PECA Act 2016: Taxpayers’ data declared as ‘Critical Infrastructure’

ISLAMABAD: The Federal Board of Revenue (FBR) has declared taxpayers’ data as “Critical Infrastructure” and any damage, leakage, unauthorized access or misuse of data by the tax officers/officials would result in imprisonment/fine.

In this regard, the FBR has issued instructions to the field formations here on Tuesday.

The FBR has also warned tax officials that Prevention of Electronic Crimes Act (PECA) 2016 has prescribed severe punishments for those who copy, access, or interfere with information systems or taxpayers’ data declared as “Critical Infrastructure” in an un-authorized manner.

Privacy of taxpayers’ data: FBR fails to defend a case before FTO

According to the FBR, the Cabinet Division, vide its memorandum has conveyed the approval of Cabinet to declare FBR’s infrastructure as “Critical Infrastructure” as defined under sub section (x) of section 2 of the Prevention of Electronic Crimes Act (PECA) 2016.

In view of the above approval/decision of the Cabinet, FBR declares its IT infrastructure including “data centers, applications, and systems” of FBR that host taxpayers data as “Critical Infrastructure” under the PECA Act 2016 as a measure of deterrence of potential offenders who may try to breach FBR systems.

The PECA Act 2016 prescribes severe punishments for those who copy, access, or interfere with information systems or data declared as “Critical Infrastructure” in an un-authorized manner. Any damage, leakage, unauthorized access, or misuse of data shall result in legal proceedings against the responsible person(s) under the provisions of PECA 2016, which may lead to imprisonment, a fine, or with both as provided under Chapter-II of the PECA 2016. Accordingly, all relevant authorities/persons are directed to ensure compliance and implement necessary security measures to protect “Critical Infrastructure” of FBR, FBR added.

Copyright Business Recorder, 2025