Pakistan Telecommunication (Re-organization) Act, 1996 (Download PDF format)

Pakistan Broadcasting Corporation (Amendment) Ordinance, 2002.

Promulgated by: President General Pervez Musharraf.
Enactment date: 26 October 2002.
Stated objective: Amendment in PBC Act of 1973.
Text of Ordinance No XCIV of 2002

AN ORDINANCE further to amend the Pakistan Broadcasting Corporation Act, 1973;

WHEREAS it is expedient further to amend the Pakistan Broadcasting Corporation Act, 1973 (XXXII of 1973) for the purposes hereinafter appearing;

AND WHEREAS the President is satisfied that circumstances exist which render it necessary to take immediate action;

NOW, THEREFORE, in pursuance of the Proclamation of Emergency of the fourteenth day of October, 1999, and the Provisional Constitution Order No 1 of 1999, read with the Provisional Constitution (Amendment) Order No 9 of 1999, and in exercise of all powers enabling him in that behalf, the President of the Islamic Republic of Pakistan in pleased to make and promulgate the following Ordinance: -

1. Short title and commencement. -

(1) This Ordinance may be called the Pakistan Broadcasting Corporation (Amendment) Ordinance, 2002.
(2) It shall come into force at once.

2. Amendment of section 2, Act XXXII of 1973. -

(1) In the Pakistan Broadcasting Corporation Act 1973 (XXXII of 1973), hereinafter referred to as the said Act, in section 2, for clause (d) the following shall be substituted, namely: – “(d) “Member” means a Member of the Board”.

3. Substitution of section 4, Act XXXII of 1973. –

In the said Act, for section 4 of the following shall be substituted, namely: – “4. Board.

(1) The general direction and the administration of Corporation shall vest in a Board, to be constituted in accordance with the provisions of sub-section (2).
(2) The Board shall consist of the following: -
(i) Secretary of the Government of Pakistan Ministry of Information and Media Development. Chairman
(ii to V) One eminent person each from the four provinces relating to media and management to be appointed by the Federal Government. Members
(vi) Additional Foreign Secretary. Member
(vii) Additional Secretary Finance. Member
(viii) Director General, ISPR. Member
(ix) Managing Director, PTVC. Member
(x) Director General, PBC. Member
(xi) A representative of the Interior Division. Member

(3) The Chairman and Members mentioned at clauses (vi) to (xi) of sub-section (2) shall be ex officio Members of the Board.

(4) The Members appointed under clauses (ii) to (v) of sub-section (2) shall hold office for a term of three years and shall be eligible for re-appointment but in no case for more than two consecutive terms. They may, by giving in writing to the Federal Government a notice of not less than one month, resign their offices;

Provided that the resignation shall not take effect until it has been accepted by the Federal Government.

(5) In particular and without prejudice to the generality of the provisions of sub-section (1), the Board shall have full powers with regard to-

(a) the preparation of the annual revenue budget of the Corporation and approval of the budget and expenditure not included in its annual budget for capital and development expenditure;

(b) the formulating and implementing of all programmes and policies; and
(c) the making of plans for infrastructural and technological development within the country and for promotion of the Corporation’s interests abroad,”

5. Omission of section 5, Act XXXII of 1973. -

In the said Act, section 5 shall be omitted.

6. Amendment of section 6, Act XXXII of 1973. -

In the said Act, in section 6, -

(a) for the words” Director other than the Chairman” the word “Member” shall be substituted; and
(b) in clause (a), for the word” Director” the word “Member” shall be substituted.

7. Amendment of section 7, Act XXXII of 1973. –

In the said Act, in section 7, -

(a) in sub-section (1), in the proviso, for the words” every month” the words “ at least once in a quarter” shall be substituted;
(b) in sub-section (2), for the word “Director”, the word “Member” shall be substituted and for the word “Directors” the word “Members” shall be substituted; and

(c) in sub-section (3), for the word “Director” the word “member” shall be substituted.

8. Amendment of section 10, Act XXXII of 1973. –

In the said Act, in section 10, in sub-section (1),-

(a) in clause (c), for the words” Federal Government” the word “Board” shall be substituted; and

(b) in clause (d), for the words” Federal Government” the word “Board” shall be substituted.

