Covid-19 Pandemic: creation of a virtual vortex

Author: Mahnoor Ather

COVID-19 or the coronavirus has become a global pandemic over a short span of time. It is a submicroscopic organism that has affected over 1.2 million lives globally to date, and still continues to grow exponentially. Not only has this organism affected health and wellbeing of citizens worldwide, it seems like the beginning of a new world order: a virtual, real time world or even the creation of a virtual vortex.

With the imposition of lockdowns and curfews in order to ensure social distancing and curb the spread of the virus, corporations globally have resorted to work from home (WFH) in order to mitigate the economic effect of such robust actions. Though WFH seems to be an efficient solution, it comes with its own banes and boons. As employees worldwide enjoy the luxury of working from a comparatively relaxed home environment, corporations, on the other hand, are dealing with communication barriers, streamlining compliance mechanisms and most importantly, evading data security risks.

Mostly, corporations install secured networks at workplaces to mitigate the risk of “phishing” which can potentially lure users to open fake websites with the sole purpose of illegally accessing and stealing personal or corporate data. The WFH culture may rely on the exchange of data over unsecured/unencrypted networks with corporations having no control on the scrutiny of the same. For any corporation involved in the type of business that makes its data its foremost asset, any data breach can ultimately lead to a significant loss of intellectual property, thus creating a crisis on its own-a virtual crisis.

Keeping aside corporations, we also see a rise of virtual gaming and use of video chat applications among individuals that require users to first accept terms of use before proceeding to the application. It is common among users to quickly accept the said terms without reading the same and rapidly initiating their game or chat. What most of them do not realise is that terms of use may include extreme collection of personal data and login information including any account details entered, collection of IP address(es), location information, etc. With the increasing induction into the digital world, airtight data privacy laws is the need of the hour.

Currently, the only statute enforced in Pakistan in relation to data privacy is the Prevention of Electronic Crimes Act, 2016 (PECA). (Parliament is yet to pass the Personal Data Protection Bill, 2018). PECA attempts to provide legal recourse for unauthorised access to data or information systems. However, the provisions of PECA fall short in relation to processing of personal data and necessitating standardised rules for securing confidential data. More importantly, it is pertinent to note that PECA, to an extended degree, allows discretionary powers to the investigating agency, in this case, the National Response Centre for Cyber Crime, to collect data if it reasonably believes the same to be required for investigation. Furthermore, for the same purpose, it also grants authority to service providers (telecommunication authorities) to collect real time information, without taking prior consent from users.

Taking cue from the prevailing situation that has given rise to excessive use of online systems, data privacy legislation requires ample development

Taking cue from the prevailing situation that has given rise to excessive use of online systems, data privacy legislation requires ample development. In this context, a good reference point can be taken from the General Data Protection Regulations (GDPR), enforced in the EU in May 2018. On an individual level, the GDPR, inter alia, grants users the right to access and request for their personal data collected by companies. Additionally, the users also have the right to request their personal data to be deleted if they are no longer customers of a company. To the contrary, PECA imposes an obligation on service providers to retain traffic data for a period of one year or such extended period as notified by the Authority; the same data must also be provided to the investigation agency upon any warrant from a court.

With respect to corporations, the GDPR standardises the norms and lays down a framework to minimise security breaches, promotes pseudonymisation for ensuring complete encryption of data, and imposes penalties if the same is not complied with. It also obligates companies to inform users and the authorities within 72 hours of a breach to ensure quick action. This way companies may mitigate the risk of heavy penalties and damages (resulting from lawsuit) for loss of confidential and personal data. In Pakistan, the requirement for implementation of security policies is only limited to digital banking under the Payment Systems & Electronic Funds Transfer Act, 2007, enforced by the State Bank of Pakistan. It is important that the obligation to implement such data security policies be applied to all organizations countrywide.

The outbreak of the virus and the consequent rise of virtuality have played a significant role in helping us realise the importance of cyber laws. With the Ministry of IT & Telecom already striving towards creation of a digital Pakistan, it is important that cybersecurity be given utmost importance. From what it seems, once the pandemic is over, the world as we see it now, may then only be seen through a digital lens.

The writer is a LUMS Law graduate and is currently working as Assistant Company Secretary for an IT Company. She can be reached at athermahnoor@gmail.com

Share
Leave a Comment

Recent Posts

  • Cartoons

TODAY’S CARTOON

9 hours ago
  • Editorial

Remembering BB

Our calendar may be littered with difficult commemorations. Still, every December 27th, we are forced…

9 hours ago
  • Editorial

MDCAT Delays

Patience seems to be wearing thin as the chaos surrounding the Medical and Dental College…

9 hours ago
  • Op-Ed

Benazir – A Matchless Leader

We lost you 17 years ago on 27 December to terrorists and suicide bombers which…

9 hours ago
  • Op-Ed

A Nation in Crisis

In his book Animal Farm, George Orwell said, "All animals are equal, but some animals…

9 hours ago
  • Op-Ed

AMAN-25: Indispensable Exercise

“Warfare being under perpetual transformation from unmanned systems to AI-powered combat to grey-hybrid conflict and…

9 hours ago