Cerdas Digital (1)

CERDAS DIGITAL (1)

Oleh: Sonny Zulhuda


Sejak masyarakat disibukkan berbagai isu terutama di alam maya dan media sosial, ada beberapa hal yang perlu kita perhatikan dalam hal pergaulan digital kita. Yuk kita introspeksi.

Tanpa disadari, kita sering menyebarkan informasi tanpa meyakini validitas isi berita tersebut. Yang lucunya, kadang2 di ujung pesan tersebut ditambahkan dengan kata2: “apakah info ini valid/benar?” hehee.. Alih-alih ingin verifikasi, yang terjadi malah menyebarkan rumor, fitnah atau disinformasi publik.

Kalau memang ingin klarifikasi, ya jangan ‘nafsu’ langsung forward, apalagi kalau sdh berubah niat supaya dianggap ‘lebih update’  atau ‘punya koneksi’ (na’udzu billah)..

Jika pesan itu berupa pernyataan seorang tokoh masyarakat, maka sebaiknya ditanyakan dulu secara khusus ke pihak2 terkait baik sumbernya langsung, ataupun orang2 terdekatnya. Jangan langsung dilempar ke group! Itukan sama saja menyebar gosip ya ikhwan🙂

Jika pesan itu berupa tautan/link ke sebuah sumber di Internet, maka kita bisa cek dan baca dulu link itu. Jangan2, lain di judul lain di isinya. Atau bisa jadi itu berita lama yg kebetulan dicocok2in dengan isu2 baru. Kalau rasanya masih blm yakin (misalnya karena kita meragui media penerbit berita tsb) maka kita bisa lakukan perbandingan berita secara simple, dengan melakukan Google search uyk keywordnya (kata2 kuncinya). Dari situ kita bisa ukur sejauh mana akurasi dan kredibilitas pemberitaan tsb.

Jika kita tidak bisa melakukan klarifikasi dan verifikasi diatas. Jangan lupa gunakan akal sehat dan common sense! Exercise your honest judgment. Malah kadang2, filter akurasi jika dikombinasikan dengan filter akal sehat akan semakin meningkatkan pertimbangan kita: yaitu filter kepatutan. Pertanyaannya nanti, tidak hanya ‘benar atau tidak’ tapi sudah menjadi ‘patut atau tidak saya sebarkan?’..’ perlu atau tidak saya share?’ Kadang pertanyaan ini sering luput dari pertimbangan kita.
Jika filter-filter diatas (akurasi dan kepatutan) sudah luput, maka yang terjadi adalah rentetan upaya klarifikasi dan koreksi atas pesan yang sudah terlanjur menyebar. Jika kelalaian ini terjadi pada anda, maka yang harus anda lakukan:

1. Segera sampaikan koreksi pesan tsb;

2. Mohon maaf atas pencatutan narasumber yang salah, dan

3. Mohon semua anggota group yg sudah ikut menyebarkan agar mengoreksinya juga di group2 mereka masing2.

Kok repot ya? Ngga repot kok, kita cuma perlu lebih cerdas digital saja. Jangan hanya hp kita yg ‘smart’, tp penggunanya juga harus ‘naik kelas’ hehe.. Gitu ya MasBro dan MbakSis..
Mari kita tunjukkan bahwa kita bukan robot alias buzzer digital, tapi kita adalah pengguna medsos yg berakhlak dan berkemajuan. Kemenangan bukan pada hasil, tapi lebih pada upaya menuju hasil itu.

Pesan medsos kita juga akan dipertanggungjawabkan kelak. Disitulah Allah sudah mengingatkan (mgkin tafsir progresifnya ‘menyindir’ – bukan benang merahnya ya) bahwa sesungguhnya “pendengaranmu, penglihatanmu, dan suara hatimu” (yg terakhir ini pas untuk ujaran digital kita) semuanya akan ditanyakan kelak tentang apa yg diperbuatnya.
Ayooo.. kerja lagi🙂

Personal Data Governance from A Cyber Security Perspective

By: Sonny Zulhuda

Data privacy and data security are two sides of a coin – unseparable. Despite efforts by experts to explain this, yet the misunderstanding that they defeat each other is still widely looming.  In this APAC Cyber Security Summit held in on 3rd June 2016 in Kuala Lumpur and attended by more than two-hundred regional participants, I took another attempt to explain this: How protecting one’s data privacy can contribute to a larger information security practices. Not coincidentally, one can see it from the other side: In order to afford maximum protection of one’s privacy, efforts must be taken to secure his data. Thus, data security is part of a bigger personal data privacy protection. Confused? Don’t be.

APAC Cyber Summit 2016_1The truth is, personal data management does include protecting its confidentiality, integrity and availablity. And doing so, it means one must ensure the privacy and security of personal data goes side by side.

