name: LAIBA

roll no: Fa23 bcs 211

submitted to: Usman Nasir

Contents
1. Introduction..................................................................................................................................1
2. Information Security Laws and Policies in Pakistan (Mezzera,2010)............................................1
Implementation and Challenges...........................................................................................................2
3. Comparison of Cybersecurity Laws: Pakistan, UK, and US(Luiijf,2013).......................................2
4. Cybersecurity Agencies in Pakistan(Saeed,2010)............................................................................3
Comparison with UK and US Cybersecurity Agencies..........................................................................4
5. Case Study: Cybercrime in Pakistan...............................................................................................4
6. Conclusion and Recommendations......................................................................................................4
7. References..........................................................................................................................................5
 1. Introduction

The necessity of information security has increased dramatically with the speed at which technology is
developing. Cybercrime, data breaches, identity theft, and illegal access are some of the new issues
brought about by the growth of industry, the internet, and digital services. As a result, governments
everywhere have put laws, regulations, and policies in place to protect digital assets and guarantee
cybersecurity.

In order to handle cybersecurity risks, safeguard people and institutions, and maintain national security,
Pakistan, like many other countries, has created a legal framework. The purpose of this project is to
compare Pakistan's information security laws and policies to those of the US and the UK. The goal is to
evaluate Pakistan's cybersecurity environment and make suggestions for improving the country's law
and enforcement systems.

2. Information Security Laws and Policies in Pakistan

(Mezzera,2010)
To control information security, stop cybercrimes, and safeguard digital assets, Pakistan has passed a
number of laws and regulations. Among the most important rules are:

1. The PECA, or Prevention of Electronic Crimes Act 2016

The foundation of Pakistan's cybersecurity laws is PECA 2016. It makes a number of online crimes illegal,
such as hacking, interfering with systems and data, impersonation, fraud, and cyberterrorism. The act
gives law enforcement the power to look into and bring charges against criminals. PECA, however, has
come under fire for having ambiguous definitions that could be abused to restrict free speech and
internet activism.

2. Personal Data Protection Bill 2023

The goal of the Personal Data Protection Bill, which is presently being reviewed, is to control how
personal data is gathered, processed, and stored. Similar to international data protection standards like
the General Data Protection Regulation (GDPR) of the European Union, organizations will have to
guarantee data privacy and adhere to legislation. Pakistan does not, however, have a comprehensive
data privacy law because the bill has not yet been put into effect.

3. Official Secrets Act 1923

This law limits illegal access and disclosure, protecting sensitive government data. Despite being meant
for national security, it has come under fire for restricting journalistic freedom and transparency.

Implementation and Challenges

Pakistan has cybersecurity rules in existence, although they are difficult to execute because of:

people' ignorance of the legal safeguards and cybersecurity concerns.

shortage of qualified workers in regulatory and law enforcement organizations.
inadequate enforcement of regulations, which makes it challenging to hold hackers responsible.
gaps in data protection legislation that do not adhere to global privacy norms such as the GDPR.
Pakistan has to raise public awareness, increase law enforcement capabilities, and align its policies with
global best practices in order to fortify cybersecurity.

3. Comparison of Cybersecurity Laws: Pakistan, UK, and

US(Luiijf,2013)
Many countries have established cybersecurity laws to protect citizens and organizations from digital
threats. A comparative analysis of Pakistan’s legal framework with those of the UK and the US reveals
similarities and differences.

Aspect Pakistan (PECA, Data UK (Computer Misuse US (CFAA, HIPAA)

Protection Bill) Act, Data Protection
Act 2018)
Cybercrime Laws PECA 2016 Computer Misuse Act Computer Fraud and
1990 Abuse Act (CFAA) 1986
Data Protection Personal Data Data Protection Act No federal law (state-
Protection Bill 2018 (GDPR-aligned) level regulations exist)
(Proposed)
Privacy Laws Limited provisions Strong GDPR-based HIPAA (focuses on
protection health data)

Key Observations

Pakistan’s PECA 2016 is similar to the Computer Misuse Act 1990 (UK) and the CFAA (US) in defining
cybercrimes.

