All kinds of data and information that can be used to identify and track a person need to be protected to ensure that no unwanted person gets to know much about an individual. Unauthorised and careless handling of data can, no doubt, be very harmful.
As personal data is becoming valuable, means of accessing data are evolving and cases of misuse of data are increasing, it is a cause for concern as to what happens to our personal data that we keep sharing at different places while we travel, stay in a hotel, attend a seminar, or go to a hospital, etc. At certain security check-posts our national identity card details are noted in manual registers and our phone numbers are taken. When we enter a hotel, we are asked to provide personal data in writing. The minimum that we provide is our name, father’s name, date of birth, address, the national identity card number, and the phone number. This minimum is sufficient to track a person down to his or her place.
Since there is no specific legislation in the country that governs personal data collection, processing and protection, it must raise our concern. There are other legislations like Prevention of Electronic Crimes Act, 2016, and Payment Systems and Electronic Funds Transfers Act, 2007 which discuss data protection at some level but are specific to certain situations as apparent in their titles. But what about other places where personal data is collected?
It was in May 2020 when the draft of Personal Data Protection Bill 2020 was introduced on the website of the Ministry of IT and Telecom for consultation. It is evident from the study of the draft bill that it takes the matter of personal data protection seriously. But there is no word on whether any further process was done to bring it to the assembly.
With the passage of time, more scams have happened. There are cases where scammers reach different service consumers via phone and begin conversation, quoting and confirming personal data. The scammers give an impression that they are authorised representatives of the service provider. Innocent subscribers fall prey to them.
From where do these scammers get the personal data? Online data hacking is usually thought to be the reason. Another possible answer can be that this is actually the personal data people share at different places, which is not properly handled, and end up in the hands of these scammers.
The issue of personal data protection needs to be taken seriously as it is not just about protecting an individual’s particulars, but it is also necessary to ensure the constitutional right of freedom in its many forms. The freedom to access someone’s personal data is akin to having control over their freedom. Personal data can be used to extract money from an individual’s bank accounts; implicate somebody in a crime; expose somebody to a life-threating situation, etc. Furthermore, no consumer-friendly commercial activities and services can prevail without comprehensive personal data protection legislation.
Data protection laws are in place in many countries and are effectively making a difference. Among international organisations, data protection has become more or less a mandatory part of their practices. But Pakistan still does not have a law that even acknowledges personal data protection as a mandatory rule of business.
In sum, lawmakers need to carry out legislation on this matter on an urgent basis. This will help save many from the various financial scams and ensure personal freedom.
Published in The Express Tribune, September 15th, 2021.
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