Signed:
General Pervez Musharraf (President)
Justice Mansoor Ahmad (Secretary)

Electronic Transactions Ordinance, 2002 (Download PDF format)

Electronic Data Protection Act 2005 (download PDF format)

ELECTRONIC DATA PROTECTION ACT 2005

An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing of electronic data while respecting the rights, freedom and dignity of natural and legal persons, with special regard to their right to privacy, secrecy and personal identity and for matters connected therewith and ancillary thereto; Now therefore it is enacted as follows:

CHAPTER I
PRELIMINARY

1. Short title, extent and commencement.

(1) This Act may be called the Electronic Data Protection Act 2005.
(2) It extends to the whole of Pakistan and shall apply to the processing of electronic data which is collected or takes place within Pakistan, regardless of the location of the data processor or data controller.
(3) It shall come into force at once.

2. Definitions

In this Act, unless there is anything repugnant in the subject
or context,-
(a) “blocking”, means the storage of electronic data while any other data processing operation is temporarily suspended;
(b) “corporate data”, means any information relating to or owned by any person including financial, legal and business processes;
(c) “data controller”, means the individual or person, who determines the purposes and means of the processing of electronic data, including security issues;
(d) “data filing system”, means any set of data structured according to several specific criteria suitable to ease their processing, composed of one or more units, in one or
more physical locations;
(e) “data operator”, means an individual employed by data processor for the processing of electronic data;
(f) “data processor”, means the individual or person, who rocesses electronic data on behalf of a data controller;
(g) “data subject”, means the individual or person to whom the electronic data are related;
(h) “disclosure”, means the act of making electronic data known to one or more specified individual or person, excluding the data subject himself, by any means;
(i) “dissemination”, means the act of making electronic data known to unspecified individuals or persons, by any means;
(j) “electronic data” means any information which is being processed by means of any information system, is recorded with the intention that it should be processed by means of such information system, or is recorded as part of a relevant data filing system or with the intention that it should form part of a relevant data filing system and includes personal, corporate, foreign and local data; Explanation.—The words “information” and “information system” used in sub- clause (k) shall have the same meaning as defined in the Electronic Transaction Ordinance 2002 (LI of 2002);
(k) “federal government” means the federal government of Pakistan;
(l) “foreign data” means both personal and corporate data collected outside Pakistan and sent to Pakistan for processing purpose only;
(m) “individual” means natural person;
(n) “local data” means both personal and corporate data collected within Pakistan for processing within or outside Pakistan;
(o) “person” includes an authority, trust, waqf, association, statutory body, firm, company including joint venture or consortium, or any other entity whether registered
or not;
(p) “personal data”, means any information relating to an individual, identified or identifiable, directly or indirectly by reference to any other information;
(q) “processing”, means any operation or set of operations, whether or not performed by an information system, which involves collection, recording, organization, storage, adaptation or alteration, retrieval, use, alignment or combination, blocking, disclosure by transmission, dissemination, erasure or destruction of the data;
(r) “prescribed” means prescribed by rules made under this Act;
(s) “Rules” means rules made under this Act; and
(t) “sensitive data” means data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in political parties, trade unions, organizations and associations with a religious, philosophical, political or trade-union, or provide information as to the health or sexual life of an individual and financial, or proprietary confidential corporate data.

3. Manual and personal data

(1) The processing of personal or
corporate data which are not performed by any information system or other automated means shall not be subject to the provisions of this Act unless the manual data is collected for the purpose of converting it into electronic data.
(2) The processing of personal data by an individual in the course of a purely personal activity or household and family purposes shall not be subject to the provisions of this Act, provided that the personal data are not intended to be systematically disclosed or to
be disseminated.
4. Government activity and exemptions

(1) This Act does not apply to the processing of personal or corporate data carried out by federal, provincial or local government.
(2) The federal government, in respect of local data only, by notification in the official gazette, may exempt any public or private sector, entity or business from the operation of this Act.

