ISLAMABAD: The National Database and Registration Authority (Nadra) has initiated criminal proceedings against its employees behind the saga involving unauthorised access to data of the family of Chief of Army Staff (COAS) Gen Asim Munir.

An informed source told Dawn that the elements on whose behest the breach took place were also being acted against. As many as six Nadra employees had been terminated from service for illegally accessing COAS’ family’s record, following four separate inquiries ordered by Nadra Chairman Tariq Malik on Dec 23, 2022, and March 2, 2023, the source disclosed.

A joint probe conducted by Nadra and a sensitive security agency in December last year discovered that Farooq Ahmed, a junior executive employee working on a project of the Benazir Income Support Programme, was the first person to have unlawfully accessed the data in question.

The high-powered inquiry committee on the direction of the incumbent chairman expanded the scope of the investigation by technically analysing logins, user IDs, system logs and IP addresses that were intact, reflecting the strength of the authority’s database.

This led to the identification of a total of 10 employees who illegally accessed record of the army chief’s family. After a fact-finding inquiry, the suspects were cross-examined and a detailed probe was launched.

Elements on whose behest the breach took place are also being acted against, after sacking of six employees

Hence, a charge sheet into the imputations of accessing COAS family’s data unauthorisedly and illegally was subsequently issued to the accused employees on Jan 6. As a result, in two inquiries the committee found six officials responsible. He said a committee imposed a major penalty of termination from service under the Government Servants (Efficiency & Discipline) Rules 1973 on these six employees.

Data security

He said Nadra introduced a number of additional security protocols to check on its own employees’ behaviour. A few months ago, an additional service, ‘Ijazat Aap Ki’, was introduced to roll out a consent regime that informs citizens and asks for their permission in form of an OTP (one-time password) if their personal data is accessed remotely.

He said Artificial Intelligence-based log access reviews now send alerts of suspicious activities of employees. Mr Malik is the first chairman who had taken unprecedented measures to secure data and focus on privacy of citizen’s personal data.

Meanwhile, in a message to Nadra employees, a copy of which is available with Dawn, the Nadra chairman has referred to various steps taken for their welfare, including a 65 per cent raise in salaries and a policy to reward those showing remarkable performance.

He said people trusted Nadra, which was a custodian of their personal and family information. He said there would be zero tolerance for any breach, adding that an AI-based system had been put in place and all possible steps had been taken to safeguard the public data.

Referring to some guiding principles, the chairman said no Nadra employee was authorised to use logins of any other colleague, no data entry operator had the permission to access personal data of any citizen and biometric of a family member was an essential requirement to access anybody’s family tree.

He said a comprehensive monitoring system was being developed to check any possible violation and as many as 131 had so far been dismissed in its light.

He made it clear that unauthorised access to somebody’s data was a grave violation of the law and under Section 28 of the act may entail imprisonment of up to five years, a fine up to Rs1 million or both.

He also alluded in the letter towards the incident involving data of COAS’ family and said six officials down from the level of a junior executive to director have been removed from service and criminal case against them were being filed.

He urged the employees to keep in mind the fundamental principle that be it a common citizen or an important office holder, the secrecy and security of their data should be the foremost priority.

He asked them not only to discharge their duties with honesty, but also to keep a vigilant eye on suspected individuals, and to inform their seniors in case somebody persuades them to access personal data of a citizen.

Published in Dawn, May 6th, 2023