We are in the era of information technology. The entire world is centered around information technology. Even in a least developed country like Nepal, the rapid expansion of technology is evident. Along with the expansion of the internet, every piece of information about individuals is stored in one form or another. This raises concerns among people about the risk of their personal information being compromised. However, the general public may not be aware of the importance of privacy and personal data protection, as well as the potential risks associated with data breaches or misuse.
Contemplating on this issue, question arises whether the Nepal government itself is also jeopardizing the privacy of its citizens. If the government is indeed compromising citizens’ privacy, it raises the question of what kind of risks are involved.
How our personal data is being kept public by government of Nepal?
The Constitution of Nepal, in its Personal Privacy-related Act of 2075 (2018), specifically addresses the security of personal information. Section 2, Sub-section G, states that ‘personal information’ refers to the details of an individual’s private information, such as their citizenship certificate, national identity card number, driving license, voter identity card, or details issued by a public authority.
Additionally, in Section 9, Sub-section 1 of the Act, it is mentioned that ‘every individual has the right to protect the privacy of any personal information, writing, correspondence, data, or character-related matters maintained in electronic media.’ However, the question remains whether this right to privacy is effectively implemented in practice.
It is perplexing to find out how the Department of Transportation Management ensures citizens’ privacy when looking at their Facebook page. When they (Department of Transportation Management) publish the results of the driving license examination, sensitive data such as citizenship numbers can be seen publicly. This indicates a blatant violation of privacy provisions mentioned in the Personal Privacy-related Act.
By making a Facebook post, not only does the Department of Transportation Management make the highly sensitive data of citizens public, but it also facilitates potential misuse by cyber attackers. We have presented a demonstration on this subject by trying to access the personal information, such as birth date and other personal details, from the website where the citizenship number was posted.
After obtaining citizenship through the site, we visited the website of the Election Commission. We converted the text into Nepali font and stored citizenship number.
By doing this, anyone who accesses voter card can obtain information such as the serial number and birth date.
If such sensitive information falls into the wrong hands, there is a risk of misuse. Therefore, it is crucial for the relevant authorities to understand these issues. Moreover, the responsible management of personal information and sensitive data is highly essential.
Given the government’s attention to such matters, it is possible to prevent potential misuse and protect citizens from identity theft. It is equally important for the general public to be cautious and aware of their own personal information.
How to secure personal information and sensitive data?
1) Implement SMS alerts: If the results of the driving license examination or other personal data like sensitive information are publicly displayed on the mobile devices of applicants through SMS alerts, it would enhance security. By doing so, individuals can view their results without the risk of their information falling into unauthorized hands.
2) Don’t post citizenship numbers: When these applications or results are published, experts suggest not making citizenship numbers public. Additionally, countries prioritize cyber security and individual privacy by keeping citizenship numbers highly confidential.
Any individual’s citizenship number is highly sensitive. That’s why the responsible party must use it in a confidential manner. Even removing such sensitive data from public platforms can significantly reduce the risk of identity theft or misuse.
By adopting these measures, we can further secure personal information and protect citizens from potential privacy breaches or abuse. Organizations must give utmost importance to the security and privacy of their customers or service recipients’ data. By ensuring their privacy is safeguarded, both government and non-government entities can win the trust of consumers and service users.