Bangladesh is taking a significant step forward in strengthening its digital security framework with the upcoming inclusion of data classification within the Personal Data Protection Act (PDPA). This progressive move, announced by Faiz Ahmed Taiyeb, Special Assistant to the Chief Adviser of the Ministry of Posts, Telecommunications and Information Technology, underscores the nationโs commitment to safeguarding personal information and enhancing digital governance in the evolving cyber landscape. The core of this new provision revolves around the meticulous classification of data, specifically focusing on Personal Identification Information (PII). This crucial categorization ensures that sensitive data, which directly identifies an individual, is securely stored within the geographical boundaries of Bangladesh. By mandating the in-country storage of PII, the Act aims to provide a robust layer of protection against unauthorized access and data breaches, fostering greater trust in digital services and platforms. Although safely storing personally identifiable information (PII) is a fundamental part of this initiative, the Act also acknowledges that digital content is constantly changing. Other forms of data, such as images, videos, and speech, can be stored outside the country through appropriate mapping and secure processes. This flexible approach ensures that while core personal identifiers remain protected domestically, the broader digital economy can still leverage global data storage solutions for less sensitive information, promoting efficient data management. Furthermore, the revised framework addresses the handling of highly confidential information, including sensitive health records and critical financial data. Such information will be permitted for use only under clearly specified conditions and through transparent processes, ensuring privacy is upheld even when data sharing is necessary for public benefit or service delivery. This balanced approach is vital for sectors like healthcare and finance, where data utility must be reconciled with stringent privacy standards. In a related and equally vital development, the Cyber Security Ordinance has expanded its scope to include all AI-generated content under the ambit of cybercrime. This forward-thinking addition reflects Bangladesh’s proactive stance in adapting its legal framework to emerging digital technologies, addressing potential misuse and ensuring responsible development within the AI space. The inclusion of data classification in the PDPA represents a significant stride in Bangladeshโs digital journey, reinforcing its commitment to a secure and trustworthy online environment for all its citizens.
