New law on data protection in the offing

A new law aimed at protecting private information of individuals has been drafted by the Information Technology Authority (ITA) in Oman. “The proposed law is presently with the Ministry of Legal Affairs for review and is expected to be rolled out after getting necessary approval from the state cabinet,” said Mawia Ahmed Said al Kindi, legal specialist at the Authority. Data relating to identity and resident card numbers, addresses and other vital information will have protection under the proposed law, she said.
“A law to protect private information and regulate its access was necessitated as Chapter 7 of the present Electronic Transaction Law in the Sultanate was not enough for the security of personal data,” Mawai told the Observer.
According to the draft law, personal data, which has a special emphasis on law, will refer to any identification number, location data, service provided, online identifier or social identity of that person.
Personal data refers to personal information of any kind.
It not only refers to private information of the person, but to any kind of data, whether or not private, that may affect rights if used by data processors.
“So far, there have not been any specific Omani laws that explicitly protect the privacy and personal data of employees. There are only general laws that govern an employer’s conduct with respect to an employee’s privacy,” said Mawai. The Electronic Transactions Law deals with the protection of private data. Although it is aimed specifically at e-commerce, it does provide certain safeguards and criminal sanctions against the illegal use of personal information.
The Cyber Crimes Law covers violations of safety, confidentiality of data and systems.
Some of the penalties for hacking crimes are increased if they involve the misuse of personal data.
Government entities, businesses and civil society organisations now carry many of their activities on the Internet.
Many of these activities involve collecting, processing and using personal date of the users of these services.
Also for a majority of the organisations in Oman, data is collected and used for legitimate reasons such as carrying out the services required by users or for regularly communicating with them.
However, it is not difficult to see how individuals could suffer if their data is misused or released without permission, say experts.
The ITA has established ‘awareness’ programmes recently in coordination with other relevant agencies to stop specific cyber-crimes like extortion-mail.
As part of the campaign, the regulator had issued an order asking all agencies to develop awareness programmes for their employees.
These were required to focus on security policies and standards which the ITA had issued, including the framework of security designs for government networks and the security designs framework for applications and services of e-government.