KATHMANDU: The government recently issued the Cyber Security Bylaw with a provision that disallows telecom firms and internet service providers (ISPs) to provide digital data of their customers to any third party without the consent of the customer.
This is the first time that Nepal Telecommunications Authority(NTA) has attempted to address data privacy issue through a policy in Nepal.
The bylaw states that telecom firms, ISPs cannot provide digital data of any customer to any third party, expect to government agencies that are involved in enforcing laws, without the consent of the customer.
Similarly, the bylaw states that telecom companies and ISPs while coordinating with a third party or inking an agreement, should ensure that the third party does not make public digital data that they access from telecom and internet service providers. The bylaw also requires service providers to carry out internal cyber security audit every three months and submit the report to NTA every six months.
Likewise, service providers need to have a separate password policy and must have a rule whereby the passwords comprise of at least 10 digits. They also need to ensure that passwords do not match the usernames. In case of any cyber attack service providers are required to inform the police and NTA immediately.
The policy also states that service providers must use only authorized software, operating systems, applications and antivirus software. Along with this, they must frequently update the devices including mobile phones, desktops and laptops.
The bylaw has also promoted digital signature for email usage. Similarly, service providers need to use OTP or technology that can be verified on mobile-based applications. Service providers have also been asked to mandatorily maintain data backup.