EU law in particular restricts businesses transferring data to
countries with weak privacy protection, and with the Ministry
apparently expecting growth rates in business process outsourcing
to Pakistan to be over 100% for the next few years, the state is
keen to eliminate reasons for potential customers to outsource
elsewhere.
The difficulty so far as European firms are concerned relates to
the Data Protection Directive of 1995, which restricts the data
that can be transferred or stored in countries without equivalent
rules and enforcement procedures. At present, Pakistan has no such
regulations, and relies on individual contracts negotiated between
the main company and the Pakistani outsourcing contractor to
address the data protection issues.
"With increasing competition in the global Business Process
Outsourcing (BPO) marketplace, the lack of legal cover for the
protection of data within the country is an impediment to growth in
this sector," said Federal Minister for Information Technology
Awais Ahmad Khan Leghari, according to Islamabad News.
The Ministry has therefore published a draft of the proposed
"Foreign Data Security and Protection Act 2004", which is designed
to deal only with foreign data from outside Pakistan, and will not
set out a national regime of privacy or data protection.
The bill still has to undergo a consultation period, before it
is sent to the Cabinet and National Assembly for approval.
