There was a time when linking to a national identity card and a passport was the most popular and accessible means to have private data stored in one place. And as NADRA came into being, much of this, as well as data on child registration certificates or family registration certificates was computerized and added to a central storage.
According to Privacy International, any data which can be used to identify an individual directly or indirectly can be termed personal data. A more comprehensive definition is that provided by the European Union’s General Data Protection Regulation (GDPR), which came into effect in April 2016.
Personal data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online digital app like Chinese TikTok or Indian MX TAKATAK which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. As Pakistanis continue to use apps like these, the fear is that since governments often have strange level of control on apps running in their countries, they might try to use information gathered on the citizens of other countries for nefarious purposes.
As digital transformations take over government processes, almost each and every one of us has a digital footprint — whether we notice it or not. Take, for example, the information entered into your Android phone. These details include your name, telephone number, addresses, etc. In a way, we voluntarily hand over personal data with some degree of confidence that our details will not be used or abused.
But things do not always pan out that way.
A bigger moment of reckoning arrived recently when the FIA announced that the data of millions of customers from “almost all” banks operating in the country was stolen and allegedly dumped on the ‘dark web’ — a collection of websites that exist on an encrypted network and cannot be found by using traditional search engines or visited by using traditional browsers. It was the biggest data breach to hit the banking industry in the country. According to the FIA, an international company named Group-IB, which was working in Pakistan to prevent cyberattacks had discovered the payment details of 177,878 plastic cards from Pakistani and other international banks.
None of the companies or organizations that had data leaks had to face any repercussions or even tough questions about putting sensitive user data at risk. There remains a lot of obscurity about whether proper mechanisms are in place to prevent such incidents in the future and, for that matter, details about the nature of attacks and what is done to address them.