The government has issued a sub-decree on the control, use and security of “personally identifiable data” or PID in order to guard the public’s interests and improve the provision of services and their quality and efficiency to facilitate national development.
PID refers to information that can be used to identify any individual person. PID can be data that includes people’s names, gender, birth dates, places of birth, current residence or nationality as well as biometric data or any other data that can be used to trace someone’s identity.
The sub-decree on PID obtained by The Post on January 5 said that the government permits the Ministry of Interior to collect, compile, store, manage and protect PID after it undergoes registration with the ministry and is handed over to their custody.
“The Ministry of Interior, which owns the original data, can authorise ministries, institutions, entities in both the public and private sectors or individuals to use PID in accordance with procedural forms set forth in this sub-decree and other legal documents in force,” the sub-decree states.
The government is also tasking the interior ministry with the protection of PID under its control against risks and dangers such as its destruction, damage, loss, deletion or revision and against any unauthorised access to the data or the disclosure of it.
The sub-decree states that the ministry must establish a database to store a backup of the data in a safe place other than the location where the original database is housed and both must be properly maintained.
“The [ministry] ... must ensure the protection of data security both during its transmission and use and in-line with high security technical requirements,” said the sub-decree.
The granting of permission to the ministries and other state institutions in the public sector to use PID to serve the provision of public services shall be governed by an inter-ministerial prakas or joint-prakas issued by the interior minister and the head of the state institution requesting access.
The sub-decree states that private sector entities wishing to gain access to PID to benefit the public or advance the provision of services can do so when granted permission by signing an agreement or memorandum of understanding between a representative of the ministry and a representative of the institution in the private sector making the request, without specifying what, if any, additional criteria must be met to grant such access.
Cambodian Institute for Democracy president Pa Chanroeun said that the sub-decree provides important guidelines and procedures for protecting the data and identity of individuals and in today’s digital age one’s personal identity is an important thing that must be taken care of, protected and managed well.
“Without proper controls on the use and protection of PID, it will be manipulated and misused in every way imaginable and could affect both the individual’s dignity and the interests of the individual and society as well,” he said.