragnet
24 Jan, 2025

Digital dragnet

The Pakistani state must stop inflicting wounds on itself and learn to resolve its internal issues through social and political means.
USC closure
24 Jan, 2025

USC closure

THE PML-N government seems to have finally firmed up its mind on the future of the Utility Stores. The cabinet has...
Hindu exodus
Updated 24 Jan, 2025

Hindu exodus

The state cannot absolve itself of the responsibility to protect Hindu citizens, and assure them of safety.