CHAPTER II
PROCESSING OF FOREIGN AND LOCAL DATA

5. Data processor and data operators

(1) The data processor shall perform the data processing in the prescribed manner and according to the instructions received from the data controller unless it contravenes any law.
(2) Data operators shall act on the foreign or local data, as the case may be, to which they have access only according to the instructions of the data processor.

6. Processing

Processing of foreign or local data, as the case may be,
shall be:
(a) done fairly and lawfully; and
(b) stored for specified, explicit and lawful purposes.

7. Collection of local data

Local data that are subject to data processing
shall be:
(a) collected with due diligence, fairly and lawfully;
(b) collected and stored for specified, explicit and lawful purposes;
(c) adequate, relevant and not excessive in relation to the purposes for which it is collected or processed; and
(d) processed in accordance with the rights of the data subject and, when necessary, kept up to date.

8. Information to data subject

(1) Data subject, any other individual or person from whom the local data is collected shall be given, prior to the collection and in
writing, the following information:
(a) the purposes and means of the processing;
(b) whether replies to the questions are obligatory or voluntary;
(c) the possible consequences of failure to reply;
(d) the recipients or categories of recipients to whom data may be disclosed, and the limit of data dissemination;
(e) the existence of his rights; and
(f) the name or trade name, and the address of the data controller and, if designated, of the data processor.
(2) Some or all of the information described in Sub-section 1 may be omitted when it is already known to the person from whom the data is collected.
(3) Where the data have not been obtained from the data subject, the information described in Sub-section 1 shall be provided to the data subject at the time of undertaking the recording of the personal data or, if a disclosure is intended, no later than the time
when the data is first disclosed.

CHAPTER III
DATA SUBJECT’S RIGHTS

9. Consent

It would be the sole responsibility of the data controller to obtain the consent of the data subject, if required, whose electronic data shall be processed within Pakistan.

10. Rights of foreign Data Subjects

Data subjects shall have all their rights, if any provided under the laws of the country or territory where the foreign data has been collected or data subject resides, only against data controller including confirmation as to existence of, access to, updating or rectification of their foreign data and objection to any or all operations involving the processing of foreign data and its intended purpose and will not deal directly with the data processor within Pakistan unless otherwise agreed between the data controller and data processor.

CHAPTER IV
ELECTRONIC DATA SECURITY

11. Electronic data security

(1) Electronic data that is subject to data processing shall be kept under custody, controlled or processed in such a way as to minimize the risks of its destruction or loss, even accidental, unauthorized access, unlawful processing or processing for purposes other than those for which the electronic data were collected, by means of appropriate precautionary security measures.
(2) The minimal precautionary security measures shall be as prescribed.

12. End of data processing

(1) Before ending the processing of electronic data, for any reason, the data processor shall notify the data controller of its fate.
(2) The electronic data can be:
(a) destroyed; or
(b) returned to data controller.

CHAPTER V
DISCLOSURE AND DISSEMINATION

13. Data operators

The act of making electronic data known to data operators appointed by the data processor, in writing, to perform the operations related to the processing, and acting directly on his behalf, shall not be considered disclosure and dissemination subject to such limitation as may be agreed upon between data controller and data processor.

14. Data disclosure

The disclosure and dissemination of personal or corporate data shall be permitted:
(a) by the data processor, when the data controller has explicitly given his consent or as provided in the contract with data controller;
(b) by data controller or data processor,—
(i) when it is performed under an obligation by national, provincial or local laws;
(ii) when necessary for the establishment, exercise or defence of legal claims in court;
(iii) when requested by any relevant government authority for purposes of national security or prevention, investigation, detection and prosecution of criminal activities; and
(iv) as may be prescribed.

15. Sensitive data

(1) The processing of Sensitive Data shall be conducted in such a way as to minimize the risks of unauthorized access or use, by means of appropriate precautionary security measures.
(2) The minimal precautionary security measures for the sensitive data shall be as prescribed.

16. Transfer of local data abroad

Transfer of local data to any territory outside Pakistan shall only be carried out in the prescribed manner.

