IT ministry unveils draft data governance policy

The draft policy, placed on the ministry’s website for public comments until July 10, states that while it serves as the primary national framework for data governance, it does not cover personal data held outside the public sector, primary legislation, judicial proceedings, or matters falling within specific national security, defence, parliamentary or judicial domains. Responding to a query about the policy, Minister for IT and Telecommunication Shaza Fatima said data protection and usage regulations had become essential with the rapid growth of digitisation. She said the draft policy would remain open for public feedback until July 10 and would be notified after incorporating relevant suggestions. The policy declares that government data is not the property of the agency that holds it, adding that public bodies are custodians rather than proprietors of such data. It grants citizens the right to know who within the government has accessed their personal data, when it was accessed and for what purpose. “This right shall not be denied except on narrow grounds expressly provided by law, with reasons recorded,” the draft policy states. Under the proposed framework, public bodies processing personal data will be required to adopt Privacy-Enhancing Technologies appropriate to their purpose, in accordance with the Data Security Standards Instrument and the Privacy by Design and Impact Assessment Instrument. Citizens will also have the