KARACHI:“In Pakistan we are facing an extremely serious situation where some organizations are illegally using and forwarding the personal data of their clients to other foreigner organizations. We are empowering these organizations by using and buying products from them. We have no idea how powerful we are, collectively we can do wonders. We can easily control data theft and usage of our data without our permission. We only need to stop buying products from that specific market. We need to avoid downloading such apps where details of personal data are required”, said Rajiv Pardhan, Lead Data Analyst at Love for Data (LFD), and Aerospace Engineer from Queen Mary University of London.
He was addressing the audience at the symposium titled “Personal Data Protection and Big Data Analytics: Too Little, Too Late” organized by Centre for Law and Technology, Faculty of Law, Ziauddin University to raise awareness about the legislation prepared by Centre for Law and Technology, Faculty of Law here on Friday.
While talking about the fundamental idea of personal data protection Aly Hassam Ul Haq, Director, Centre for Law and Technology, Faculty of Law, Ziauddin University explained “it is to ensure that individuals have control over the collection and use of their personal and sensitive data. It is, therefore, imperative to grant effective knowledge and control to the data subject since [digital] data collection is prevalent in virtually every e-service or platform. As a result, user data has become more vulnerable than ever. To overcome exposure issues created by breaches of personal data, various jurisdictions have implemented laws which provide for the rules with which personal data is to be collected, processed and disseminated.”
“Government of Pakistan has taken the initiative to protect the privacy and personal data of every citizen through the [prospective] promulgation of the Personal Data Protection Bill, 2020. This is no doubt a pertinent step towards a better and digitally-secure future for Pakistan”, he carried out.
Aly Hassam Ul Haq, Director, the Centre for Law and Technology has conducted a thorough assessment of the Personal Data Protection Bill (‘Bill’) for the purposes of consultation as requested by the Ministry of Information Technology and Telecommunication (‘Ministry’). He has drafted a detailed consultation on the Bill for the Ministry of Information Technology and Telecommunications along with recommending amendments to find balance.
Talking about the data breaches in Pakistan Alishba Fazal, Research Associate, Faculty of Law, Ziauddin University, discussed the cases of data breach in a well-known transport app leaked data of 14 million users. Once Dubai based information security company claimed the private data of 115 million Pakistani mobile users were up for sale on the dark web with a price tag of $2.1 million. The Netwalker gang had demanded a $3.5 million ransom from a leading electricity distribution company, an amount which was increased to $7 million after a week.
“Pakistan currently has Data Protection Bill 2020, which focuses on every aspect of how personal data may be protected in Pakistan. Some clauses are still missing, Pakistan needs more transparency in the upcoming law”, she further said.
On the topic of best practices to ensure digital privacy Areeba Iqbal, Research Associate Faculty of Law, Ziauddin University said that you should be very careful where you click! Hackers compromise your online privacy through phishing attempts e.g. sending fake emails. Make sure to use a passcode to lock your phone, use caution when downloading apps, protect your online privacy, ignore the “About Me” fields in your social media profiles (since these are public), create strong passwords, protect your web browsing, and set up Two-Factor Authentication.
“Do not accept app permissions without reading them, do not allow app permissions which are non-essential to that app’s function (eg. call log/contacts permission for a photo editing app), keep location turned off in your phone when not in use, use browser extensions such as Ghostery, AdBlock and CookieBlock, use “registered” VPNs to secure digital transmission of data to avoid hacking (registration of VPN software you use is a PTA requirement since unregistered VPNs are now illegal)”, she further added.