CHAPTER VI
FEDERAL GOVENMENT

17. Powers and functions of federal government

(1) The federal government shall have the following powers and functions to,
(a) prepare and encourage the drawing up of suitable codes of conduct and ethics by certain categories;
(b) verify the compliance of such codes with applicable laws;
(c) seek views of data controllers and data processors on any matter related to electronic data;
(d) contribute to the publicity and enforcement of such codes;
(e) interact and cooperate with international and region

Not End .. Download Electronic Data Protection Act 2005 (download PDF format)

The “Prevention of Electronic Crimes Ordinance, 2007″ will apply to every person who commits an offence under the said Ordinance irrespective of his nationality or citizenship whatsoever or in any place outside or inside Pakistan, having detrimental effect on the security if Pakistan or its nationals or national harmony or any property or any electronic system or data located in Pakistan or any electronic system or data capable of being connected , sent to, used by or with any electronic system in Pakistan.

The ordinance i.e. “Prevention of Electronic Crimes Ordinance, 2007″ gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes.

The ordinance covers provision for illegal and criminal acts such as data access, data damage, system damage, electronic fraud, electronic forgery, spamming, spoofing, cyber terrorism etc.

Chapter II of the “Prevention of Electronic Crimes Ordinance, 2007″ deals with the Offences and Punishments. Punishments range from two years to death penalty. For the general guidance offences and punishments are mentioned below:

Section 3 of the “Prevention of Electronic Crimes Ordinance, 2007″ deals with criminal access: The said section states

Criminal Access: Whoever intentionally gains unauthorized access to the whole or any part of an electronic system or electronic device with or without infringing security measures, shall be punished with imprisonment of either description for a term which may extend to two years or with fine not exceeding three hundred thousand rupees, or with both.

Criminal Data Access is an Offence and Punishable.

Section 4 of the” Prevention of Electronic Crimes Ordinance, 2007“, states,

Criminal data access: Whoever intentionally causes any electronic system or electronic device to perform any function for the purpose of gaining unauthorized access to any data held in any electronic system or electronic device or on obtaining such unauthorized access shall be punished with imprisonment of either description for a term which may extend to three years or with fine or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 5 states:

Data Damage: Whoever with intent to illegal gain or cause harm to the public or any person, damages any data shall be punished with imprisonment of either description for a term which may extend to three years or with fine or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 6 states:

System Damage: Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system or electronic device by imputing, transmitting, damaging, deleting, altering, tempering, deteriorating or suppressing any date or services or halting electronic system or choking the networks shall be punished with imprisonment of either description for a term which may extend to three years or with fine or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 7 states:

Electronic fraud: Whoever for wrongful gain interferes with or uses any data, electronic system or electronic device or induces any person to enter into a relationship or with intent to deceive any person, which act or omissions is likely to cause damage or harm to that person or any other person shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine, or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 8 states:

Electronic Forgery: Whoever for wrongful gain interferes with data, electronic system or electronic device, with intent to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not shall be punished with imprisonment for a term which may extend to seven years, or with fine or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 9 states:

Misuse of electronic system or electronic device: Whoever produces, possesses, sells, procures, transports, imports, distributes or otherwise makes available an electronic system or electronic device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established under this Ordinance or a password, access code, or similar data by which the whole or any part of an electronic system or electronic device is capable of being accessed or its functionality compromised or reverse engineered, with the intent it be used for the purpose of committing any of the offences established under this ordinance, is said to commit of misuse of electronic system or electronic devices. Whoever commits the offence shall be punishable with imprisonment of either description for a term which may extend to three years, or with fine, or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 10 states:

Unauthorized access to code: Whoever discloses or obtains any password, access as to code, system design or any other means of gaining access to any electronic system or data with intent to obtain wrongful gain, do reverse engineering or cause wrongful loss to any other unlawful purpose shall be punished with imprisonment of either description for a term which may extend to three years or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 11 states:

Misuse of encryption: Whoever for the purpose of commission of an offence or concealment of incriminating evidence, knowledge and willfully encrypts any incriminating communication or data contained in electronic system relating to that crime or incriminating evidence, commits the offence of misuse of encryption shall be punished with imprisonment of either description for a term which may extend to five years or with fine or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 12 states:

Malicious code: Whoever willfully writes, offers, makes available, distributes or transmits malicious code through an electronic system or electronic device, with intent to cause harm to any electronic system or resulting in the corporation, distribution, alteration, suppression, theft or loss of data commits the offence of malicious code.

