The recent incident involving the unauthorised access to the personal data of the family of Chief of Army Staff (COAS) Gen Asim Munir has brought to light the incompetence and inability of the National Database and Registration Authority (NADRA) in protecting citizens’ sensitive data. The incident has raised concerns about the security and privacy of personal data held by NADRA and the potential misuse of such data.
According to reports, NADRA has initiated criminal proceedings against its employees involved in the breach and has terminated the employment of six employees for illegally accessing COAS’ family records. The inquiry committee, led by the NADRA chairman, expanded the scope of the investigation and identified ten employees who had illegally accessed the records. Following cross-examination, 10 employees were found responsible and were terminated from service under the Government Servants (Efficiency & Discipline) Rules 1973.
A joint probe conducted by Nadra and a sensitive security agency in December last year discovered that Farooq Ahmed, a junior executive employee working on a project of the Benazir Income Support Programme, was the first person to have unlawfully accessed the data in question.
Chairman of The National Database and Registration Authority (NADRA) Tariq Malik said a comprehensive monitoring system was being developed to check any possible violation and as many as 131 had so far been dismissed in its light.
The incident raises serious questions about the effectiveness of NADRA’s data security protocols and the lack of accountability and oversight in ensuring the protection of citizens’ personal data. The fact that NADRA employees had unauthorised access to the personal data of an important office holder highlights the vulnerability of the authority’s database and the need for stronger security measures.
In response to the incident, NADRA has introduced additional security protocols to check on its own employees’ behaviour, including the ‘Ijazat Aap Ki’ service, which seeks citizens’ permission through an OTP (one-time password) if their personal data is accessed remotely. The authority has also implemented Artificial Intelligence-based log access reviews to send alerts of suspicious activities of employees. However, these measures may not be enough to ensure the security and privacy of citizens’ personal data.
The NADRA chairman’s message to employees highlights the importance of data security and privacy and the need for employees to discharge their duties with honesty and integrity. The chairman also emphasised that NADRA employees must not use the logins of any other colleague and that data entry operators must not access personal data of any citizen without authorisation. However, these principles seem to have been ignored by some employees, leading to the breach.
The incident has serious implications for the privacy and security of citizens’ personal data, as well as for the reputation of NADRA. The authority must take strong measures to ensure that such incidents do not happen again and that citizens’ personal data is protected at all times. This includes investing in stronger security measures, increasing oversight and accountability, and providing regular training and education to employees on data security and privacy.
In conclusion, the incident involving the unauthorised access to COAS’ family records has highlighted the incompetence and inability of NADRA in protecting citizens’ sensitive data. While the authority has taken some measures to address the issue, more needs to be done to ensure the security and privacy of citizens’ personal data. The incident serves as a wake-up call for NADRA to take data security and privacy seriously and to implement stronger measures to protect citizens’ personal data.
The views expressed in this article are the author’s own and do not necessarily reflect Coverpage’s editorial stance