Zinara Rathnayake, journalist

In a world where people communicate through WhatsApp and entertainment comes via TikTok, about 60 million smartphones in Pakistan are carrying sensitive data. This stark message was put to delegates during a virtual session held by ACCA Pakistan.

‘While the digital world has made our life easier, and we can do most things from the ease of our homes, like banking, consulting a doctor and attending tuition classes, this comes with a price,’ said Nadeem Hussain, founder of Planet N Group of Companies and chairman of Pakistan Fintech Network. Collection of data aside, the challenge intensified when algorithms start making decisions for both customers and businesses. ‘That is where potential bias, data abuse and transparency come up,’ he said.

‘Unless or until we are grounded in ethics, we may be doing a disservice to customers’

Nadeem considered five principles related to ethics in a digital world. ‘Trust is the first pillar of digital ethics,’ he said, adding that transparency comes next. ‘There must be laws and regulations to govern transparency standards so that everyone knows which data is extracted. At the same time, the less technologically advanced you are, the less you will understand who is holding your data. Confidentiality, fairness and consent are the remaining three pillars, and a regulatory framework should be in place to govern how third parties obtain data with people’s consent.’

Digital transformation

‘We need to educate our clients, staff and boards about how digital information is being used,’ said Roshaneh Zafar, founder and managing director of Kashf Foundation, a microfinance organisation. She explained that lack of transparency leads to cybercrime, hacking and fake news. ‘Companies should have a digital transformation plan that ensures all stakeholders are part of it,’ she said. ‘Unless or until we are grounded in ethics, we may be doing a disservice to customers.’

Meanwhile, Roshaneh noted that ensuring value and trust is difficult in the digital money and transfer sector. ‘Aside from educating employees and clients in digitalisation, it’s important to also understand the value it generates,’ she said.

‘Finance professionals must consider what digital transformation will do to the business,’ Roshaneh said. ‘Will it add value to the client? Will it create efficiency? Or will it create more revenue in terms of more clients? We need to ensure we are sustainable at the end of the day.’

Digital divide

Roshaneh pointed out that data, privacy and confidentiality could also impact the improvement of women’s access to the digital space. As digitalisation opens up economic opportunities for women in Pakistan, improving digital literacy is vital. ‘Many women we work with are on the other side of the digital divide,’ Roshaneh said.

There is a long way to go in reaching digital gender parity, she noted. ‘Out of 41 million Facebook users in Pakistan, only 19% are women. At the same time, about 10% are women in the fintech and IT industry,’ Roshaneh said, adding that it is important to focus on human-centric software development.

‘Your technology will fail if humans fail; technology is just a facilitator’

‘Many women using social media apps don’t know the value it can add to their lives and what information they are giving over. This is why the private sector has to come in and push for a data protection framework.’

Badar Khushnood, co-founder of Bramerz and Fishry, agreed. ‘Women’s inclusion in digital spaces will strengthen if policies are maintained and executed in the right way,’ he said.

Legislative lag

Badar pointed out that Pakistan’s approach to data protection is patchy. The Prevention of Electronic Crimes Act 2016 came into force around four years ago, while the Personal Data Protection Bill 2021 is yet to come into force. Some data centres were created with little or no technical capability to secure data, which led to hacking, he said.

‘Your organisation needs to know how important it is to have proper control mechanisms and systems in place’

‘The challenge with all our cybercrime and data-related regulations is that they are criminally oriented,’ he said. ‘They are extremely stringent, challenging and cumbersome to implement.’

Although policy and regulation are critical for web 3.0 and a decentralised internet, current laws are not efficient and do not facilitate businesses or SMEs, Badar said, explaining that Pakistan does not have digital or cybercrime codes that can regulate how data is used.

One weak link in protecting data is the human factor, Badar noted. ‘Your technology will fail if humans fail,’ he said. ‘Human capacity and human training are important. Technology is just a facilitator.’

Secure your data

Asif Peer, CEO of Systems Limited, explained that businesses should ensure that they create the right provisions for who can access data, where it is stored and the tools available. ‘Since everything is in a distributed environment, when we do testing, we need to make sure data is anonymous, so no confidential information is leaked,’ he said.

Asim Siddiqui, country managing partner of EY Ford Rhodes, noted that with access to data much more pronounced today, regulatory entities must ensure that data is kept safe by masking information, while an internal policy procedure and code of conduct is important for businesses.

‘Your organisation needs to know how important it is to keep data secure, and have proper control mechanisms and systems in place for data so only authorised people have access to it,’ he said.

‘At the same time, you want to ensure that data no longer needed is stored away and scrapped, and people don’t have access to such information. You need to make sure you have the right security and that these measures are regularly tested to ensure compliance.’

More information

ACCA has a range of information covering professional and personal ethics here.