In a report released by the PriceWaterhouseCoopers (PWC) in 2016 on Personal Data Use Governance – Mitigate Risk while Unlocking Business Value, there is a sfift (or more sutiably, an expansion) of personal data risks landscape from merely a security and regulatory issue, to an intersection of issues of ethical, regulatory, litigation, security and serivce quality.

At this Conference, I highlighted the latest status and implementation of the Malaysian Personal Data Protection Act 2010 and tried to show how the new regulatory framework reshape the landscape of information security in Malaysia.

The points can be summarised as follows:

  1. Perspective #1. PDPA 2010 creates data management principles
  2. Perspective #2. PDPA 2010 spells out the duties throughout data lifecycle
  3. Perspective #3. PDPA 2010 identifies data risks
  4. Perspective #4. PDPA 2010 creates new data offences
  5. Perspective #5. PDPA 2010 creates duty of data due diligence

Privacy – How to be Assured in Cyberspace

By: Sonny Zulhuda

This year’s ISACA Malaysia’s Conference is renamed a CyberSecurity, IT Assurance & Governance (CIAG) Conference 2016, held on 30th May 2016, in Le Méridien hotel, Kuala Lumpur. My friends and colleagues in ISACA Malaysia are kind enough to invite me for the fourth time in their annual national conference. Last year, I was invited to speak about the pros and cons of Internet of Things (IoT) in the form of a debate, together with a representative from the Malaysian Digital Economy Corporation (MDec).

 

In this year’s edition, I was seated in a panel discussion to speak about the protection (or  Assurance) of privacy in the cyberspace. With me as panelists are Mr. Retnendran Subramaniam CISA, CRISC (former ISACA Malaysia chairman) and Mr. Victor Lo, the Head of Information Security, InfoTech Division, MDeC. The panel was moderated by Mr. Jason Yuen from the Ernst & Young Malaysia. Continue reading

Readings on SOSMA 2012 and the Electronic Monitoring Devices

By: Sonny Zulhuda

emd-sample-ag-250813

Electronic tagging is a form of surveillance which uses an electronic device (a tag) fitted to the person. It is commonly used as a form of electronically monitored punishment for people who have been sentenced to electronic monitoring by a court, or required to wear a tag upon release from prison. The use of electronic monitoring devices in Malaysia has been first introduced by the  Security Offences (Special Measures) Act 2012 (SOSMA) (Act 747). This article sourced few online reading materials relating to the use of electronic monitoring devices vis a vis the SOSMA. Therefore the similar concerns under the new amendment to the Criminal Procedure Code (CPC) 2012 are beyond the ambit of this survey.

In December 2015, Bernama reported that more than 200 people detained under the Prevention of Crime Act (POCA) have been strapped with an electronic monitoring device (EMD), quoting the Federal CID director, Datuk Seri Mohmad Salleh as saying. Salleh added that this effort was taken to monitor the movements of those people (apparently upon release – added), as well as to test the effectiveness of the device. Based on the similar report by Datuk Nur Jazlan Mohamed, the Home Deputy Minister, those who were detained under POCA include mainly those involved in gangsterism, violent crimes, property crimes as well as drug-related crimes. The report can be read here.

A similar provision on the use of EMD is also found in the Security Offences (Special Measures) Act 2012 (SOSMA). In section 7(1), the SOSMA provides for special procedures relating to the electronic monitoring device. It prescribes that, upon application by the Public Prosecutor under section 4 (which provides for the arrest and detention of a person believed to be involved in security offences), the Court shall order the person to be attached with an electronic monitoring device for a period as the Court may determine but which shall not exceed the remainder of the period of detention allowed under subsection 4(5) for purposes of investigation. Section 4(5) of SOSMA grants the maximum of extension to 28 days after the initial 24 hours of detention for the purpose of investigation.

Continue reading

Is Electronic Commerce Another Battlefront between Innovation and Law?

By: Sonny Zulhuda

cyberlawThe motivation behind this blog post is my cyberlaw lecture on Electronic Commerce Law this week. I started the class with a big question that has been lingering since we talked about the emergence of the Internet, the need to regulate the Internet, the emergence of digital natives, and so on. The question is: Should the law give way to innovation? If yes, in what way this should happen? If no, how the two can be reconciled?  Actually a similar concern arose in the first class of the semester, when we discussed the “Declaration of the Independence of Cyberspace” by John Perry Barlow. We argued that the Internet should and would not be free from regulation. In other words, we can and should regulate the Internet as the needs be!

Settled as we thought it was, the same question reappears when we look at today’s electronic commerce. There are lots of innovation in the global online business that have brought about a huge benefit to us people. Of recent scenario, I discussed the emergence of Uber and Uber-like taxi services in many countries in the world, including Malaysia and the region, which are enabled and empowered by the online service and mobile applications. In Indonesia, similar innovation is adopted for bike-taxi (“ojek” in Indonesian) where the service provider utilises online applications for their booking and customer relations services. As an extension from there, car-sharing taxi services are now mushrooming too. Imagine that a car user who travels between office and home can now possibly give ride service for money while doing his routine travel.

