The National Cyber Emergency Response Team (National CERT) has issued an advisory to all public and private institutions across Pakistan, urging immediate and effective measures to safeguard citizens’ personally identifiable information (PII).
The advisory comes amid a sharp rise in incidents of data theft, identity fraud, and privacy violations in the country. National CERT warned that weak internal controls, outdated systems, unencrypted data transfers, installation of suspicious applications, and poor cyber hygiene practices have left organizations vulnerable to financial fraud, operational disruptions, reputational damage, and potential legal action.
According to CERT, the guidelines apply to every entity that collects, processes, stores, or transfers citizens’ personal data, whether operating on-premises, cloud-based, or hybrid infrastructures. The advisory emphasizes that protecting citizens’ personal data is not only a legal requirement under Pakistan’s Cyber Security Policy 2021 but also a matter of national security and public trust.
Institutions have been directed to classify data based on sensitivity, implement strict access controls, encrypt data both at rest and in transit, and ensure regular updates of all software and systems. Additional recommendations include adopting a secure development lifecycle, retaining data only as per legal requirements, establishing clear breach response protocols, and conducting regular third-party vendor audits.
In the long term, CERT has advised organizations to implement zero-trust principles, prepare disaster recovery plans, and conduct regular employee training and testing.
The advisory also urged citizens to remain vigilant in protecting their personal data. They have been advised to share identification documents only, when necessary, mark copies with a clear purpose of use (e.g., “For SIM Registration Only”), use strong and unique passwords for all important accounts, enable multi-factor authentication, and avoid sharing sensitive information with unverified service providers or downloading untrusted applications.
National CERT stressed that safeguarding personal data is not just a compliance matter but a strategic necessity. It called on both institutions and individuals to take urgent and serious steps to secure citizens’ data, defend Pakistan’s digital infrastructure, and restore public trust in the national cyber ecosystem.
 has issued an advisory to all public and private institutions across Pakistan, urging immediate and effective measures to safeguard citizens’ personally identifiable information (PII).){kind=link}