In Pakistan, where organisations are "illegally" using and sharing the personal data of their clients with foreign enterprises, the situation is "extremely serious", lead data analyst at Love for Data, a predictive analytics company, Rajiv Pardhan raised alarm on Friday.
Speaking at a symposium titled 'Personal Data Protection and Big Data Analytics: Too Little, Too Late', organised by Ziauddin University's (ZU) law department, Pardhan said, "We are empowering these organisations by using and buying products from them."
Calling for collective action to curtail data theft, he added, "We have no idea how powerful we are. Collectively we can do wonders. We can easily control data theft and usage of our data without our permission." He elaborated that "We only need to stop buying products from that specific market. We need to avoid downloading such apps where details of personal data are required."
Aly Hassam Ul Haq, Centre for Law and Technology director at ZU, shed light on the fundamental idea of personal data protection.
"It [data protection] is to ensure that individuals have control over the collection and use of their personal and sensitive data," he said.
Haq stressed the need for granting effective knowledge and control to the data subject since digital data collection was prevalent in virtually every e-service or platform.
"As a result, user data has become more vulnerable than ever," he said, adding that to overcome exposure issues created by the breaches of personal data, laws that provided for the rules with which personal data was to be collected, processed and disseminated had been implemented.
"The government has taken the initiative to protect the privacy and personal data of every citizen through the [prospective] promulgation of the Personal Data Protection Bill, 2020. This is no doubt a pertinent step towards a better and digitally secure future for Pakistan," said Haq.
Also speaking on the occasion, Alishba Fazal, a research associate at ZU's law department, called to mind the examples of data theft and breaches.
"A well-known transport app leaked the data of 14 million users. Once a Dubai-based information security company claimed the private data of 115 million Pakistani mobile phone users was up for sale on the dark web with a price tag of $2.1 million. The Netwalker gang had demanded a $3.5 million ransom from a leading electricity distribution company, an amount which was increased to $7 million after a week," she said.
Turning the discussion to data protection, she added, "Pakistan currently has Data Protection Bill, 2020, which focuses on every aspect of how personal data may be protected in the country. [However], some clauses are still missing and Pakistan needs more transparency in the upcoming law."
Digital privacy and protection
Another research associate, Areeba Iqbal, outlined ways to ensure digital privacy and prevent data theft.
"You should be very careful where you click," she said. "Hackers compromise your online privacy through phishing attempts like sending fake emails. Make sure to use a passcode to lock your phone, use caution when downloading apps, protect your online privacy, ignore the "About Me" fields in your social media profiles [since these are public], create strong passwords, protect your web browsing and set up two-factor authentication."
Two-factor authentication or dual-factor authentication is a security process in which users need to provide two different factors to verify themselves.
Iqbal continued, "Do not accept app permissions without reading them, do not allow app permissions which are non-essential to an app's function, keep location turned off in your phone when not in use, use browser extensions such as Ghostery, AdBlock and CookieBlock and use "registered" VPNs to secure digital transmission of data to avoid hacking."
What can you do to protect your data?
- Be careful where you click
- Use passcodes to lock your phones
- Use caution when downloading apps
- Ignore 'about me' fields on social media
- Create strong passwords
- Set up two-factor authentication
- Do not accept app permission without using them
- Do not allow app permissions which are non-essential to an app's function e.g. permission for access to call log or contacts for a photo editing app
- Keep location turned off in your phone when not in use
- Use registered VPNs
Published in The Express Tribune, March 21st, 2021.