Personal data secrecy weak, Turkey's state body says

Personal data secrecy weak, Turkey's state body says

Turkey lacks protection of citizen’s personal information due to the indifference of public institutions and legal shortcomings, requiring a substantial increase in awareness and the provision of a legal framework targeted at making progress on the issue, a top state body working under the Office of the President has asserted.

Some government institutions share people’s personal data online with other public and private bodies without taking care of data security, said the State Audit Board’s (DDK) report, which was posted on the official website of the Office of the President on Dec. 13.

Before preparing its report on “the National and International Situation Assessment over Protection of Personal Data”, the DDK conducted audits of the Justice and Health Ministries, the General Directorate of Population and Citizenship Affairs, the Social Security Board, the General Directorate of Land Registry and the Revenue Administration Directorate to inspect and assess the level of protection of personal data.

The report has come at a time where public discourse is hotly debating the “profiling” of individuals by public bodies. Daily Taraf recently claimed that the Turkish government had profiled a number of groups based on religion and faith through the National Intelligence Organization (MİT), monitoring their activities until as recent as 2013. However, Prime Minister Recep Tayyip Erdoğan had strictly denied the claims.

Many government institutions are the not the actual proprietors of their information systems, with contractor companies having the authority to access people’s private information without any restrictions, the report said, suggesting that government institutions should have the right to ownership of such information systems instead.

There was a notable lack of awareness among government employees in regards to information security and protection of personal data, the report said, citing that some public employees share private data among themselves offline via CDs, DVDs and flash disks all the while aware of rules prohibiting the removal of data from the internal network.

Along with government institutions, private corporations including banking, security, telecommunication, tourism, health, education and transportation companies had the authority to access the public’s personal data easily, the report stated, adding that there was no restriction for them to possess and maintain personal information.

Despite separate regulations for the protection of personal information being in place, the reported suggested a requirement for a law establishing a framework for the protection of personal data.

“Data sharing among and between public and private institutions is being conducted in the absence of relevant legal parameters,” the report said.