From Privacy Suit to EU GDPR: Data Protection Updates from Malaysia – As reported in the Borneo Post

By: Sonny Zulhuda

The beginning of the year saw my interview with the Malaysian daily the Borneo Post that was published on 1st January 2019. This interview was initiated by my colleagues from the consultancy firm Straits Interactive. The report was entitled “Malaysians increasingly aware of risks with data breach.” It can be found in this link.

The article started to to note that Malaysians now are more aware about the risks associated with breaches of their personal data. In fact, we in Malaysia have seen in the past five years, that there is a sharp increase in data privacy civil suits in the local Malaysian courts.

Among the points I highlighted in the interview are as follows:

What are the costs of data breaches?

  • The cost of data breaches can be seen in many areas. In terms of legal liabilities, companies in breach of the Malaysian PDP Act 2010 can be fined up to RM500,000 – for offences such as unlawful sale or unlawful collection of personal data, as well as collection of data without the required certificate of registration.
  • And when a data breach occurs, costs can also be incurred through technical repairs and loss of reputation. Business can also suffer because of bad publicity.
  • Civil suits can also be brought against companies, and these can cost businesses a lot of money. Malaysians are becoming increasingly more aware of the risks associated with breaches of their personal data, and we have seen a sharp increase in data privacy civil suits in the local Malaysian courts in the past five years.

Are we prepared? Here is what I said:

  • Unlike companies in the US and Europe, many companies in the Asean have yet to reach an acceptable level of preparedness. Data protection does not tend to be a part of the business culture, however some industries (banking and finance) are more prepared due to legislation and legal requirements.
  • To bolster the understanding and preparedness of other industries, we need more public awareness, training, and certified professionals in the field of data protection.

What are among the common concerns?

  • One major concern in Malaysia is how much our MyKad (ID cards) details are easily and unnecessarily exposed. Many people needlessly impose the collection or retention of MyKad details before people start business communication or interactions, enter premises, or participate in events. Unfortunately, lots of people are happy to submit these details and this gives the impression that these practices are approved and not an issue.
  • Another problem is direct marketing, as well as unsolicited commercial calls, emails and text messages. While it’s clear individuals have the right to refuse direct marketing, it still regularly happens.

What has been prepared?

  • I highlighted that leading consultant like Straits Interactive plays the role to champion a public-private partnership by establishing alliance with academia, industries and the government. This partnership will ensure Malaysia as a nation moves together and responds to data privacy issues with a common understanding and comprehensive programmes.

Does the European Union GDPR (General Data Protection Regulations) have anything to do with the Malaysians?

  • With the passing and enforcement of the EU General Data Protection Regulation (GDPR) in May 2018, Malaysia needs to gear up for these stronger laws and better enforcement.
  • The GDPR applies to companies who also interact with European citizens, and this requires short-term training programmes and certifications in the field of data protection.
  • A collaboration at the regional level is also timely and necessary. We are heading towards that.

Credit on this Interview to the Straits Interactive and the Borneo Post.

Hoax in the Era of Industry 4.0

By: Sonny Zulhuda

We have those usual greeting lines every morning such as ‘How are you today?’ or ‘Have you had a breakfast?’

What about these lines: ‘Have you received any hoax today?’ Or worse.. ‘Have you spread any hoax today?’ …. 

7E3A8212Yes. Like it or not, hoax is now inseparable from our life. Just before I spoke in the Saturday ASEAN Youth Conference 2018 in IIUM on this topic, I received ‘news’ that Obike Malaysia stopped its business in Malaysia – which is not true!

The spreading of hoax, though existed since time immemorial, is now extremely rampant due to the advanced technology and the abundance of data around us. It seems that the bandwidth and connectivity was so good that data can even be sent before we think of sending it!

I called this as an excess of data inflation, which leads to information euphoria of a kind. Certainly we have ability of more data gathering, but somehow less on data intelligence. Owning and using a smart phone does not necessarily make us a smart person though.

With such a mishandling, information may become a disinformation, mal-information or even a misinformation. The convergence of information technology and big data have led to a “disrupted society”. A once connected and interconnected society is now “over-connected”, borrowing the phrase from William’s Davidow’s book “Overconnected”.

pacu-teknologi-manufaktur-kemenperin-bersinergi-dengan-startup-B0wBut, what makes sharing hoaxes is so appealing? Partisanship, Naivety, dramatisation, identity and self-actualisation can be the reason behind it.

  • Partisanship: sending hoax (despite the fakeness) conforms to the sender’s existing beliefs;
  • Identity: the act of sending such material proclaims one’s taste and affiliation;
  • Dramatisation: the fear factor that urges people to spread a hoax such as fear of life, fear of detachment, fear of sin, fear of social evils, fear of deseases, etc;
  • Naivety: deceived by all that glitters;
  • Self actualisation: such as the pride of one being the “most informed person”.

Unfortunately, no matter how good or genuine someone’s intention is, sending hoax is not cool. It can even land you on legal troubles. So, let’s not take it for granted. Something must be done. Everyone can be part of it.

It is worth-remembering that in 2005, the World Summit on the Information Society (WSIS) came up with this Declaration of Principles: Building the Information Society, which sets the philosophical and ethical foundations for the global users of the information technology, that:

  • The Information Society should respect peace and uphold the fundamental values of freedom, equality, solidarity, tolerance, shared responsibility, and respect for nature.
  • We acknowledge the importance of ethics for the Information Society, which should foster justice, and the dignity and worth of the human person. Emphasis on the role of family in society.
  • The use of ICTs and content creation should respect human rights and fundamental freedoms of others, including personal privacy, and the right to freedom of thought, conscience, and religion.
  • All actors in the Information Society should take appropriate actions and preventive measures, as determined by law, against abusive uses of ICTs.

