A short glance at cyber law and data security in Nepal              

Cyber law is a relatively new legal area in Nepal that covers a broad range of topics emphasising cyber security and data privacy. The law is extended to the devices used to access the internet, including computers, cell phones, email, websites, data storage devices, software, and hardware. It regulates the communications, privacy, freedom of expression, and intellectual property of internet users. These laws protect individuals and businesses that use the internet and establish penalties for people and groups that commit cybercrime.

Data security is the practice of safeguarding digital information from unauthorised access, accidental loss, disclosure and modification, manipulation or corruption throughout its entire lifecycle, from creation to destruction. This practice is key to maintaining the confidentiality, integrity and availability of an organisation’s data. Confidentiality refers to keeping data private, integrity to ensuring data is complete and trustworthy, and availability to providing access to authorised entities.

Historical development of cyber law and data security in Nepal

The development of cyber law and data security in Nepal follows technological advancements, legal reforms, and the increasing rate of digitalisation. Here are key periods in the historical development of cyber law and data security in Nepal:

Early Years (Pre-2000s):

• In this period Nepal initially did not have specific legislation related to cybercrime and data security
• The focus was only on traditional laws related to crimes like fraud, defamation, and intellectual property violations, which were sometimes applied to cyber activities.

Emergence of Cybercrime (Early 2000s):

• With the growth of internet usage and advanced technology adoption in Nepal in the early 2000s, incidents of cybercrime such as hacking and online fraud started to emerge.
• The absence of specific laws and regulations addressing these crimes led to challenges in data security and the digital world.

Legal Framework Development (Mid-2000s to 2010s):

• In response to increasing cyber threats and challenges and the need for a legal framework, Nepal began developing its cyber law framework.
• The Electronic Transactions Act (ETA) 2063 (2008) was a significant law that recognised electronic records and digital signatures, providing a foundation for e-commerce and online transactions.
• The ETA also included provisions related to cybercrime, defining offences such as unauthorised access to computer systems and data, hacking, and computer data security.

Data Protection and Privacy (2010s onwards):

• Concerns over data protection and privacy grew with the increase of internet usage and online platforms became more popular in Nepal.
• In 2019, Nepal introduced the Information Technology Bill, which aimed to update and consolidate existing laws related to information technology, including provisions for data protection and cyber security.
• The bill includes measures for protecting personal data and outlines responsibilities for handling such data.

Current Trends and Challenges:

• Nepal continues to cope with challenges and focus on capacity building in cyber law enforcement, ensuring meeting international standards, and addressing cyber threats effectively.
• There is ongoing development regarding additional legislation and regulatory frameworks to address emerging issues such as social media regulation, cyber security standards and protection against online harassment.

Importance of cyber law and data security

Regulation of Internet Use: Cyber laws and data security practices regulate internet use, including online content, electronic contracts, digital signatures, and electronic communication. These regulations ensure that the internet remains a safe and reliable platform for global internet communication and commerce

Promotion of Trust: Cyber laws and data security practices foster trust between businesses and consumers. When individuals feel confident that their data is safe, they are more likely to engage in online transactions and share information with individuals and organisations.

Promotion of International Cooperation: Cyber laws and data security promote international cooperation and collaboration to fight against cyber crimes that span across borders. They provide a framework for countries to work together in investigating and prosecuting offenders.

Protection of Personal Information: Cyber laws and data security ensure that with increasing digital transactions and data sharing, personal information such as financial details, medical records, and identity information are protected from unauthorised access, theft, and misuse.

Prevention of Cybercrimes: Cyber laws and data security establish guidelines and penalties for various cybercrimes such as hacking, phishing, identity theft, and cyberbullying. They help in deterring criminals and prosecuting those who commit such offences.

Cyber security Preparedness: Cyber laws and data security laws often require organisations to implement cyber security measures and protocols to protect against potential threats. This proactive approach helps in minimising the risk of data breaches and cyber-attacks.

Business Security: Cyber laws and data security laws and regulations ensure that businesses implement measures to protect sensitive company and customer information. This includes safeguarding financial records, trade secrets, and proprietary information from breaches and theft.

