Latest news with #Law09-08
Morocco World
23-04-2025
- Politics
- Morocco World
Transparency Maroc: CNSS Data Breach Exposes Critical Flaws in Morocco's Cybersecurity
Doha – Transparency Maroc issued a statement on Monday expressing 'profound concern' over the massive data leak from the National Social Security Fund (CNSS), which has compromised the personal information of nearly two million individuals and approximately 500,000 registered businesses. 'The cyberattacks have led to widespread leaks of critical personal data in several government agencies, including the Ministry of Employment and the National Social Security Fund,' the anti-corruption watchdog stated. 'These leaks could destabilize and threaten social and national peace.' The NGO cautioned that this represents a grave violation, as 'the Constitution guarantees the protection of data, regulated by law 09-08 relating to the protection of individuals with regard to the processing of personal data.' The organization criticized the inadequate response from the affected institutions, pointing out they chose 'threat and intimidation' instead of reassuring users and offering apologies. 'The ministers concerned who chair the boards of directors have not made themselves heard,' Transparency Maroc noted. The data breach, which occurred earlier this month, is considered Morocco's most substantial cybersecurity incident to date. The attack exposed highly sensitive personal information including full names, national ID numbers, passport details, email addresses, phone numbers, salary information, and banking credentials. According to cybersecurity experts, the breach reveals serious vulnerabilities in the country's digital infrastructure. Outdated systems, inadequate staff training, and insufficient governance frameworks have all contributed to creating an environment where such attacks can succeed. Transparency Maroc has called for greater accountability and transparency regarding the incident. The organization is demanding public disclosure about 'the strategy of public authorities regarding information systems security' and the quality of personal data protection at the national level. Read also: Kaspersky: Morocco Ranks High Among Top Targets for Cyberattacks in Africa The anti-corruption group has also demanded the revelation of 'those responsible who authorized certain service providers to perform consulting, assistance, training, software and security hardware sales in addition to the audit mission, which constitutes an obvious conflict of interest.' Additionally, it sought information about 'the results of the tender offer No. 15/2021, dated August 2021, related to supporting the National Social Security Fund in complying with the requirements of Law 09-08,' which they noted should have been legally published on the Fund's website. Experts point out that the breach highlights the urgent need for comprehensive cybersecurity measures. Regular security audits, staff awareness programs, and robust data classification systems are essential components of an effective defense strategy. The implementation of advanced technologies, including artificial intelligence-based threat detection systems, could also help prevent similar incidents in the future. The incident has also raised questions about the effectiveness of Morocco's cybersecurity infrastructure despite the country's reputation for having strong digital defenses. While the General Directorate of Information Systems Security (DGSSI) and the National Commission for the Control of Personal Data Protection (CNDP) have been praised for their work in establishing regulatory frameworks and raising awareness, the breach demonstrates that crucial vulnerabilities remain. Transparency Maroc concluded its statement by calling on 'the government to publish the results of investigations into these important matters with full transparency in the interest of all concerned parties.'
Morocco World
22-03-2025
- Politics
- Morocco World
Morocco's Data Protection Authority to Examine Privacy Concerns in Video Surveillance
Rabat – Morocco's National Commission for the Protection of Personal Data (CNDP) has announced plans to hold hearings to establish regulations that protect privacy in the use of video surveillance. In a statement released on Friday, the CNDP explained that this initiative aims to ensure a unified interpretation of Law 09-08, which governs the protection of personal data. The commission seeks to engage all stakeholders involved in video surveillance to establish clear guidelines and safeguards. 'The use of video surveillance is now a key issue, covering various aspects such as the protection of public and private spaces, the recording of events for research or security purposes, and risk prevention,' the statement noted. The CNDP noted that approaches to video surveillance differ worldwide, depending on each country's legal framework, cultural norms, and security needs. For instance, the use of technologies like facial recognition in public spaces raises ongoing questions about necessity, acceptability, and risks to personal data protection, the data protection authority noted. The commission noted the need for careful and balanced discussions that respect constitutional values, public interest, and citizens' rights. It called for a thoughtful approach to integrating new surveillance technologies while safeguarding privacy. CNDP's statement comes after reports suggested that Rabat is set to install 4,000 AI-powered cameras with facial recognition capabilities by the end of 2025. The project aims to enhance security, especially ahead of major events like the 2025 Africa Cup of Nations and the 2030 World Cup. The new system is set to include advanced cameras, automatic license plate recognition, and AI to monitor behavior patterns in real-time. However, the project, especially the use of facial recognition technology, has raised concerns about mass surveillance and the ability to track individuals without their consent. Many worry that this technology could be used to monitor everyday activities and potentially violate citizens' privacy in public spaces. Tags: data protectionsurveillance cameras
