Staff Reporter :
Transparency International Bangladesh (TIB) has expressed deep concern over the theft and online sale of citizens’ confidential and sensitive information from the National Telecommunication Monitoring Centre (NTMC).
This data breach involves the misuse of IDs of law enforcement officials responsible for protecting sensitive citizen information.
In a statement issued on Tuesday, TIB highlighted the alarming nature of this incident, emphasizing that “this breach violates constitutional commitments to safeguard personal data.”
The TIB has urged the swift enactment of the Personal Data Protection Act, 2024, and demanded stringent penalties for those responsible for the breach.
Media sources report that the NTMC system was exploited using the IDs of two law enforcement officers to collect and sell confidential information, including National Identity Card (NID) details and mobile call data records (CDR), for financial gain.
Terming it ‘alarming’ TIB Executive Director Dr. Iftekharuzzaman said, “Repeated incidents of theft involving personal and sensitive information like national identity cards and call data records are not new. Previously, Bangladeshi citizens experienced thefts of various confidential documents, such as birth certificates and national identity cards, at different times.
“Recent events have seen a surge in such breaches, with personal data being pilfered by law enforcement organisations tasked with safeguarding it. The process and technical infrastructure used by the government to protect citizens’ sensitive information raises questions regarding its integrity and capability.”
He further said, “It appears the government lacks the commitment and investment required to establish robust data protection mechanisms compared to the ill motives and activities of the groups that want to misuse them in the digital world. Consequently, its efforts in this regard seem insufficient and ineffective. Therefore, it’s not an overstatement to say that the government’s legal and institutional initiatives to ensure data protection are nothing but superficial and appallingly risky.”
The TIB executive director highlighted the recurring incidents of theft involving personal confidential information of Bangladeshi citizens, noting the absence of preventative measures.
He also emphasised the lack of efforts to enhance security measures for safeguarding sensitive data.
While welcoming the decision by law enforcement agencies to suspend the user IDs of the implicated parties, he stressed the importance of identifying all individuals involved in the data trafficking and ensuring they face exemplary punishment through a thorough investigation.
He said the TIB’s review of the draft Personal Data Protection Act, 2024, identified a concerning risk of granting government agencies unchecked authority over personal data under the guise of national security and public interest.
“Allowing such agencies unrestricted access to data servers without judicial oversight could lead to potential abuse of data without accountability, undermining the principles of the rule of law. The recent incident involving the trafficking of sensitive personal information by law enforcement personnel further underscores the urgency of enacting robust data protection legislation.”
Therefore, the TIB urged prompt formulation of the Personal Data Protection Act through comprehensive consultation with relevant stakeholders to safeguard citizens, privacy, reads the statement.