Data Protection Bill which provides measures to protect an individual's personal data held by banks, telecom companies, hospitals and other institutions will be presented to Parliament in two months time, Non-Cabinet Minister of Digital Infrastructure and Information Technology, Ajith P. Perera said yesterday.
He told a news conference that using data pertaining to individuals for wrongful purposes will be restricted under this law. “The new legislation will impose restrictions on banks, telecom companies and even hospitals using data for any purpose without the consent of the individual concerned,” the non-Cabinet minister said.
He said the new legislation will not restrict the right of the people to obtain information guaranteed under the Right to Information Act. “Data Protection law will actually make the Right to Information Act more effective,” the Non-Cabinet minister said.
He said the new legislation is still in the drafting stage and that the People’s views on the new legislation will be called for on July 27, at Cinnamon Grand Hotel.
"Under the framework of the new legislation, the new law will protect those who are domiciled in Sri Lanka and the ordinary citizen. Personal data could be collected only for a specified purpose and not for any other matter that is incompatible with the said purposes. However, processing data in public interest, scientific or historical research will not be considered incompatible. Data has to be processed in a manner which ensures security including protection against accidental loss, destruction or damage. Data subject shall have the right to withdraw his or her consent where the processing is done. Data subject will also have the right to rectify the data without our undue delay," the Non-Cabinet minister said.
"There will be data controllers under the Bill to process data complying with the provisions of the Act. There will also be a data processing authority under which the controllers will be registered. The authority will be the apex body for all matters relating to data processing matter. Data processing authority is to be comprised of Secretary Ministry of Public Administration, secretary to ministry to whom the implementation of this act is assigned, Secretary to Treasury or a Deputy Secretary of Treasury nominated by the Secretary, a Deputy Governor of Central Bank nominated by the Monitory Board, a Director nominated by the Telecommunication Regulatory Commission and Director General Health." (Yohan Perera)