The Constitution of the Maldives guarantees the personal
privacy of people living in the Maldives. Yet, how much of it is guaranteed in
real life?
In the various debates on democratic rights in the country,
the focus appears to be on social and political rights, and who is governing.
We rarely hear outrage at violations of liberty other than with respect to
arrest and detention. My focus has always been personal liberty and associated
rights.
I visited the doctor today, and I was pleasantly surprised
to see that the Clinic where I usually go to see my doctor had restarted
offering Aasandha. I was definitely in a good frame of mind when I entered the
consulting room. However, as my consultation progressed, I became increasingly
alarmed. The doctor was typing away the details of the consultation into an
interface of the Aasandha server, and then proceeded to type in details of the
prescription into the same interface. When I made some inquiries later from a
friend, I learnt that that was a requirement to use the Aasandha service.
The cause for my consternation is this. Why does Aasandha
(which is an insurance service) need all the details of my consultation with
the Doctor? Isn’t that privileged information between doctor and patient? I
kept asking myself: Who else is going to see this? How secure is the Internet
connection? Who is eavesdropping on this connection? How trustworthy are the
staff at Aasandha? Have they been vetted for integrity? Won’t the government
use this information against me any time they chose to? When will I see this
information splashed on my Facebook Wall?
It is not only Aasandha, I realized after much reflection
when I got home. Government agencies and many private businesses are collecting
a lot of personal information on people. Often, the information they collect is
not necessarily related to the service they provide. It is very easy for
service providers to just hand out a form and ask people to fill it. Most
people would not stop to ask the question as to why the service provider needs all that
information.
The danger lies in that all this information is being
collected and stored without any legal obligation on the service providers to
maintain privacy. We do not have any laws or regulations that govern personal
data that is collected by government agencies or private service providers.
Very often, government agencies ask private service providers to supply them
with personal information of their clients. We have a culture where government
demands are met by business very docilely and without question. But did the
client authorize the service provider to divulge that information? Do all these
agencies really require the information in order to provide the service?
In order for the public to be protected from potential cases
of harassment, blackmail and fraud, it is essential that Majlis pass a Data
Protection Act urgently. Such an Act should include three major provisions:
Firstly, no government agency or a private service provider may require the
client or customer to supply any personal information which is not absolutely
necessary to provide the service; secondly, any such information collected may
not be disclosed to a third party unless with the express authority of the
individual concerned; and thirdly, any such information collected should be
stored securely using appropriate means.
I understan that this is standard "best practice".
Your thoughts?