Muscat: A new draft law to protect the data of every resident in Oman has been passed on to the Ministry of Legal Affairs for approval, the Information Technology Authority has revealed.

The proposed law is designed to protect private information and regulate who has legal access to it, as well as lay out penalties for those found abusing information in Oman.

ID card numbers, addresses and even location data will be better protected under the planned new law, experts say.

Globally, there have been a number of data leaks which have resulted in blackmail attempts and thefts from bank accounts.

Oman has remained largely unscathed by this – and tech watchdogs want to ensure it remains that way.

The ITA has been framing the law for the last two years, a spokeswoman revealed, and it has now been passed to Oman's Ministry of Legal Affairs for approval before being submitted to the Cabinet of Ministers.

"The world is witnessing a massive change and continuous developments in the field of information and communication technology, and the increasing use of high-speed computing systems that can save and handle large amounts of data.

"This will definitely affect data protection regulation that will have a large impact on the way data is collected and managed," according to an ITA spokeswoman.

"According to the law, personal data, which has a special emphasis in law, will refer to any identification number, location data, service provided, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person," she added.

"In light of the directives of His Majesty to simplify procedures and transactions, and the provision of government services electronically, dealing with data — especially personal data — has become necessary. Therefore, the need to have a law regulating the issue of dealing with personal data and providing higher protection," the official said.

"The ITA organised three sessions to discuss the law draft with specialists and community. The first session was held at COMEX 2015 to get feedback of specialists in the law articles. Then the second session was held at Salalah festival 2015. The third session was held with SQU College of law academicians to get their feedback.

"After these sessions that included community engagement and inputs from various stakeholders, the ITA legal department took all the comments and feedback to review and amend the law draft.

"Currently it's with the Ministry of Legal Affairs for review and approval and then to be approved by the Cabinet of Ministers," the official said.

Residents have welcomed the planned law.

"Data protection regulation is something that just has to be there in a country. How else do the thousands of people registering on websites know what's happening with their data. Moreover, how do they take anyone to court if they don't even know if their privacy is violated? This is excellent and we hope this is passed as soon as possible by the ministry," Saad Khan, a resident, said.

"We needed this law especially as we share so much online whether it is on social media or any other platform. I'd love to know that the government is protecting our privacy online," Omar Yaqub said.

Nasser Al Riyami, Associate at BSA Bin Shabeeb, Al Rashdi & Al Barwani Advocates and Legal Consultants,said the proposed law will strengthen privacy in internet usage.

"Not having an appropriate data protection law has serious ramifications concerning any breach of data, as the legislature in Oman falls short. The current articles provide the form of punishment, however they do not establish procedures and safety measures that must be taken by the administrator of such sites to avoid the potential breach.

"This is precisely where the current Omani legal system falls short and would hopefully be amended in the new and highly anticipated Data Protection Law," he stated.

"Data protection is defined as personal data or any given information, regardless of its nature, including images and sounds related to a particular or identifiable individual," Al Riyami added, defining data protection.

The law is an inevitable step in light of many incidences of personal data leakage that have occurred globally which mandate the requirement for a law to regulate the use of personal data, Mohammed Nayaz, Partner, IT risk and resilience at EY believes.

"The Government of Oman is marching strongly in its eGovernance journey and it is important to support it with the creation of data privacy and cyber security initiatives. Establishing a privacy law in Oman is crucial and follows the establishment of data privacy laws worldwide especially after the major milestone of issuing the EU's General Data Protection Regulation (GDPR)," he said.

"The next important step after issuing the data privacy law in Oman would be to assist organisations in implementing the requirements by providing clear guidance and awareness programs and establishing a monitoring process to ensure compliance with the mandate. Government should also consider providing a certification on privacy compliance on organisations depending on size and usage," Nayaz said.

Originally published by Times of Oman

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.