What is digital identity and why do we need to protect it, in Pakistan of all the places? With globalization and outsourcing on the rise privacy and Identity theft is fast
becoming a global problem. Here are a few reasons for concern regarding
privacy and data protection in Pakistan: rise in banking and consumer
credit industry, surging number of telecom subscribers, outsourced
data processing and grwoth of E-commerce transactions. I’ll provide
some background, discuss the existing rules and provide recommendations
for business organizations.

The question is: do we have adequate identity …

" />

Privacy and Identity Protection in Pakistan

March 15, 2007 10:15 am 0 comments

Share this Article

Author:

This post was originally published by Babar Bhatti in the TelecomPK blog, and it is being cross-posted here.

—-

What is digital identity and why do we need to protect it, in Pakistan of all the places? With globalization and outsourcing on the rise privacy and Identity theft is fast
becoming a global problem. Here are a few reasons for concern regarding
privacy and data protection in Pakistan: rise in banking and consumer
credit industry, surging number of telecom subscribers, outsourced
data processing and grwoth of E-commerce transactions. I’ll provide
some background, discuss the existing rules and provide recommendations
for business organizations.

The question is: do we have adequate identity and privacy protection
in Pakistan? Are banks and telecom companies doing enough to keep your
personal information safe? As one example, I was sent phone bills of
someone else via e-mail and even after reporting the issue there was no
followup. Probably similar incidents have happened with others in
Pakistan as well, though statistics are not readily available.

My prediction is that gradually Asian societies (Pakistan, China, India etc) will become more sensitive to data protection and privacy issues. Now is a good time to demand good security practices to safeguard our data.

As a related item I’ll mention theITU Internet Report entitled “digital.life” (in pdf), which was prepared for ITU TELECOM World 2006 . The report examines how innovation in digital technology is radically changing individual and societal lifestyles.

Chapter four, identity.digital,
explores the changing nature of the digital individual and the need for
greater emphasis on the creation and management of digital identity.
Individuals today spend more and more time using digital means to
communicate and transact, be that sending and receiving e-mail, talking
on a mobile phone, participating in a social networking site, buying
music, booking vacations over the internet, or playing an online
game. The complexity of the interaction between technology, personal
consumption and the construction of identity in the virtual space is a
growing area of research. Users of digital technologies have a wide
scope for constructing their virtual identity.

What are the laws for data and privacy protection in Pakistan? I found a final draft of the Electronic Data Protection Act 2005 at Pakistan Software Export Board [PSEB] website.
It is a relatively short and simple document which provides very
basic rules over data collection, processing and handling. The
Act tries to solve two problems: a) provide guidelines for outsourced
data processing and b) data collection regulation in Pakistan. To give
you a flavour of this Act here are 2 definitions from it:

“Sensitive Data” means data revealing
racial or ethnic origin, religious, philosophical or other beliefs,
political opinions, membership in political parties, trade unions,
organizations and associations with a religious, philosophical,
political or trade-union, or provide information as to the health or
sexual life of an individual and financial, or proprietary confidential
corporate data.

Electronic data security. Electronic data that is
subject to data processing shall be kept under custody, controlled or
processed in such a way as to minimize the risks of its destruction or
loss, even accidental, unauthorized access, unlawful processing or
processing for purposes other than those for which the electronic data
were collected, by means of appropriate precautionary security measures.

I would like to hear more from those who are involved in data
processing in Pakistan and get some stats about security breaches and
their resolution. A few years ago there was some uproar in the US about
a data processing company in Pakistan but that issue was settled.
Perhaps that incident also contributed to the implementation of
Electronic Data Protection Act 2005.

What is the situation in the developed (or G7) world? European
Union has stricter standards than US, where laws vary from state to
state. The privacy legislation in California is worth mentioning here.
State of California is considered by many to be the most strict
regarding privacy and identity issues. California has setup a privacy office for this purpose and you can find the legislature details here .

Based on California’s laws Forrester Research recommends the
following practices for Business organizations – these recommendations
can be applied to any organization:

Pick a framework. The establishment of reasonable
security is best built on a foundation that is recognized and accepted.
ISO17799 is currently the leading and most accepted framework to build
an information security program around. The framework provides a
standard architecture to document controls and make sure that
everything is covered.

Identify and classify information. The focus of
reasonable security is around personal California resident data.
Security is first established by classifying this data — define it,
assign information owners, establish controls —and identifying where in
the organization this information resides. Personal data may be
classified into subcategories such as employee data and customer/client
data.

Determine business partners that touch your data.
Identify which business partner relationships touch and store personal
data; this is a critical element that is directly addressed in the
legislation. Your organization’s liability does not stop with
organizational boundaries — you are required to see adequate security
is established in third-party relationships.

Document controls. Utilizing the framework as a
structure, the next step is to document the detailed controls in place
to line up with the framework. This gets into the depth of defining
your policy, operational, contractual, and technical controls in place
to protect personal information.

Validate controls. Establishing reasonable security
does not stop with documenting controls. In fact, documenting controls
that you do not have in place may only open the doors of liability
wider. It is necessary to demonstrate that controls are implemented and
working as defined in your security control architecture.

A few words about outsourcing and data security. As more firms enter
into outsourcing agreements, liability coverage especially for data
security and protection becomes more critical. While outsourcers are
unlikely to accept unlimited liability, customer organizations can
insert limits of liability into their contracts and receive cost
reimbursement for any incidents that the outsourcer is responsible for,
if they are willing to aggressively negotiate. However, customers must
be aware of the real consequences and costs associated with enforcing
these clauses or they may find that these clauses have very little real
impact. Customers need to protect themselves in outsourcing agreements,
but they must balance those needs with realistic expectations from
their vendor.

