PAKISTAN Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, S.U.Khan Associates
ister” in connection with controlling unsolic - ited calls. The operators are further required to ensure registration of telemarketers. The Draft Bill provides that data subjects must not be subjected to automated decision-making, including profiling that presents significant harm to data subjects. 4.3 Employment Privacy Law Pakistan has no specific law concerning work - place privacy. The Draft Bill provides that sen - sitive personal data may be processed by a data controller for the purposes of exercising or performing any right or obligation conferred or imposed by law on the data controller in connec - tion with employment. The Public Interest Disclosures Act, 2017 gov - erns the mechanism for public interest disclo - sures and protection of persons making such disclosures (related to the prevention of corrup - tion in public sector organisations). Anonymous or pseudonymous disclosures are not consid - ered under said Act. The identity of the complain - ant is to be protected unless required otherwise. The Act provides protection to the complainant against any victimisation on the ground that they made a disclosure. A complainant is considered victimised if they are:
Said Act also provides for due protection of the complainant, witness or any other person ren - dering assistance for an inquiry. The Securities and Exchange Commission of Pakistan (SECP) has issued the Listed Com - panies (Code of Corporate Governance) Regu - lations, 2019 (the “Code”). The Code requires that listed companies’ boards of directors main - tain a whistle-blowing policy, by establishing a mechanism to receive and handle complaints in a fair and transparent manner while providing protection to the complainant against victimi - sation. The Code requires that the chief execu - tive officer of a listed company place “reports on/synopsis of issues and information pursued under the whistle-blowing policy, clearly dis - closing how such matters were dealt with and finally resolved or cancelled”, before the board of directors or before the committee of the board of directors. Matters pertaining to the role of labour organi - sations, e-discovery issues, use of digital loss- prevention technologies and scanning/blocking websites at a workplace are not dealt with under the Draft Bill or under any other law. 4.4 Transfer of Personal Data in Asset Deals In the course of asset deals, personal and sensi - tive data of individuals involved in the transac - tion may be processed or exchanged. The buy - er must obtain consent from data subjects for processing their personal data, such as names, addresses, identification documents and bio - metric information (eg, fingerprints), solely for purposes related to negotiating, drafting and concluding the deal. The collection of personal data must be limited to what is strictly necessary for the transaction,
• dismissed; • suspended; • denied promotion; • demoted; • made redundant;
• harassed; • intimated;
• threatened with any of the above matters; or • subjected to discriminatory or other adverse measures by their employer or by a fellow employee.
339 CHAMBERS.COM
Powered by FlippingBook