The UK and US have stronger data protection laws, while Pakistan’s Personal Data Protection Bill is still
in the proposal stage.

Pakistan lacks robust privacy protections like the UK’s GDPR-aligned Data Protection Act 2018 and the
US’s HIPAA (for medical data).
Pakistan’s enforcement mechanisms are weaker than those in the UK and US due to resource
constraints and lack of cybersecurity expertise.

To strengthen cybersecurity, Pakistan must update its privacy laws, enhance enforcement capabilities,
and align with international standards.

4. Cybersecurity Agencies in Pakistan(Saeed,2010)

Pakistan has established several agencies to oversee cybersecurity, investigate cybercrimes, and provide
digital security solutions.

1. National Cyber Crimes Investigation Agency (NCCIA)

Investigates cybercrimes under PECA 2016.

Focuses on offenses such as hacking, identity theft, impersonation, and online fraud.

Succeeds the Cybercrime Wing of the Federal Investigation Agency (FIA).

2. Pakistan Computer Emergency Response Team (PKCERT)

Handles cybersecurity incidents and cyberattack mitigation.

Provides guidance to government and private organizations on cybersecurity best practices.

Works to minimize cyber threats and enhance digital security awareness.

3. National Centre for Cyber Security (NCCS)

Focuses on cybersecurity education and research.

Collaborates with universities and research institutions to improve Pakistan’s cybersecurity defenses.

Comparison with UK and US Cybersecurity Agencies

Aspect Pakistan (NCCIA, UK (NCSC) US (FBI Cyber Division,
PKCERT, NCCS) CISA)
Cybercrime NCCIA (Limited NCSC FBI Cybercrime Division
Investigation resources)
Cybersecurity PKCERT (Developing NCSC (Highly CISA (Federal
Response capacity) advanced) cybersecurity
response)
Research & NCCS (Limited role) NCSC (Government- NSA & private sector
Development funded research) collaboration

Pakistan’s cybersecurity agencies are making progress but lack the advanced resources, global
partnerships, and enforcement capabilities of their UK and US counterparts. Strengthening cybersecurity
infrastructure, training personnel, and increasing international collaboration can improve Pakistan’s
cybersecurity posture

5. Case Study: Cybercrime in Pakistan

One notable cybercrime case in Pakistan involved online harassment and digital rights violations. The
Digital Rights Foundation (DRF), founded by Nighat Dad in 2016, established a Cyber Harassment
Helpline to support victims of online abuse.

Key Issues Identified

Victims reported blackmail, identity theft, and unauthorized data sales.

PECA 2016 was intended to address such crimes, but enforcement remains weak due to slow
investigations and lack of trained personnel.

Lessons Learned

Stronger enforcement is needed to ensure timely justice.

Public awareness campaigns should educate citizens on cybersecurity risks and legal protections.

Specialized training for law enforcement agencies can improve their ability to handle digital crimes.

This case highlights the need for legal reforms and improved cybersecurity frameworks to address
modern digital threats effectively.

6. Conclusion and Recommendations

Pakistan has made progress in cybersecurity through PECA 2016 and the establishment of agencies like
NCCIA and PKCERT, but enforcement challenges and privacy gaps remain.

Recommendations for Improvement

Enhance Enforcement Mechanisms – Strengthen cybersecurity agencies and provide them with
advanced tools and training.

Improve Public Awareness – Launch national campaigns to educate citizens on cybersecurity risks and
best practices.

Adopt International Standards – Align data protection laws with GDPR and develop stronger privacy
regulations.

Increase Global Cooperation – Collaborate with international cybersecurity agencies to enhance

knowledge-sharing and enforcement capabilities
7. References
Mezzera, M., & Sial, S. (2010). Media and Governance in Pakistan: A controversial yet essential
relationship. Initiative for Peace Building.

Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen national cyber security strategies. International
Journal of Critical Infrastructures 6, 9(1-2), 3-31.

Saeed, R. (2021). Digital autocratization of Pakistan. In Routledge Handbook of Autocratization in South

Asia (pp. 162-172). Routledge.