Data Protection Bill to Parliament soon to safeguard personal data
Sri Lanka is set to ensure the protection of personal data aiming to regulate the processing of such information by presenting the Data Protection Bill in parliament soon (probably next month), Information Communication Technology Agency (ICTA) sources said.
With the accelerated digitalisation in public and private sector institutions in the country which depend on personal data for their business and financial objectives, the protection of information and privacy has become an important task.
Presently, Sri Lanka does not have any consolidated and/or specific laws on data protection; a senior official of the Technology Ministry told the Business Times adding that the new bill will provide provisions to the proposed Data Protection Authority to issue directives on entities which do not adhere to the proposed law.
Administrative penalties are imposed only on those who do not comply with the said directives, he added.
The draft Bill provides measures to protect the personal data of individuals held by banks, telecom operators, hospitals, and other personal data aggregating and processing entities.
In the present context of contact tracing solutions for effective management of COVID-19 by health authorities and the planned digital identity initiative, the draft bill is of paramount importance and strengthens the governance and administration of personal data, ICTA sources revealed.
The first version of the draft bill, published in June 2019, was subject to seven rounds of stakeholder consultations and the revised version received policy level approval from the Cabinet of Ministers in January 2020.
Thereafter, further stakeholder consultations were conducted by the Bar Association and the Ceylon Chamber of Commerce.
In addition, the Ministry of Justice, Attorney General, the Central Bank and Telecommunications Regulatory Commission (TRC) provided observations on the draft bill during 2020 and further revisions were made to the Bill.
Meanwhile measures will be taken to draft the Defence Cyber Commands Act and a bill for imposing cyber protection laws with the approval of the cabinet, the Department of Government Information said.
With the development of electronic communication, terrorist groups and criminals are in the practice of using cyberspace and electronic communication for terrorist activities, organised crimes and anti-social activities.
Electronic communication across cyberspace has been considered as an important factor which directly affects national security.
The government’s intention was to create a regulatory framework for implementing national information apart from those applicable to national defence and cyber protection strategy, formulation of provisions to establish the Sri Lanka Cyber Protection Agency, ICTA sources said.
The aim is to take necessary action with other cooperating agencies for the introduction of legal provisions required for protecting infrastructure facilities related to essential information, prevention of cyber security risk as well as creating a formal cyber-protected environment.