PRIVACY

-->

The Constitution of the Maldives guarantees the personal privacy of people living in the Maldives. Yet, how much of it is guaranteed in real life?

In the various debates on democratic rights in the country, the focus appears to be on social and political rights, and who is governing. We rarely hear outrage at violations of liberty other than with respect to arrest and detention. My focus has always been personal liberty and associated rights.

I visited the doctor today, and I was pleasantly surprised to see that the Clinic where I usually go to see my doctor had restarted offering Aasandha. I was definitely in a good frame of mind when I entered the consulting room. However, as my consultation progressed, I became increasingly alarmed. The doctor was typing away the details of the consultation into an interface of the Aasandha server, and then proceeded to type in details of the prescription into the same interface. When I made some inquiries later from a friend, I learnt that that was a requirement to use the Aasandha service.

The cause for my consternation is this. Why does Aasandha (which is an insurance service) need all the details of my consultation with the Doctor? Isn’t that privileged information between doctor and patient? I kept asking myself: Who else is going to see this? How secure is the Internet connection? Who is eavesdropping on this connection? How trustworthy are the staff at Aasandha? Have they been vetted for integrity? Won’t the government use this information against me any time they chose to? When will I see this information splashed on my Facebook Wall?

It is not only Aasandha, I realized after much reflection when I got home. Government agencies and many private businesses are collecting a lot of personal information on people. Often, the information they collect is not necessarily related to the service they provide. It is very easy for service providers to just hand out a form and ask people to fill it. Most people would not stop to ask the question as to why the service provider needs all that information.

The danger lies in that all this information is being collected and stored without any legal obligation on the service providers to maintain privacy. We do not have any laws or regulations that govern personal data that is collected by government agencies or private service providers. Very often, government agencies ask private service providers to supply them with personal information of their clients. We have a culture where government demands are met by business very docilely and without question. But did the client authorize the service provider to divulge that information? Do all these agencies really require the information in order to provide the service?

In order for the public to be protected from potential cases of harassment, blackmail and fraud, it is essential that Majlis pass a Data Protection Act urgently. Such an Act should include three major provisions: Firstly, no government agency or a private service provider may require the client or customer to supply any personal information which is not absolutely necessary to provide the service; secondly, any such information collected may not be disclosed to a third party unless with the express authority of the individual concerned; and thirdly, any such information collected should be stored securely using appropriate means.

I understan that this is standard "best practice".

Your thoughts?