The video doing the rounds for NADRA’s new data protection initiative might certainly be comical, but there is no doubt that the authority has taken a positive step in the right direction in this latest move. The national registration authority’s move to protect user data and privacy is certainly commendable in a state which often treats the issue of data privacy lightly.
There are of course still holes in this strategy. NADRA will now reroute all requests for user data back to the person who holds that ID card via their number. But this does nothing to counter the excessive submission of ID cards and personal data to a large number of private and public companies and individuals. Processes such as getting an internet connection to require repeated submission of ID card copies to people that have little to no care about the sensitivity of the data they are handling are big gaps and require some action. These companies will continue with their policies and this is because the government has implemented Know-your-customer (KYC) rules very haphazardly due to the security issues plaguing us.
It is important for NADRA and other state institutions to recognise that these steps have little effect when they are worked upon in isolation. As the central body for citizen registration, the authority should also be involved by the state in impressing the importance of data privacy in other institutions. With so many reports of high-profile leaks and recordings, we know surveillance is just as big a problem as sensitive data security and this step only scratches the surface in the much larger job of making the state accountable to its citizens and respect their right to privacy and give it more importance across the board.