MTCIT Issues Data Protection Policy
Date Published: 12 August 2024
The Ministry of Transport, Communications and Information Technology (MoTCIT) has recently issued the Personal Data Protection Policy, which aims to establish a set of controls to protect personal data. These controls cover the processing, storage, disclosure, access, modification, review, and destruction of personal data.
Policy Objectives
The policy seeks to leverage the value of personal data as an economic resource that contributes to economic transformation and supports innovation across various sectors. It also aims to strengthen individuals’ trust in the ability of government entities to handle personal data in a secure and law-compliant manner. Furthermore, the policy is designed to apply international best practices in the field of personal data protection, enhancing the value of data in improving performance, productivity, and the delivery of public services to citizens. It strives to create a balance between individuals’ rights to protect their personal data and the need to process and use data in the digital space.
Policy Provisions
The policy mandates the protection of personal data and information, requiring that data be collected through lawful and fair means and limited to what is necessary to meet legal requirements or direct operational needs. It also emphasizes the importance of ensuring that the data subject is informed and has provided consent for their data to be processed. This consent must be in the form of a statement indicating that by submitting a service request, the individual agrees to the processing or disclosure of their data to other government entities in the Sultanate of Oman, for the purpose of fulfilling current and future service requests.
Security Measures
The policy requires government entities that request or process personal data to implement appropriate security and organizational measures to protect data from unauthorized or accidental destruction, accidental loss, or any other form of improper processing. It stresses the importance of establishing adequate safeguards for all systems and storage media involved in handling data, to prevent any kind of breach. Among the key measures is the requirement to process personal data within the geographical boundaries of the Sultanate of Oman, ensuring national sovereignty over data and protecting the privacy of individuals. It also outlines the proper procedures for dealing with any data breach, damage, or unauthorized access.
