“Data can be defined as both the qualitative and quantitative facts or the points of observations and, if contextualized, they are the primary source of information. Data or collection of data without their connection to time or space do not make information. But such data with some context or connection to time or space make information. Both the management of data and information are two of the significant components of knowledge management in government and other organizations. Government organizations usually manipulate data derived from two major process: creating data themselves from observations, monitoring and from daily decision making with reference to different policies and second is the reception of data from other organizations or individuals. Self-generated or received from others, the government organizations use data in different forms such as electronic copies, hard copies and verbal signals. As data in context have meaning and signified implications, they help for making generalizations, fact based rational decisions, projection of trends and consequently innovations to tackle with potential problems. Because of these points of significance, government organizations, being based on laws or other standard conventional practice, usually protect the created, collected or received data in the organizations. But despite the intention of the protection of the data as envisaged by varieties of prevailing laws, their misplace or loss cannot be ignored due to different causes such as blurred responsibility, organizational culture of not sharing data or policy of ultra-secrecy, or lack of physical drawers and folders or as a whole available infrastructure. For the protection of data, the government of Nepal has formed different acts, rules and policies.
The Act on Right to Information, 2064 BS (2007) writes on its preamble that the act has been brought to promote the public accountability, transparency and access of people towards the information of public significance as well as to protect the sensitive information negatively affecting the state and the welfare of the people. Ensuring the right of people to information, it has also identified and mentioned some areas and nature of information that are protected or not disseminated by the public organizations at all. Such information includes as creating disturbances to sovereignty, national integrity, peace, international relations, fraternity among the castes and ethnic groups, and other information that tends to endanger personal privacy, and body, life, health and security of a person. Stating that the public institution has to ensure that the data and information related to some particular person is not leaked or published or disseminated without written approval of the person, the act writes that the personal information available in the office can be used only if it is demanded by law or in case of controlling corruption.
It has also made the provisions of Information Officer in each government office to deliver the information to the public and National Information Commission to overall protect and promote the right to information. It has provisioned to frame a committee in the chair of the chief secretary of the Government of Nepal to classify the information and fix the protection period as well as method as per the nature and sensitivity of the information.
Similarly, though it is not targeted to the management of data and information, there is the Civil Service Act, 2049 BS (1993) that states that civil employee should not, without being authorized by Government of Nepal, directly or indirectly provide or divulge, to any other unauthorized employee or non-governmental person or press, any confidential matter or any other document or news prohibited by law which was /is known to him/her in the course of performing the governmental duty.
In addition to these acts, the Electronic Transaction Act 2063 BS (2006) has made different provisions regarding the protection of electronic data. It has forbidden the unauthorized access to computer materials. The act ensures legal validity of the electronic data, documents, information or records kept safely and exactly in the same format as originally generated or transmitted. It has also stated that if any person accesses any program, information or data of any computer without the permission of the owner or performs any act contrary to the authorization; such a person is liable to punishment.
The Prevention of Corruption Act, 2059 (2002 A.D) has different provisions on safeguarding the public documents. According to the act, it is punishable if a public servant or any other person, corrects, adds or changes in documents belonging to a government or public institution without authority. Similarly, damaging or destroying or concealing the documents belonging to the government or the public institution is defined to be punishable.
Besides the legal provisions, the role of the corresponding practice is also significant to protect the available data. Generally, in the offices, the practice of keeping data safe and utilizing them in appropriate time is influenced by a variety of factors. They include available furniture, drives, folders, office space, office layout, as well as the trends of filing and indexing, keeping the data or the documents in hard drives or sharing them among the co-workers are significant for the protection of the data in government organizations.
As a whole, the Government of Nepal has different legislation for both protection and transparency of data or information. The organizational practice on the protection of data is guided by the legislation. As being guided by the relevant acts, it is necessary for the officials to protect as well as provide the received data to other organizations or stakeholders. As no non-official can search or use records or files in the government offices, the possibility of leaking data or document is minimal through outsiders. Similarly, the digital data have legal validity like the hard copy data and unauthorized access to others’ computer or program, alteration, or deletion of others’ data is punishable by law. The concept of Government Integrated Data Center (GIDC) has also been introduced. From these all dimensions of prevailing laws, organizational general practice, officials’ moral and legal observance, the trends of managing hard data and soft data, the status of ensuring the protection of data can be said satisfactory.” – Yuba Raj Guragain – Kathmandu, Nepal