With this innovation, a lot of people are made happier: the car users because they can commercially offer his car ride and efficiently utilise of his travel time (including those time spent in traffic jam); individual customers are happier because they have more efficient, cheaper and faster taxi services; and yet, the families of both car driver and customer will also be obvious beneficiary of all this efficiency! Isn’t the innovation good for people?

But there is a downside: taxi service is a licensed service. You have got to apply and obtain this permit to operate a taxi in many countries. Reports come from many jurisdictions show how authorities have trouble addressing this “illegal taxis”. But the point here is, this “car-sharing” is not like taxis. They are private drivers who are willing to make money out of their boring and unpleasant routine of travelling while helping those who need easier and faster modes of transport for their own travel. It is like match-making situation, as they two match everyone is happy.

This is where the question reemerges: is innovation and law a marriage made in heaven or they actually are strange bedfellows? Could the e-commerce become a battlefront between the two? What is your take?

Developing Privacy-Friendly Mobile Apps: Takeaways for Mobile Developers

By: Sonny Zulhuda

Image credit: computerworld.com

Image credit: computerworld.com (click on the image for full display)

This week (28th Aug) I will be participating in a national event dedicated for the modern digital lifestyle in Malaysia, named KL CONVERGE! which runs from 27th-29th August 2015 at Kuala Lumpur Convention Centre (KLCC) in the heart of the Malaysia’s capital. Visit the site here: http://www.klconverge.my/.

As the site highlights, KL CONVERGE! is a multi-platform digital content and creative industry event showcasing the world’s latest achievements and opportunities in the music, film, gaming and Internet space. It seeks to provide an immersive experience to show “how technology and content is an everyday part of our lives.” The event is bringing together leading industry executives from multimedia, applications, Internet and creative content to discuss, deliberate, showcase and celebrate the issues, opportunities and successes in digital space.

I have a honour to be part of the event to speak about key privacy issues for mobile apps developers – thanks to my friends and partners at the Data Protection Academy (DPA) LLP (Noris and Eddie). The discussion will reflect the new legal landscape brought about by the Personal Data Protection Act 2010 that concern mobile apps designers and developers. It’s this Friday, 28th August 2015 at 4.00PM (not one of the best time to listen a talk – sigh) at Room 306 KLCC Convention Hall. It is adjacent to the majestic Petronas twin tower, and it is a free admission event😉 (ugh.. still..) (*_*)

In the one-hour talk, I will demonstrate the salient features of the data privacy laws in Malaysia and the emerging global trend, especially concerning the users/consumers of mobile apps. Issues such as data collection, notification and retention will be touched. Not less importantly will be the issue of personal data security that each mobile apps developer will have to consider when they decide to retain users’ personally identifiable information (PII). But on top of all those, I am posing a big question: “Should you ever collect the users’ personal information at all?” — I am at the moment finalising my presentation and will share here the key points in due course. See you there, if you make it:)

Making sense of Dark Data

By: Sonny Zulhuda

BIG-DATAWhile big data is by now a commonly heard term, dark data is not. Some participants in the recently-held Singapore Symposium whispered to me that they had never heard about the term – so you can say they were in dark about Dark Data.

The term is new to me as well! Except that I have had a little earlier opportunity than those guys to read about it and to finally make sense of it.

It all rooted from the fact that we have had an abundance of data around us, and how much those abundant data are capable of being sourced as information. Yes, it is about Big Data. As we know, Big Data is about quantifying everything possible to be a data. A person’s identity is no longer depending on what is printed on documents (ID, passport, certificates) about him. A person is now identifiable from his mumbling words, his movement, his location, his mood and even the pattern of what he will do every day. All those data are being quantified and measured due to their availability from myriads of media, devices, and interactions (both human and artificial). What makes it possible? You name it: Mobile gadgets, Social media, CCTVs and commercial transactions you have been making, to name a few.

In organisational life, the same is happening. More and more data are collected and stored by organisations, manually and electronically. Data of employees (and their mumbling words, movements, location, mood, etc.), of visitors, of business transactions, of internal meetings, of vendor’s works, of all reports, records and repositories, etc. are increasingly collected, stored…. but not necessarily used. In many occasions those data are no longer usable after their first collection, and yet they still fill up the organisation’s storage (recent research indicates that these unusable data may stack up to 70% of oganisations’ data).

Those are dark data. Untapped, untagged and sometimes unknown data.

Now is this: the fact that they remain unused does not mean they are valueless. You can run this simple test: Should you dump all these data to your competitor or any third party, would there be a loss to suffer? What about a competitive loss, breach of secrets, infringement of privacy, reputation loss, legal liability? If yes, then such Dark Data should be urgently managed.

That is the first message that I delivered in my 1-hour talk in Singapore yesterday.