Provided that the provision of this section shall not apply to the authorized testing, research and development or protection of an electronic system for any lawful purpose.

Whoever commits the offence shall be punished with imprisonment of either description for a term which may extend to five years, or with fine or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 13 states:

Cyber stalking: Whoever with intent to coerce, intimidate, or harass any person uses computer, computer network, internet, network site, electronic mail or any other similar means of communication to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, picture or image, make any suggestion or proposal of an obscene nature, threaten any illegal or immoral act, take or distribute pictures or photographs of any person without his consent or knowledge, display or distribute information in a manner that substantially increases the risk of harm or violence to any other person, commits the offence of cyber stalking.

Whosoever commits the offence shall be punishable with imprisonment of either description for a term which may extend to seven years or with fine not exceeding three hindered thousand rupees, or with both.

Provided that if the victim of the cyber stalking is a minor the punishment may extend to ten years or with fine not less than one hundred thousand rupees or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 14 states:

Spamming: Whoever transmits harmful, fraudulent, misleading, illegal or unsolicited electronic messages in bulk to any person without the express permission of the recipient, or causes any electronic system to show any such message or involves in falsified online user account registration or falsified domain name registration for commercial purpose commits the offence of spamming.

Whoever commits the offence of spamming shall be punishable with fine not exceeding fifty thousand rupees if he commits this offence of spamming for the first time and for every subsequent commission of offence of spamming he shall be punished with imprisonment of three months or with fine, or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 15 states:

Spoofing: Whoever establishes a website, or sends an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source with intent to gain unauthorized access or obtain valuable information which later can be used for any lawful purposes commits the offence of spoofing.

Whoever commits the offence of spoofing specified shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 16 states:

Unauthorized interception: Whoever without lawful authority intercepts by technical means, transmissions of data to, from or within an electronic system including electromagnetic system carrying such data commits the offence of unauthorized interception. The punishment for the offence of unauthorized interception shall be imprisonment of either description for a term which may extend to five years, or with fine not exceeding five hundred thousand rupees or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 17 states:

Cyber terrorism: Any person, group or organization who, with terroristic intent utilizes, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism.

Whoever commits the offence of cyber terrorism and causes death of any person shall be punished with death or imprisonment for life, and with fine and in any other cause he shall be punishable with imprisonment of either description for a term which may extend to ten years or with fine not less than ten million rupees or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 18 states:

Enhanced punishment for offences involving sensitive electronic systems:

Whoever cause criminal access to any sensitive electronic system in the course of the commission of any of the offences established under this Ordinance shall in addition to the punishment prescribed for that offence, be punished with imprisonment of either description for a term which may extend to ten years, or with fine not exceeding one million rupees, or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 19 states:

Of abets, aids or attempts to commits offence: Any person who knowingly and willfully abets the commission of or who aids to commit or does any act preparatory to or in furtherance of the commission of any offence under this Ordinance shall be guilty of that offence and shall be liable on conviction to the punishment provided for the offence.

Any person who attempts to commit an offence under this Ordinance shall be punished for a term which may extend to one-half of the longest term of imprisonment provided for that offence.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 20 states:

Other Offences: Whoever commits any offence, other than those expressly provided under this Ordinance with the help of computer electronic system, electronic device or any other electronic means shall be punished in addition to the punishment provided for that offence, with imprisonment of either description for a term which may extend to two years, or with fine not exceeding two hundred thousand rupees or with both.

“Prevention of Electronic Crimes Ordinance, 2007″

Section 21 states:

Offences by corporate body.

A corporate body shall be held liable for an offence under this Ordinance of the offence is committed on its instructions or for its benefit. The corporate body shall be punished with fine not less than one hundred thousand rupees or the amount involved in the offence whichever is the higher Provided that such punishment shall not absolve the criminal liability of the natural person who has committed the offence.

Corporate body includes a body of persons incorporated under any law such as trust, waqf, an association, a statutory body or a company.