Legal Framework: Cyber laws and data security provide a legal framework for their development, deployment, and use while ensuring they are secure and do not infringe on individual rights as  new technologies such as artificial intelligence(AI)

Challenges in cyberlaw and data security practices in Nepal

Awareness and Education:

• There is a general lack of awareness among the public, businesses, and government officials about cyber law data security risks, and legal obligations. It is required to promote cyber security awareness through education programs, training workshops, and public awareness campaigns

Technologies and Security Risks:

• The rapid adoption of emerging technologies such as artificial intelligence (AI), cloud computing, Internet of Things (IoT), and blockchain introduces new cyber law and data security risks. Addressing security challenges associated with IT requires proactive measures and adaptation of new laws and regulations.

Capacity Building and Institutional Framework:

• Building capacity and institutional frameworks, such as national cyber and data security strategies, and cyber and data security training centers, requires sustained investment and commitment. Strengthening public-private partnerships and collaboration with educational institutions and civil society can foster innovation and capacity building in cyber security.

Legal Harmonisation: It is essential yet challenging to ensure coordination and consistency between different legal frameworks related to cyber issues, including criminal law, electronic transactions, intellectual property, and privacy. However, balancing regulations with international standards and best practices can facilitate international cooperation and enhance legal certainty for businesses and stakeholders.

International Cooperation and Cyber Diplomacy:

• In this age of globalisation, cyber threats can go beyond national borders, which requires international cooperation and collaboration in cyber law enforcement, information sharing, and policy development. Such cyber diplomacy efforts and active participation in international forums and agreements can enhance Nepal’s cyber security and response capabilities.

Limited Enforcement Capacity:

• There is a lack the technical expertise, resources, and training in law enforcement agencies in Nepal that is necessary to effectively investigate and prosecute cybercrime. There is a gap in digital capabilities and cybercrime activities, which affects on timely and effective responses to cyber incidents.

Lack of Comprehensive Legislation:

• Nepal’s existing cyber laws, such as the Electronic Transactions Act (ETA) and the Information Technology (IT) Act, cannot fully address modern cyber threats, data protection issues, and international cybercrime cooperation. There is a need for updated legislation that covers emerging IT, cyber security standards, threats and data privacy in electronic transactions.

Immerging technologies

Biometrics and Authentication Technologies:

• Biometric authentication methods, such as fingerprint scanning and facial recognition, are being adopted for security in digital transactions and access control systems. Privacy laws and regulations governing the collection, storage, and use of biometric data are essential to protect individuals’ privacy rights.

Artificial Intelligence (AI):

• AI can be used for threat detection, anomaly detection in network traffic, and improving incident response times. Here accountability for AI-driven decisions, data privacy implications of AI algorithms, and regulatory frameworks for AI technologies are evolving areas.

Internet of Things (IoT):

• IoT devices are increasingly used in Nepal, from individuals to organisations, which reduces attacks for cyber threats. Ensuring IoT device security, data encryption, and protection against unauthorised access are critical issues addressed through cyber security regulations.

Blockchain Technology:

• Blockchain can be used for secure transactions, smart contracts, and decentralised data storage, enhancing data integrity and reducing the risk of fraud. Blockchain applications may influence how data is stored and verified, potentially impacting data protection laws and regulations in Nepal

Cloud Computing:

• Cloud services are gaining popularity among businesses and government agencies in Nepal for data storage, processing, and collaboration. Regulations and contracts governing data sovereignty, data residency requirements, and data access controls are essential for ensuring data security in cloud environments.

Education and Awareness:

• Efforts are made to enhance cyber security skills and awareness among stakeholders, including government officials, businesses, and the general public. programs on emerging technologies and their cyber security implications help prepare professionals to address evolving cyber threats effectively.

Cyber Law and Policy Development:

• Nepal is working towards updating its cyber laws and policies to address emerging technologies’ challenges and opportunities. This collaboration with international organisations and regional partners helps in adopting best practices and standards in cyber security and data protection.