What is digital identity and why do we need to protect it, in Pakistan of all the places? With globalization and outsourcing on the rise privacy and Identity theft is fast
becoming a global problem. Here are a few reasons for concern regarding
privacy and data protection in Pakistan: rise in banking and consumer
credit industry, surging number of telecom subscribers, outsourced
data processing and grwoth of E-commerce transactions. I’ll provide
some background, discuss the existing rules and provide recommendations
for business organizations.

The…

" />
You are here: Home » General »

Privacy and Identity Protection in Pakistan

March 15, 2007 10:15 am 0 comments

Share this Article

Author:

This post was originally published by Babar Bhatti in the TelecomPK blog, and it is being cross-posted here.

—-

What is digital identity and why do we need to protect it, in Pakistan of all the places? With globalization and outsourcing on the rise privacy and Identity theft is fast
becoming a global problem. Here are a few reasons for concern regarding
privacy and data protection in Pakistan: rise in banking and consumer
credit industry, surging number of telecom subscribers, outsourced
data processing and grwoth of E-commerce transactions. I’ll provide
some background, discuss the existing rules and provide recommendations
for business organizations.

The question is: do we have adequate identity and privacy protection
in Pakistan? Are banks and telecom companies doing enough to keep your
personal information safe? As one example, I was sent phone bills of
someone else via e-mail and even after reporting the issue there was no
followup. Probably similar incidents have happened with others in
Pakistan as well, though statistics are not readily available.

My prediction is that gradually Asian societies (Pakistan, China, India etc) will become more sensitive to data protection and privacy issues. Now is a good time to demand good security practices to safeguard our data.

As a related item I’ll mention theITU Internet Report entitled “digital.life” (in pdf), which was prepared for ITU TELECOM World 2006 . The report examines how innovation in digital technology is radically changing individual and societal lifestyles.

Chapter four, identity.digital,
explores the changing nature of the digital individual and the need for
greater emphasis on the creation and management of digital identity.
Individuals today spend more and more time using digital means to
communicate and transact, be that sending and receiving e-mail, talking
on a mobile phone, participating in a social networking site, buying
music, booking vacations over the internet, or playing an online
game. The complexity of the interaction between technology, personal
consumption and the construction of identity in the virtual space is a
growing area of research. Users of digital technologies have a wide
scope for constructing their virtual identity.

What are the laws for data and privacy protection in Pakistan? I found a final draft of the Electronic Data Protection Act 2005 at Pakistan Software Export Board [PSEB] website.
It is a relatively short and simple document which provides very
basic rules over data collection, processing and handling. The
Act tries to solve two problems: a) provide guidelines for outsourced
data processing and b) data collection regulation in Pakistan. To give
you a flavour of this Act here are 2 definitions from it:

“Sensitive Data” means data revealing
racial or ethnic origin, religious, philosophical or other beliefs,
political opinions, membership in political parties, trade unions,
organizations and associations with a religious, philosophical,
political or trade-union, or provide information as to the health or
sexual life of an individual and financial, or proprietary confidential
corporate data.

Electronic data security. Electronic data that is
subject to data processing shall be kept under custody, controlled or
processed in such a way as to minimize the risks of its destruction or
loss, even accidental, unauthorized access, unlawful processing or
processing for purposes other than those for which the electronic data
were collected, by means of appropriate precautionary security measures.

I would like to hear more from those who are involved in data
processing in Pakistan and get some stats about security breaches and
their resolution. A few years ago there was some uproar in the US about
a data processing company in Pakistan but that issue was settled.
Perhaps that incident also contributed to the implementation of
Electronic Data Protection Act 2005.

What is the situation in the developed (or G7) world? European
Union has stricter standards than US, where laws vary from state to
state. The privacy legislation in California is worth mentioning here.
State of California is considered by many to be the most strict
regarding privacy and identity issues. California has setup a privacy office for this purpose and you can find the legislature details here .

Based on California’s laws Forrester Research recommends the
following practices for Business organizations – these recommendations
can be applied to any organization:

Pick a framework. The establishment of reasonable
security is best built on a foundation that is recognized and accepted.
ISO17799 is currently the leading and most accepted framework to build
an information security program around. The framework provides a
standard architecture to document controls and make sure that
everything is covered.

Identify and classify information. The focus of
reasonable security is around personal California resident data.
Security is first established by classifying this data — define it,
assign information owners, establish controls —and identifying where in
the organization this information resides. Personal data may be
classified into subcategories such as employee data and customer/client
data.

Determine business partners that touch your data.
Identify which business partner relationships touch and store personal
data; this is a critical element that is directly addressed in the
legislation. Your organization’s liability does not stop with
organizational boundaries — you are required to see adequate security
is established in third-party relationships.

Document controls. Utilizing the framework as a
structure, the next step is to document the detailed controls in place
to line up with the framework. This gets into the depth of defining
your policy, operational, contractual, and technical controls in place
to protect personal information.

Validate controls. Establishing reasonable security
does not stop with documenting controls. In fact, documenting controls
that you do not have in place may only open the doors of liability
wider. It is necessary to demonstrate that controls are implemented and
working as defined in your security control architecture.

A few words about outsourcing and data security. As more firms enter
into outsourcing agreements, liability coverage especially for data
security and protection becomes more critical. While outsourcers are
unlikely to accept unlimited liability, customer organizations can
insert limits of liability into their contracts and receive cost
reimbursement for any incidents that the outsourcer is responsible for,
if they are willing to aggressively negotiate. However, customers must
be aware of the real consequences and costs associated with enforcing
these clauses or they may find that these clauses have very little real
impact. Customers need to protect themselves in outsourcing agreements,
but they must balance those needs with realistic expectations from
their vendor.