Facebook comments:

Leave a Reply


*

Recent Posts

  • Events General Mobile Apps Container Run a continuation of politically motivated apps

    Container Run a continuation of politically motivated apps

    First we had Angry Imran which brought smiles and some short lived fun for us during the election campaign. Then came Gullu Butt following the incident of Model Town Lahore, which stayed on top of charts (Pakistan play store) for quite some while. Also Gullu Butt made an update with having the famous “Aam Khaiyga” quote form Aamir Liaqat in which a character resembling Aamir Liaqt throws mangoes and the Gullu Butt character tries to catch them. Gullu butt currently has more than 100,000 Installs

    And now during this extremely politically tense situation which had the whole nation on its toes on 14th August we have another app continuing the …

    Read more →
  • Announcements Featured Startup General Meritaleem.com aims to help student make better decision regarding their future.

    Meritaleem.com aims to help student make better decision regarding their future.

    MeriTaleem.com aims to solve an age old problem for our students, where to go next?

    If you have just completed your primary school which college to pick, if you have completed your college which university to pick. There has always been lack of information or rather consolidated information regarding these questions. The best source till now has always been relatives and friends (mostly of your parents). So some uncle did CA and made a good living you should talk to him and decide, or daughter of my sister completed her medical and is practicing follow that career.

    The fact that online presence of our existing universities are limited and not …

    Read more →
  • General Mobile Apps Eccentria Technologies launches an app which shoots to the top of the charts

    Eccentria Technologies launches an app which shoots to the top of the charts

    Whoa!! this was quick so Eccentia technologies launched an app a few days ago called “Ajj Kia Pakaen” or what to cook today and today it has reached the top of charts for Pakistani Stores on iTunes and google play store.

    “Ajj Kia Pakaen” is the most common question asked at every house hold in the morning. The ladies of the family have a hard time deciding what to cook for the day. The app has a fun interface and is simple to use, you fire it up, and it gives you an option of what to cook for the day, if you like the option you can check the …

    Read more →
  • Coffee Session General Marketing/Adv Rise of facebook marketing in Pakistan

    Rise of facebook marketing in Pakistan

     

    Until a few years back we used to have closed groups and forums, which gathered the like minded people and anyone targeting the online audience would tap into that forum and market his/her services. So PakGamers , PakPassion initially even PakWheels used to be driven by members talking about what they loved, people used to create marketing and sales opportunities from within those discussions (so you could get a good router cheap or a gaming PC etc).
    The advent of facebook changed all that, most of the forum goers moved to the new social media. It also made a very attractive market place for some one who does not …

    Read more →
  • General Getting back

    Getting back

    I  have been out of blogging for a long long long time, a lot of things happening on personal front (including a little startup I have ben doing my self). However during my absence I met a lot of people who had followed GreenWhite at its peak, read the articles regularly.

    I had hope there would be some one else who would come ahead and cover everything going on and around us in the local tech world. There are some guys doing a great job, but for some reason I still could not find one source where I can go and read about everything, so my routine usually is to …

    Read more →
  • General Mobile Apps Software & I.T. GeniTeam launches official app for Pakistan Idol

    GeniTeam launches official app for Pakistan Idol

    GeniITeam has successfully launched an official app for PakistanIdol. This is one of the first collaboration between a reality game show and a local app development company. I am sure a lot more would follow. Previously we have seen seenreport becoming the basis of mostly all channels citizen reporting system (Like Geo Dost). This is a healthy sign and with the advent of 3G round the corner it should become a business generator for our local firms.

    App allows you to follow the contestants that you like, promote them, comment on live feedback on an episode. It offers official content from the show since it is developed with partnership with …

    Read more →
  • General 10Pearls and National Geographic Release A Geography Challenge App

    10Pearls and National Geographic Release A Geography Challenge App

    10Pearls, one of the leading Pakistani IT companies, has recently added another feather to its cap. This time, in partnership with National Geographic, 10Pearls has released the new and improved GeoBee Challenge App – an interactive app to challenge and grow the geographic knowledge of the users.

    Each year thousands of schools in the United States participate in the National Geographic Bee using materials prepared by the National Geographic Society. The competition is designed to encourage geography in the classroom, ignite student interest in the world around them, and increase public awareness about geography. Schools with students in grades four through eight are eligible for this entertaining and challenging test …

    Read more →
  • General 10Pearls Spins Off Game Plan8

    10Pearls Spins Off Game Plan8

    It’s heartening to see that Pakistani IT companies have now started to diversify themselves into non traditional areas, and are competing with global players in areas such as gaming. We have received information that 10Pearls, one of the leading  mobile and enterprise web development services companies in Pakistan, has spun-off a separate entity focused solely on developing and publishing casual mobile games.  The new entity, Game Plan8, will focus on creating 2D and 3D games for the iOS, Google Android, Kindle, Facebook and other platforms. Details can be seen on the company’s official press release at http://www.prweb.com/releases/2013/12/prweb11428177.htm

     …

    Read more →
  • General Telecom CCP Gives Guidelines Against Telecom Companies’ Deceptive Marketing

    CCP Gives Guidelines Against Telecom Companies’ Deceptive Marketing

    If only were there two things when it comes to the law, firstly the fear of breaking it and by passing the legal authority, and secondly, implementation of the law given full dedication, there would have been less competency and dishonesty in business and society. However, keeping good faith, the Competition Commission of Pakistan (CCP) has put forward “Deceptive Marketing Guidelines” which will maintain the Section 10 of the Competition Act, 2010. In order to enforce this part of the law and stop anti-competitive conduct on part of the telecom companies in advertising, the guidelines have been shared with Pakistan Telecommunication Authority (PTA) and other concerned telecommunication sector members, in …

    Read more →