Myanmar Government’s policy and plans on data protection, transfer and storage Presentation at Myanmar Digital Rights Forum 2019 Read more: https://www.myanmar-responsiblebusiness.org/news/digital-rights-forum-2019-report.html

1. Myanmar Digital Rights Forum 2019
Data Protection: balancing convenience, privacy and security
Date: 19th January 2019 Place: Yangon
U Yan Naung Soe
Assistant Director
Department of Information Technology and Cyber Security
Government’s policy and plans on data protection, transfer and storage

2. 1. Objectives of Presentation
2. ICT Status in Myanmar
3. Organization Structure of Telecom Sector and ITCS
4. Vision, Mission, Duties and NCSC’s Awareness Program
5. ICT Laws in Myanmar
6. Does Myanmar need Cyber Law?
7. Myanmar Cyber Law (Draft)
8. Challenges
9. Conclusion
2
Outlines of Presentation

3. qTo share Government’s policy and plans on data
protection, transfer and storage
1. Objectives of Presentation
3

4. 2. ICT Status of Myanmar
4
• In Myanmar internet service was introduced in 2000.
• Four Nation wide Integrated Telecom Operators in Myanmar
Ø MPT-KSGM JO
Ø Telenor Myanmar Ltd
Ø Ooredoo Myanmar Ltd
ØMytel
• Telephone Density 110%, Smart Phone Usage 80%
• Mobile Network Coverage 85 ~ 90 %
• More than seven International Internet Gateways.
• International Internet Backbone Capacity is more than 350 Gbps.
• ISP (MPT KSGM, TML, OML, Yatanarpon, MyanmarNet, 5BB, Fortune,
Skynet, Frontier, etc.)

5. Posts & Telecom
Dept (Regulator)
Dept of Information
Technology and
Cyber Security
Ministry of Transport and Communications (MoTC)
Deputy Minister 1
Myanmar Telecom
(Telecom Operator)
Myanmar Posts
(Postal & Telegraph
Service)
Transport Sector (Road/ Railway/
Maritime/ Air Transports) Communications Sector
Deputy Minister 2
3. Organization Structure of MOTC (Comm: Sector)
5

6. Admin &
Finance
Dept
Training
Center
E-Govt
Dept
Legal, IR &
Information
National Cyber
Security Center
(NCSC)
Satellite
Comm:
Dept
Operations Dept
Information
Security Dept
Security
Audit Dept
mmCERT
Information Technology and Cyber Security Department
6
3. Organization Structure of ITCSD

7. qTo monitor, observe, audits, alert, analyze, prevent and
provide the technical advisory concern with cyber
security, cyber incidents and cyber threats.
7
4. Vision and Mission of NCSC
qTo create the environment where all ministries can
provide online services securely and all citizens can
access E-government services safely.
Vision of NCSC
Mission of NCSC

8. vDuties and responsibilities of Operation Department are to
monitor the cyber security of IXP, ISP, .mm domain, govern-
ment websites and critical information infrastructure.
vDuties and responsibilities of mmCERT are to disseminate
security information and advisories, to provide technical
assistance to the necessary organizations such as
Government agencies, ISP and finance sectors, emergency
response plan, research & development, to develop web
engineering and to cooperate with law enforcement
organizations to track and trace cyber crimes .
8
4. Duties and Responsibilities of NCSC

9. NCSC’s Awareness Program
9

10. NCSC’s Awareness Program
10

11. § mmCERT participated ACID (ASEAN CERT Incident Drill) and APCERT
Drill
§ NCSC trained staffs in local and international cyber security trainings
§ Cyber Security Fundamental Courses were opened annually in ITCSD
Training Center
§ NCSC holds Coordination Meetings for Cyber Security
NCSC’s Capacity Building and Awareness Raising Program
11

12. v NCSC conducted Cyber Security Awareness Program in ICT Exhibition
(2017, 2018)
v NCSC conducted Myanmar Cyber Security Competition (2018)
v NCSC participated in Myanmar Youth Development Festival (2018) for
cyber security awareness
v Myanmar also participated the 9th Singapore Cyber Conquest in
September 2018.
v US-UAGO Transnational Crime Program (2018)
v Cyber BayKin (with Australia Embassy and MOTC) (2018) 12
NCSC’s Capacity Building and Awareness Raising Program

13. E-Government Conference and ICT Exhibition (2017)
13

14. E-Government Conference and ICT Exhibition (2017)
14

15. Cyber Security Awareness at University of IT (2017)
15

16. Cyber Security Challenge Competition (2018)
16

17. 17
Myanmar Youth Development Festival (2018)

18. 18
Myanmar Youth Development Festival (2018)

19. 19
9th Singapore Cyber Conquest (2018 Oct)

20. US-UAGO Transnational Crime Program (2018)
20

21. Cyber Bay Kin: Secure a Digital Myanmar (2018 )
21

22. 22
Coordination Meetings for Cyber Security

23. v Computer Science Development Law (1996)
v Electronics Transaction Law (2004)
v Telecommunications Law (2013)
v Cyber Law (Draft)
5. ICT Laws in Myanmar
23

24. qICT sector is developing very fast in Myanmar.
qE-Government Services are accelerating.
qOnline shopping is popular among youths.
qE-Commerce becomes booming in Myanmar.
qMore cyber attacks and incidents occurs in Myanmar.
qCyber Crimes are rising in Myanmar.
qExisting Laws can’t solve all the cyber related crimes.
qMost of ASEAN member states enacted cyber law.
6.Does Myanmar need Cyber Law ?
24

25. v Department of Information Technology & Cyber Security
v Posts & Telecommunication Department
v MOHA / Myanmar Police Force
v Union Attorney General Office
v Ministry of Education/ University of Computer Studies
v Myanmar Computer Federation (MCF)
v Civil Society Organizations (CSO)
Concerning Stakeholders of Cyber Law Drafting
25

26. v Budapest Convention on Cyber Crime
v India IT Act 2000
v Singapore Cyber Act 2018
v Japan Cyber Law
Cyber Law shall cover the following area:
1. Cyber Security & Cyber Crime
2. E-Governance
3. E-Commerce
Reference and Coverage of Cyber Law
26

27. qDefinitions
qObjectives
qCyber Security Committee
qLicensing of Cyber Security Service Provider
qCritical Information Infrastructure Protection
qPersonnel Data Protection
qResponse and Investigation of Cyber Security Threats and Incidents
qSocial Media
qE-Governance
qE-Commerce
qOffences
qGeneral
7. Myanmar Cyber Law (Draft)
27

28. üLack of Cyber Security Master Plan, Law and Regulation,
üInsufficient human resources in terms of quality and quantity.
üLimited budget to implement the cyber security infrastructure.
üLack of public’s awareness for cyber security and data protection.
üNot clearly defined the roles and responsibilities between NCSC and
Cyber Crime Division of Myanmar Police Force.
8. Challenges
28

29. 9. Conclusion
29
§ Knowledge sharing between inter ministries and CSO.
§ Capacity Building (Local & International)
§ Cooperation and coordination between inter ministries and CSO.
§ Cyber Security and Cyber Crime Awareness Raising Programs
§ Implement the necessary cyber security systems at Telecom Operators,
ISP and Data Centers
§ 24x7 monitoring the cyber attacks and incidents
§ Cooperation with local, regional and international organizations

30. Thank you so much.
30
yannaungsoe@ncsc.gov.mm