Interview with Ceylon Today Newspaper on Data Privacy and Cybersecurity
The Data Protection Bill in Sri Lanka, modeled after the EU's GDPR, aims to address data privacy concerns by introducing "privacy by design" and granting new rights to data subjects. It applies to international businesses, including tech giants like Meta and Google. The bill also introduces data residency and sovereignty concepts. While it's expected to enhance data protection, implementing data residency requirements for complex IT systems may pose challenges. Overall, the bill is a positive step for Sri Lanka, attracting tech investments and improving data protection in the digital age.
Cybersecurity is a growing concern in today's technology-driven world. While technologies like Artificial Intelligence, Blockchain, and Quantum Computing have enabled automation and convenience, they have also given rise to cybercrimes such as DDoS attacks, phishing, and ransomware. These attacks are increasingly automated using advanced technologies.
Cybersecurity is a dynamic field, with new threats constantly emerging. There is a global shortage of cybersecurity professionals, and there's a need for greater awareness and training in this area. In an interview with Cyber Security Specialist Asela Waidyalankara, he emphasized the importance of addressing cyber threats and suggested two legislative measures: the Cyber Security Act and the Data Privacy Act, to manage incidents and protect data online.
The security of smart devices, especially smartphones, is crucial due to their extensive use for various activities, including storing personal data. Attackers can extract data from these devices, making privacy and data protection paramount.
Regarding Huawei's ecosystem, Waidyalankara expressed confidence in its security measures. Huawei's HMS (Huawei Mobile Services) ecosystem has numerous compliance certifications, including GDPR, GAPP, Trust E, PCI, EMVCo, CSA STAR, ISO 27001, and secure development certifications. These certifications demonstrate Huawei's commitment to data protection and privacy. Huawei ID is highlighted as a protective feature within the ecosystem.
In summary, cybersecurity is a significant concern given the increasing prevalence of cybercrimes. Legislation and compliance certifications, as well as robust security measures in technology ecosystems like Huawei's HMS, play a crucial role in mitigating these threats.
Sri Lanka's President Gotabaya Rajapaksa has ordered the creation of a digital database of citizens, linking their bio-data to various activities such as income tax and voting. The project, overseen by the Information and Communication Technology Agency (ICTA) and a Presidential Task Force, is seen as a response to the COVID-19 pandemic and the need for a digital identity system. Sri Lanka already has a well-developed National Identity Card (NIC) system, and the new initiative aims to digitize and integrate different identity registers, improving public sector efficiency. However, concerns have been raised about the cybersecurity of such a system, with some officials downplaying cybersecurity worries.
Sri Lanka is prioritizing the implementation of a national biometrics-based digital identity project called the Unitary Digital Identity Framework (UDIF), similar to India's Aadhaar program. However, cybersecurity experts have expressed concerns over the lack of data protection laws and potential cybersecurity risks.
Key points:
Sri Lanka plans to adopt a digital identity framework similar to India's Aadhaar program, following a grant offer from India.
The Aadhaar framework, based on the India Stack, has the world's largest biometric database but has faced data breach incidents in the past.
Sri Lanka lacks data protection laws, raising concerns about data security in the implementation of the UDIF.
The absence of data regulations also poses challenges for data customization and localization.
Cyberattacks from anti-government entities, including hacktivists, are potential risks to the database.
Implementation of the framework is costly, and Sri Lanka faces challenges in reconciling fragmented citizen data and digitizing historical records.
In summary, Sri Lanka's adoption of a digital identity framework similar to Aadhaar presents cybersecurity and data protection challenges, particularly in the absence of robust data regulations and potential cybersecurity threats.
The e-Grama Niladhari project was initiated in Sri Lanka in response to the COVID-19 pandemic, promoting the use of online information and services to increase efficiency in government agencies. The Immigration and Emigration Department and the Department of Registration of Persons continue to use digital workflows, which have streamlined services such as passport and National Identity Card issuance, saving citizens time.
The digitization effort extends to the Household Registry maintained by Grama Niladhari officials, with data collection beginning in 2023. The project aims to improve service efficiency and reduce the laborious task of form-filling for various certificates and letters obtained from Grama Niladhari offices.
However, some concerns have been raised on social media about the extensive information required for the e-Grama Niladhari project and the security of data collected through printed forms. Citizens worry about data leaks, fraud, and identity theft.
The e-Grama Niladhari project is aimed at providing technological tools to Grama Niladharis, who are government officials citizens frequently interact with. The project requires Grama Niladharis to collect detailed data from residents in their administrative divisions to confirm residency.
To address data protection concerns, Sri Lanka has enacted the Personal Data Protection Act No.9 of 2022, which allows the public to hold authorities accountable for the personal data gathered. Despite these concerns, there is legislative support in case of data breaches.
Cybersecurity experts suggest more efficient data collection methods, such as providing a data entry platform for Grama Niladhari officials and allowing residents to update their records. They also stress the importance of public awareness and reassurance about the security and authorized access to collected data.
The data collection includes information about homeowners, residents, and household infrastructure, enabling efficient service provisions and certificate issuances through the e-Grama Niladhari portal. Information about the project is available on the 'eGramaNiladhari' YouTube channel.