Share :
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • email
  • Twitter

Facebook comments:

Leave a Reply


CAPTCHA Image
*

Recent Posts

  • General Qurtaba takes their Urdu App to Kindle

    Qurtaba takes their Urdu App to Kindle

    Team at Qurtaba have added another front to their impressive Urdu language based apps, they have launched their Alif Bay Pay app for Amazon Kindle, as well. Earlier it was released on iTunes.

    I love what Qurtaba are doing in a niche area of Urdu Language. Although their start was from Nan-Map for which they now have an iPhone App.There love for Urdu language related apps has been flourishing in recent months. Most of their apps are doing very well on app store, some impressive numbers for their popular Urdu apps are as follows.

    Urdu Writer: 10K downloads in 3 months – average 200 downloads…

    Read more →
  • Featured Startup General Food Connection Pakistan

    Food Connection Pakistan

    I happened to be in Quetta on a business trip last month with no idea of where to dine alone. Being a typical Lahoriite, a die-hard food lover, it matters to me that I try the best food of the place I visit. So this is where FCPakistan came to my rescue. I simply logged in, typed in my desired specifications and got atleast 5 suggestions.

    The listing included their opening times, specific facilities like ease for physically disabled customers, credit card acceptance, smoking areas, take away facility, whether valet parking was available or not, and even directions to get there! What more could you want.

    Although that was the…

    Read more →
  • Featured Startup General FourQuants.com Jawwad Farid’s new venture

    FourQuants.com Jawwad Farid’s new venture

    If you have any thing to do with entrepreneurship, its impossible you have not come across Jawwad Farid either in person or in virtual world of his blogs and judging different events realting to startups in Pakistan.  He is also the author of Reboot which we reviewed a while back.

    Jawwad has been writing on Finance, Risk and Treasury for some time now on learning corporate finance.

    I guess that has lead to  FourQuants.com. FourQuants helps people understand concepts related to finance. Following topics are mentioned in about us section of the website

    • Risk management
    • Derivatives products
    • Option pricing models
    • Basel and capital adequacy regulation
    • Financial modeling
    • Treasury

    Read more →
  • Coffee Session General Marketing/Adv OLX Pakistan Investing heavily in advertisement

    OLX Pakistan Investing heavily in advertisement

    OLX is a global online retailer and auction site. They have an impressive footprint in a little less than 100 countries, each with their own specific domain (like .pk for Pakistan and .in for India).

    In Pakistan they have been operating under olx.com.pk for some time with people using it to sell things online.

    Recently they have started advertising heavily on Television, a medium seldom used by online businesses previously. The ads (two of which have appeared ) are witty and fun to watch.

    The most important factor of these adds is that they are being advertised on media which previously none of our online businesses have used.

    Most of…

    Read more →
  • General TiE, All Asia Business Plan Competition

    TiE, All Asia Business Plan Competition

    Round 1 of TiE is about to reach its completion on 22nd of Jan, 2012 at Marriott, Islamabad in which ten teams will participate. Four teams will be shortlisted for the level 2. I also had the opportunity to participate in TiE All Asia Business Plan Competition 2012 along with my team members in the first few stages of level 1. Although we didn’t have the chance to go beyond stage1 but just participating helped us understand our own idea better and to polish our proposed technique along with development of a solid business plan. TiE all Asia Business Plan Competition provides a platform for generation and development of new…

    Read more →
  • Announcements General Mobile Apps Software & I.T. TenPearls Launches Multi-Platform Mobile Apps for Dawn Media Group

    TenPearls Launches Multi-Platform Mobile Apps for Dawn Media Group

    TenPearls has announced the successful delivery of mobile apps for Dawn.com on multiple platforms,   including Apple iOS (iPad and iPhone), Android and Symbian (Nokia). The mobile apps have received great feedback from the users from around the world. It may be worth mentioning here that DAWN.COM is the #1 English News website from Pakistan averaging over 16 million page views a month, and 3.1 million unique visitors from around the world.

    More details can be accessed at mobile apps for Dawn Media Group by TenPearls.

    Read more →
  • General Second Pakistan Blog Awards by CIO Faces severe criticism

    Second Pakistan Blog Awards by CIO Faces severe criticism

    CIO Pakistan started blog awards last year. Its is a good sign when some one takes initiative and starts some thing new. However its also difficult to introduce this into an already budding field of new media in Pakistan. Last years (or two years back now since its 2012)  Awards were initiated so as it is expected it faced initial growing up pains. It always takes time for such thing to wins the trust of the community. And bloggers are one of the most hard people to win over, most of these are rebels in their own rights people who have started blogging to show the world their opinion…

    Read more →
  • Featured Startup General Do We Vote : A great statistical tool by PakReport.org

    Do We Vote : A great statistical tool by PakReport.org

    Pakreport.org a tool which was instrumental in gathering statistics during the massive flooding in Pakistan, has created another study/stats gathering tool for our electoral activities. Interestingly its called do we vote

    With political scene in Pakistan heating up it provides very valuable information to party supporters and their leaders.  A quick look at it shows the all known facts that people in rural areas take their voting more seriously than all of us supposedly educated and enlightened urban population.

    Pakreport.org was an initiative launched by Faisal Chohan of BrightSpyre during the floods, the effort enabled people on the ground to send sms (the most spread out communication medium in country)…

    Read more →
  • Featured Startup General Stay for the work not the perks

    Stay for the work not the perks

    This is a revelation that came to me when I recently quit my comfy corporate job for the second time. If you are below 40 and some one asks you about how is your job going and your answer is not in tune of “I like my job because I love the work”. 

    You need to pause and asses your career, last time I answered this question my answer was “I like the job, because the benefits are good”, and that made me think (offcourse there were other factors as well). But if you are doing a job in which to satisfy your own self you have to look at…

    Read more →