Respect for data privacy and internet security is not well understood in Zimbabwe. The government is a major culprit in this crime of ignorance. Two years ago, the voter’s roll was accessed by some unscrupulous folks who just dumped the whole darn thing on the internet full of our names, ID numbers and residential addresses.
Since then the voters’ roll is being used in an unintended way by some businesses including several banks which we will not name. They are using it to do KYC verification et al. However, when we registered as voters we never signed up for that data to be used in that way let alone by private corporations.
Yes, it wasn’t the Zimbabwe Electoral Commission nor the government that uploaded the roll onto the internet (at least we don’t think so) but ultimately it was their responsibility to ensure whoever was entitled to a copy of the document treated that data with absolute integrity and they should have investigated the breach. It doesn’t seem they investigated anything. That’s because appreciation for these issues is quite low.
Now the government has exposed its employees
We will of course not share a link! However, we can explicitly say that the Public Service Commission, the ’employer of all government workers (civil servants),’ has exposed sensitive data of their employees on the internet.
This information is in a PDF document titled:
MEMBERS ON THE SSB PAYROLL WITHOUT BIOMETRIC DATA
This is a 223 paged document with lists of civil servants showing their full names, their employment ID numbers, national ID numbers and where they work (the specific institution and district). This is gold mine information for all sorts of scammers and phishers.
Here is what the lists look like:
This document is a record of employees who for some reason have not yet had their biometric information entered into the government’s new database for such. If they don’t respect the integrity of personal information like this, should they be trusted with even more personal data: biometric data?
How did we come to know this?
We were doing a Google search on some individual we were interested in. One click led to another and viola!
To be honest, it wan’t one click leading to another, it was easier than that.
Cybersecurity bill is in the works
The Parliament of Zimbabwe is currently working on a Cybersecurity and Data Privacy bill. When the bill gets into law, the government will probably be found to be the biggest violator of the law.
Of course the disappointment about the whole bill is that senior government officers only ever bring it up in connection with nuzzling social media. The bigger problem is throwing people’s personal information all over the internet like this