By Tahir Sherani
The National Cyber Emergency Services Response Team (PKCERT) on Wednesday issued data protection guidelines for organisations handling citizens’ personal information, citing an increasingly insecure cyberspace environment.
PKCERT is a federal entity responsible for protecting Pakistan’s digital assets, sensitive information and critical infrastructure from cyberattacks, cyberterrorism, and cyber espionage.
The advisory, applicable to companies holding Personally Identifiable Information (PII), prescribes immediate, medium- and long-term measures, which include classifying data sets based on their sensitivity, advanced encryption methods, multi-factor authentication, and others.
Organisations collecting, processing, storing, or transmitting PII may include “financial services, telecommunications and internet providers, commerce and logistics [companies], government agencies, healthcare institutions, educational entities, as well as third-party and outsourced service providers,” the notification said.
I