The Right to Privacy in Nepal: Is the Government Upholding It?

sushil phuyal
3 min readJul 18, 2023

--

We’re in the age of information, and many people are worried about the risks of having their personal information exposed, even if they don’t fully understand why it’s dangerous. We’ve witnessed the arrest of individuals responsible for data breaches. However, I want to explore a thought-provoking question: What if the government itself jeopardizes the privacy of its citizens?

In Nepal, the Privacy Act of 2075 (2018) explicitly addresses the protection of personal information. According to section 3.c.4 of the act, citizenship is recognized as one’s personal information. Furthermore, chapter 9, section 19.1 emphasizes that “Every person shall have the right to maintain privacy of the matter relating to any of his or her personal information, document, correspondence, data or character that remained in electronic means.” However, the question remains: Is this right to privacy being upheld in practice?

It’s concerning to hear about your experience with the Department of Transport Management’s Facebook pages. If they are publishing the results of the written driving license exams, including sensitive personal data such as citizenship numbers, it does seem to violate the privacy provisions outlined in the Privacy Act. This situation raises valid concerns as anyone with access to the Facebook profile of यातायात ब्यवस्था कार्यालय can obtain citizenship and other personal information.

With the obtained information attacker can do so many things, but for a demo I took my own personal information and did some digging to find the date of birth and other information's.

Note: I used my own information for research, and none else was involved

I took my citizenship from the page:

Posted result of written exam by DOTM branches in facebook

After taking the citizenship of mine I went to the election commision website, and entered by citizenship number after converting it to Nepali font.

form being filled with my citizenship number

It’s concerning to hear that after filling out certain information, anyone can gain access to your voter ID card, including the serial number and date of birth. It’s crucial to recognize that such sensitive information can be misused if it falls into the wrong hands. It’s important to handle this information responsibly. Safeguarding personal information is essential to protect yourself from potential misuse or identity theft.

Obtained information looks really scary for OSINT

In addition to highlighting the issues surrounding the improper handling of personal information, I would like to propose some suggestions that could help protect sensitive data. Please note that these suggestions are solely my personal opinion:

  1. Implement SMS Alerts: Instead of publicly displaying sensitive information, such as driving license exam results or other personal data, a more secure approach would be to send SMS alerts directly to the applicants’ mobile devices. This way, individuals can receive their results privately without the risk of their information being exposed to unauthorized parties.
  2. Exclude Citizenship Numbers: When it comes to publishing applications or results, it is advisable to exclude the display of citizenship numbers. Citizenship numbers are highly sensitive and should be treated with utmost confidentiality. By omitting them from public view, the risk of identity theft or misuse can be significantly reduced.

By adopting these measures, we can better safeguard personal information and protect individuals from potential privacy breaches or misuse. It’s important for organizations to prioritize the security and privacy of their constituents’ data to maintain trust and compliance with privacy regulations.

--

--

sushil phuyal
sushil phuyal

Written by sushil phuyal

a weird guy who loves everything between security and internet

Responses (1)