Saturday Dec 14, 2024
Wednesday, 19 May 2021 00:00 - - {{hitsCtrl.values.hits}}
Sri Lanka is seeking to promote itself as a financial hub for the high rollers of the region; it’s imperative that the data protection laws are in place as quickly as possible to make this a reality
As the face of crime is rapidly changing in the age of information technology, the Government needs to take quick steps to legislate its outdated laws pertaining to data protection, which have fallen behind regional economies.
From food delivery right up to your doorstep to transferring funds from your bank to paying utility bills, apps dominate our lives and the phenomenon is on the rise. These apps that we have willfully installed on our smart devices can extensively collect information about their users and use or sell such information to a third party without taking explicit permission.
Collected information is included but not limited to data from users’ clipboards, their GPS locations, and vital network related information such as IP, local IP, MAC addresses, Wi-Fi access point names, etc. Some of the apps were even found setting up local proxy servers on users’ devices to transcode media without permission.
Around the world, major corporations are being fined millions of dollars due to non-compliance with regional data protection laws, and Europe is leading the way to protect its citizens, particularly with their Global Data Protection Regulations (GDPR) introduced several years ago.
In this backdrop, the present murky waters of data protection since of late has become a buzz word in corporate Sri Lanka with the draft bill which was released in 2019, which will reinforce the existing legislation and protect Sri Lankans from being exploited by cyber criminals.
Globally cybercrime is a trillion-dollar business and has had exponential growth in the last two decades. Cybercrime as of now stands at $ 6 billion annually, nearly double from just over five years ago.
At present Sri Lanka’s archaic data protection law is enacted through the following legislations:
Before discussing the immense benefits of data protection, let’s try and understand briefly the key elements of a data protection law and why it is important to maintain a robust economy.
With explosion of smartphones and the cost of connectivity coming down, the whole world has transpired to bridging the great digital divide. Sri Lanka is no exception to this and has consistently stayed ahead of the curve in the South Asian region. With the increase in user-generated data and the exponential industrial value of data, it’s becoming vital that Government bodies take necessary steps to protect the data rights of their citizens.
Data protection regulations ensure the security of individuals’ personal data and regulate the collection, usage, transfer and disclosure of the said data. They also provide accountability measures for organisations processing personal data and the regulatory framework and the actions to be taken for unauthorised and harmful processing.
Data security vs. data privacy
The digital economy is, after all, global. The internet and digitisation of goods and services have transformed the world’s economy. The transfer of data, including personal data, across borders has become part of the daily operations of companies of all sizes, across all sectors, in all parts of the world.
In the digital economy Sri Lanka aspires to be, data is the currency, hence strong data protection rules are an essential precondition for the prosperity of such an economy. They are the foundations on which we can ensure the free flow of data across borders and the new bill when enacted will also lay the foundations upon which consumers will build their trust in the digital economy.
Having up-to-date laws on data protection is vital for the smooth functioning of corporates as well. Banks, insurance companies, finance companies, telecommunication companies etc. store vital information of their customers that if breached can be catastrophic.
The biggest data breach in history saw the information of over three billion Yahoo users hacked. The attackers, which the company believed were under the name “state-sponsored actors,” compromised the real names, email addresses, dates of birth and telephone numbers of 500 million users.
Data protection can be primarily categorised into two segments, which are: data security and data privacy. Although data security and data privacy may look similar, they are quite wide apart from each other. Data security deals with the protection of data from cybercriminals, while data privacy deals with how organisations or individuals legally gather, store, and use data.
The primary reasons why data protection is vital for businesses are: it helps reduce the number of data breaches that an organisation can suffer, prevents loss of revenue, protects customer privacy, helps maintain and improve brand value, supports an organisation’s code of ethics and gives a competitive advantage over other business.
Data privacy and financial services
Financial services companies, such as banks and non-bank financial institutions and their third party IT services providers, process a large amount of personal data. For example the customers onboarding process of a bank involves collecting a vast amount of personal data such as names, addresses, identity card numbers, contact details, and financial data relating to credit cards, loans etc. of individuals.
Banks are also moving away from ‘brick and mortar’ type of business and are increasingly adopting digital technology to render their services. The corona virus has further exacerbated this process. With these developments financial institutions are increasingly becoming susceptible to data breaches by cyber criminals due to the valuable data they store. Hence, it is vital to have a robust data privacy framework for banks, enabled by a comprehensive and up-to-date national law on data protection, which could ensure a safe banking environment for customers.
Also, for open banking to become a reality in Sri Lanka, where data sharing remains essential, robust data privacy and data protection laws remain key. Open banking would allow third party developers to create apps and services around financial services institutions, which could lead to customer convenience and greater financial transparency and innovation.
Way forward
Sri Lanka has drafted a new comprehensive Data Protection Bill, and the authorities should be looking at making it law as soon as possible. The global COVID-19 pandemic most likely would have been a primary reason for the delay. However, with the pandemic, citizens world over have become more reliant on the digital economy, which has seen an exponential growth in the last 15 months.
Hence, it’s imperative that the Government accelerates its stance and quickly gets the legislature through Parliament. A bill such as this will have the full support of the opposition legislators; hence it will be a quick win for the country at a time Sri Lanka is seeking to promote itself as a financial hub for the high rollers of the region. It’s imperative that the data protection laws are in place as quickly as possible to make this a reality.
(The writer is the CEO/General Manager of People’s Bank)