Muscat: A new draft law to protect the data of
every resident in Oman has been passed on to the Ministry of Legal
Affairs for approval, the Information Technology Authority has
revealed.
The proposed law is designed to protect private information and
regulate who has legal access to it, as well as lay out penalties
for those found abusing information in Oman.
ID card numbers, addresses and even location data will be better
protected under the planned new law, experts say.
Globally, there have been a number of data leaks which have
resulted in blackmail attempts and thefts from bank accounts.
Oman has remained largely unscathed by this – and tech
watchdogs want to ensure it remains that way.
The ITA has been framing the law for the last two years, a
spokeswoman revealed, and it has now been passed to Oman's
Ministry of Legal Affairs for approval before being submitted to
the Cabinet of Ministers.
"The world is witnessing a massive change and continuous
developments in the field of information and communication
technology, and the increasing use of high-speed computing systems
that can save and handle large amounts of data.
"This will definitely affect data protection regulation that
will have a large impact on the way data is collected and
managed," according to an ITA spokeswoman.
"According to the law, personal data, which has a special
emphasis in law, will refer to any identification number, location
data, service provided, online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that person," she added.
"In light of the directives of His Majesty to simplify
procedures and transactions, and the provision of government
services electronically, dealing with data — especially
personal data — has become necessary. Therefore, the need to
have a law regulating the issue of dealing with personal data and
providing higher protection," the official said.
"The ITA organised three sessions to discuss the law draft
with specialists and community. The first session was held at COMEX
2015 to get feedback of specialists in the law articles. Then the
second session was held at Salalah festival 2015. The third session
was held with SQU College of law academicians to get their
feedback.
"After these sessions that included community engagement and
inputs from various stakeholders, the ITA legal department took all
the comments and feedback to review and amend the law draft.
"Currently it's with the Ministry of Legal Affairs for
review and approval and then to be approved by the Cabinet of
Ministers," the official said.
Residents have welcomed the planned law.
"Data protection regulation is something that just has to be
there in a country. How else do the thousands of people registering
on websites know what's happening with their data. Moreover,
how do they take anyone to court if they don't even know if
their privacy is violated? This is excellent and we hope this is
passed as soon as possible by the ministry," Saad Khan, a
resident, said.
"We needed this law especially as we share so much online
whether it is on social media or any other platform. I'd love
to know that the government is protecting our privacy online,"
Omar Yaqub said.
Nasser Al Riyami, Associate at BSA Bin Shabeeb, Al Rashdi & Al
Barwani Advocates and Legal Consultants,said the proposed law will
strengthen privacy in internet usage.
"Not having an appropriate data protection law has serious
ramifications concerning any breach of data, as the legislature in
Oman falls short. The current articles provide the form of
punishment, however they do not establish procedures and safety
measures that must be taken by the administrator of such sites to
avoid the potential breach.
"This is precisely where the current Omani legal system falls
short and would hopefully be amended in the new and highly
anticipated Data Protection Law," he stated.
"Data protection is defined as personal data or any given
information, regardless of its nature, including images and sounds
related to a particular or identifiable individual," Al Riyami
added, defining data protection.
The law is an inevitable step in light of many incidences of
personal data leakage that have occurred globally which mandate the
requirement for a law to regulate the use of personal data,
Mohammed Nayaz, Partner, IT risk and resilience at EY
believes.
"The Government of Oman is marching strongly in its
eGovernance journey and it is important to support it with the
creation of data privacy and cyber security initiatives.
Establishing a privacy law in Oman is crucial and follows the
establishment of data privacy laws worldwide especially after the
major milestone of issuing the EU's General Data Protection
Regulation (GDPR)," he said.
"The next important step after issuing the data privacy law in
Oman would be to assist organisations in implementing the
requirements by providing clear guidance and awareness programs and
establishing a monitoring process to ensure compliance with the
mandate. Government should also consider providing a certification
on privacy compliance on organisations depending on size and
usage," Nayaz said.
Originally published by Times of Oman
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.