Pakistan’s new data governance policy is a significant step for ordinary citizens. For the first time, people will have a legal right to see what personal information the government holds about them, who looked at it, and for what reason. The Ministry of Information Technology and Telecommunication has issued the National Data Governance Policy, which sets up a nationwide framework for how public institutions collect, store, share, and dispose of data.
What the Data Governance Policy Actually Says
The policy covers all federal ministries, government departments, statutory bodies, public-sector organisations, and even private contractors that handle government data. In simple words, if you have ever given your information to a government office, this policy applies to the people who hold it.
One of the biggest changes is that government data will no longer be treated as the property of individual departments. Instead, public institutions will be responsible for that data as custodians, holding it in trust on behalf of citizens. They must keep it accurate, use it lawfully, and share it only in a controlled way.
New Rights for Citizens Under the Data Governance Policy
The rights this policy creates are worth understanding clearly. Here is what citizens will now be able to do:
- Ask what data the government holds about them. You can request a full picture of the personal information any government body has on file.
- Find out who accessed their data. You can ask which official or department looked at your records, when they did so, and why.
- Correct wrong information. If a government record about you is incorrect or incomplete, you can request a fix.
- Request deletion. In certain situations, you can ask for your personal data to be removed entirely.
- Get your data in a usable format. Citizens can obtain their information in structured, machine-readable formats, which means the data can be read and used by software, not just printed on paper.
- Complain if something goes wrong. Government agencies will be required to provide a clear complaint process so citizens have somewhere to turn if their data rights are not respected.
The ‘Once-Only’ Rule and Stricter Privacy Standards
The policy also introduces what it calls a ‘once-only’ principle. This means you should not have to give the same information to different government departments over and over again. If one agency already has your details in an authorised system, another agency should be able to access them through proper channels instead of asking you to fill out the same forms again.
On privacy, the rules are stricter than before. Consent to use personal data must be specific and informed, and citizens must be able to withdraw that consent. The policy also sets stronger protections for sensitive personal information and for children’s data. Government agencies will also need to build privacy protections into digital systems from the very beginning of their design, not add them as an afterthought later.
Who Will Enforce the Data Governance Policy?
The Pakistan Digital Authority (PDA) will be the main body responsible for making this policy work. Established under the Digital Nation Pakistan Act 2025, the PDA is already Pakistan’s central institution for digital governance and transformation. Under this new policy, it will set up a National Data Governance Council that includes representatives from federal and provincial governments, regulators, and other stakeholders. The council will monitor whether government institutions are actually following the rules.
Every federal institution will also be required to appoint a Chief Data Officer (CDO). This person will be responsible for making sure their organisation follows the national data governance framework, keeps data accurate, and shares it only when it is lawful to do so. The government also plans to publish the annual data governance performance of all federal institutions, so the public can see how each agency is doing.
The PDA will also oversee the National Open Data Portal and the National Data Exchange Platform, and maintain a National Data Catalog to improve coordination and transparency across government departments.
Why This Matters for Pakistani Citizens
Pakistan’s public sector holds some of the largest and most sensitive datasets in South Asia. NADRA alone holds biometric data for hundreds of millions of people. Yet until now, there has been no clear framework telling citizens what their rights are when it comes to government-held data, or giving them a way to challenge how it is used.
This policy is meant to change that. Officials say the goal is to strengthen digital governance, improve public service delivery, protect privacy, and build public trust as the country moves deeper into its digital transformation journey.
The policy is still subject to Cabinet approval and official publication in the Gazette before it takes full effect. But the direction is clear: data about citizens should be governed for the benefit of those citizens, not just the departments that happen to hold it.
For context on how Pakistan’s broader digital push is taking shape, the data governance policy sits alongside other major moves, including the Pakistan Digital Authority’s growing role in regulating everything from open data to national digital infrastructure.
Frequently Asked Questions
What is the National Data Governance Policy in Pakistan?
It is a policy issued by the Ministry of IT that creates a national framework for how government bodies collect, store, share, and dispose of data. It also gives citizens new rights over their personal information held by public institutions.
Can Pakistani citizens now see who accessed their personal data?
Yes, under the new data governance policy, citizens can request details about who accessed their data, when it was accessed, and why. They can also ask for corrections or deletion of their personal records.
Who will oversee the data governance policy?
The Pakistan Digital Authority (PDA) will oversee the policy. It will set up a National Data Governance Council and monitor compliance across all federal government institutions. Each federal body will also need to appoint a Chief Data Officer.
When does the policy come into effect?
The National Data Governance Policy is expected to take effect after receiving Cabinet approval and being published in the official Gazette. No exact date has been announced yet.