Personal data – a big threat
In today’s world, personal information is the biggest asset for any person. It can be used to harm financially, physically and emotionally. The trade of protecting personal information is called data protection and privacy.
Data privacy is a rapidly evolving area of concern in today’s digital world. With the rise of the internet and the increasing amount of personal information that is shared online, protecting this information has become more important than ever.
Data privacy is a concern for individuals, businesses, and governments, as it affects the way personal information is collected, used, and shared. It is important to ensure that personal information is collected, used, and processed in a responsible, transparent and lawful manner, that individuals have control over their own personal data.
In the digital age, the definition of personal data and sensitive data has expanded to include things like name, date of birth, mother’s maiden name, national ID number, passport number, social security number, phone number, home address, office address, IP addresses, biometrics, bank account number, credit card number, PIN, medical/ health record, criminal record, religious and race information, location and other online identifiers, making it more difficult to determine what information is protected by these laws.
The data protection legislation was initially established as the Swedish Data Act of 1973, followed by the United States’ Privacy Act in 1974, Organisation for Economic Cooperation and Development’s (OECD) published guidelines on the Protection of Privacy and Trans border Flows in 1980, European Union’s (EU) Data Protection Directive in 1995 and General Data Protection Regulation (GDPR) in 2016.
Other countries including Canada, Singapore and Australia around the world have also developed their own data protection laws.
With the proliferation of digital economy, the amount of personal information that is collected, stored and processed by organisations has exploded, making it more important than ever to ensure that this information is protected from unauthorised access or disclosure.
At the same time, the rise of the internet and social media has made it easier for individuals to share personal information online, increasing the potential for this information to be accessed or misused by others.
One of the key challenges in protecting data privacy is the fact that the laws and regulations governing this area are constantly evolving. In the past, many of these laws were focused on protecting personal information from being accessed or disclosed without permission.
Additionally, the rise of big data and the increasing use of artificial intelligence have made it possible to collect and analyse vast amounts of personal information, further complicating the issue of data privacy.
Another major challenge in protecting data privacy is the fact that many individuals are not aware of their rights and responsibilities when it comes to their personal data.
However, there are several steps that can be implemented to protect personal data:
One, creating awareness among employees, customers, and stakeholders about the importance of personal data protection and the risks associated with data breaches.
Two, implementing security measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. This could include encryption, masking, access controls, firewalls, anti-virus software, and regular software updates.
Three, conducting risk assessment to identify vulnerabilities and threats to personal data and to evaluate the effectiveness of security measures in place.
Four, establishing policies and procedures for the collection, use, storage, and disposal of personal data. This should include guidelines for data retention, data sharing, and data disposal.
Five, providing training to employees and other stakeholders on data protection policies, procedures, and best practices.
Six, monitoring and auditing data protection policies and procedures to ensure that personal data is being handled in accordance with relevant laws and regulations.
Seven, responding to incident of data breaches or other incidents involving personal data.
Eight, regularly reviewing and updating policies and procedures in response to changing legal requirements, technological advances, or new risks and threats.
By implementing these steps, organisations can take a proactive approach to personal data protection and minimise the risk of data breaches and other security incidents.
Pakistan has taken steps towards data protection in recent years. In 2016, the country passed the Prevention of Electronic Crimes Act (PECA), which criminalises a range of cybercrimes, including unauthorised access to data and hacking.
The act also established the National Response Centre for Cyber Crimes (NR3C) to investigate and prosecute cybercrimes.
In 2018, the government of Pakistan introduced the Personal Data Protection Bill, which seeks to regulate the collection, processing, and storage of personal data. The bill is currently under review and has not yet been passed into law.
In addition to these legislative efforts, the government has also established the Pakistan Telecommunication Authority (PTA) to oversee and regulate the telecommunications industry, including issues related to data protection and privacy.
The PTA has issued guidelines and regulations on data retention, encryption, and other aspects of data protection.
However, there are still concerns about the effectiveness of these measures in practice. There are also concerns about the government’s ability to protect personal data from unauthorised access, particularly in the absence of a comprehensive data protection framework.
The future scope of personal data protection is expected to expand as technology continues to advance, and as concerns around privacy and data security grow.
Some possible directions for future developments in personal data protection may include: strengthening regulations, increasing transparency, greater accountability, advancements in technology and greater consumer awareness.
Overall, the future scope of personal data protection is likely to expand as technology and society continue to evolve.
As individuals and organisations become more aware of the importance of data privacy and security, we can expect to see more efforts to protect personal data and to ensure that it is used ethically and responsibly.
THE WRITER IS A SUBJECT MATTER EXPERT, TRAINER AND CURRENTLY WORKING AS A SENIOR CONSULTANT - DATA PRIVACY COMPLIANCE AT A LEADING COMMERCIAL BANK