Editorial

Data leakage: Will govt wake up and take action against negligence?

Editorial
Prothom Alo illustration

Is there a single country in the world where sensitive personal data of citizens are so accessible? Yet this happened in a country dubbed as ‘Digital Bangladesh’ and the government of the country claims it will soon become ‘Smart Bangladesh’.

According to Prothom Alo reports, the information of smart cards has been ‘leaked’ in the virtual world and can be availed in a Telegram channel. Anyone could easily access the personal information by submitting NID number and birth date on the Telegram channel. Earlier in July, classified information of millions of Bangladeshi citizens was leaked from the office of the Registrar General of Birth and Death Registration. An official of Election Commission (EC) on condition of anonymity told Prothom Alo that many government offices launched their own portals after receiving personal data from the EC. The safety standards of those portals are not up to the mark. The data leakage might occur from those portals. Such incidents happened in the past too.

Such an irony!  It indicates the authorities that are supposed to ensure safety of data are playing a role of drowsy night guard. We are claiming that we’ve made a digital Bangladesh and marching towards becoming a smart Bangladesh but reality is different. The people of Bangladesh are not yet conscious enough of the negative impact of leakage of personal data. That’s why the authorities do not also care much about it. ‘Identity theft’ is the most dangerous aspect of data leak and it can hamper an individual’s financial transaction. From being exposed to the risk of withdrawal of money from bank account using the personal data to forgery in selling of properties-- an individual might get embroiled in all sorts of trouble by such personal data leakage.

There are no instances of holding anyone accountable for data leak. We had seen various initiatives by BGD e-GOV CIRT (Bangladesh Government’s e-Government Computer Incident Response Team) after the incident of data leak from the office of the Registrar General of Birth and Death Registration. We also heard the local government minister and state minister for information and technology ministry making different remarks on the incident initially. But they became silent later. As per the national identity registration act, the EC is supposed to ensure safeguard of personal data.

As per the law, a person or organisation can apply to the EC for data of any individual by following specific methods and conditions. The EC is supposed to provide the data. The information available so far hints that it is not being assessed whether the organisations that EC is providing data to are competent enough to safeguard that data. The countries that want to safeguard personal data of citizens have independent bodies that ensure justice in incidents of data leakage. But the digital security agencies in our country are replete with government staff. Who will then ensure justice against whom here?

A foreign citizen revealed the information of birth and death registration data leaks to a foreign media. He did so after failing to get a reply to multiple emails he had sent to BGD CIRT. As the issue reached the international stage at that time, we at least heard some discussion on it in the country. But this time we hear no discussion about it. Does the government have any headache at all over our leaked data?