I also took this opportunity to remind the audience of the Prophet Muhammad-guided information governance that has been taught as a legacy to us:

  • Info Dissemination: The prophet PBUH emphasised on accuracy and clarity
  • Info Gathering: He assigned specialist to gather espionage
  • Info Management: He appointed secretaries among the trusted and skilled companions
  • Info Confidentiality: He classified info on warfare, critical project e.g. Hijra, names of munafiqun
  • Respect to Privacy: He prohibited private surveillance
  • Info Authenticity: He used a special seal for correspondence
  • Info Verification: He always emphasised on the need of Tabayyun (i.e. verifying the source of information)

what to do when you suspect a fake news or hoax?

This chart from the Singapore’s National Library Board page may help.

FAKE chart

(Excerpt from my keynote: “IR 4.0 and the Inflation of Information: Issues and Challenges”)

#IR40 #Hoax #fakenews #control #information #AYC2018 #PPIMalaysia

Gaduh Data Facebook

This post was first published by Indonesian Daily Harian Republika in its Op-ed column on Monday, 26 March 2018. Reproduced here for educational and non-commercial purposes.

Oleh: Sonny Zulhuda

Berita terungkapnya penggunaan data 50 juta pengguna Facebook di Amerika Serikat (AS) menambah panjang daftar keresahan dan keluhan masyarakat internasional terhadap media sosial yang dipimpin oleh Mark Zuckerberg itu.

Terungkap, data tersebut digunakan konsultan pemilu Cambridge Analytica di AS untuk menganalisa pola dan kecenderungan warga calon pemilih di Pemilu AS. Perusahaan ini juga dianggap menyukseskan kemenangan Donald Trump pada Pemilu 2016 lalu.

Walaupun sepak terjang konsultan Pemilu sudah sering kita dengar, kali ini kita mendapatkan fakta gamblang bagaimana analisis big data dilakukan terhadap jutaan calon pemilih dengan tujuan melakukan pemetaan pemilih serta penyebaran propaganda peserta pemilu secara langsung ke sasaran.

Gambaran mudahnya, jika dalam pilkada daerah X diketahui sejumlah besar warga pemilih dalam di wilayah itu menyukai sepakbola, maka sang konsultan akan mengemas si cagub atau cabup sebagai seorang yang gemar sepakbola serta mengusung agenda terkait sepak bola untuk bahan kampanyenya.

Yang menjadi kegundahan dan kegaduhan adalah data analytics tersebut dilakukan berdasarkan data pribadi pengguna media sosial yang sebelumnya tidak pernah diberitahu bahwa datanya akan dipakai untuk keperluan komersial oleh konsultan pemilu itu.

Dalam konteks etika dan hukum, hal ini bisa dianggap breach of confidence atau breach of privacy, semacam pelanggaran atas privasi dan kerahasiaan yang bisa mengakibatkan kesalahan perdata bahkan pidana.

Apalagi, kita tahu data pribadi kita di Facebook bisa sangat menyeluruh. Mulai dari identitas (nama, tanggal lahir, nomor KTP/Jaminan sosial); data historis (asal daerah, pendidikan, pekerjaan, karier); data geografis (tempat tinggal, perjalanan, komunikasi); biologis (gambar wajah dan anatomi tubuh yang memaparkan tinggi dan berat badan, wana kulit, rambut dan mata); sampai data lainnya, seperti preferensi, anggota keluarga, pilihan politik, pertemanan dan lain-lain.

Continue reading

The Starfish and the Spider

By: Sonny Zulhuda

“The Starfish and the Spider”, or so we were told about ICANN‘s uniqueness by Rod Beckstorm. This is also the title of the book by Rod, the CEO of ICANN, and his co-author that was generously given out to all the Fellows in one of the ICANN’s Fellowship meetings. I did not have chance to grab him after the forum and to get him sign on the book. But here I want to say a big THANKS for the beautiful gift!

The ICANN’s CEO deliberated about how ICANN works as a ‘bottom-up’, decentralized and multi-stakeholders organization. Even though this has been repeatedly mentioned by many previous speakers, to me his presentation wraps up the whole idea of how ICANN has been working.

Continue reading

IT Law Improves Country’s Competitiveness

By: Sonny Zulhuda

The above is my paper that I delivered in a seminar at Law Faculty, University Diponegoro (Undip), Semarang, this month (June 2o1o). More than 120 participants attended mostly academics, faculties and law students from that University. Beside me as speaker was Prof. Dr. Nyoman Sarikat Putrajaya from the Law Faculty of Undip.

We discussed how the cyberlaw and other IT-related legislation can improve the competitiveness of the country, in this respect Indonesia. Variety of issues were being highlighted and debated including international law, cybercrime, content regulation, e-commerce law, phishing and carding, personal data protection, and -unsurprisingly the most popular topic- the latest incident of online porn that involved some national celebrities.

The program was organised by the Asian Law Students Association (ALSA), Undip Local Chapter in cooperation with Law Firm Prihatwono & Partners. My long-time friend Rico from the Law Firm acted as the moderator. Should you are interested to know further about the paper, you can let me know by email (zulhuda at yahoo dot com). Ah, by the way, it is in Indonesian language! 🙂

ID Theft and Consumer Protection — From the GCC Review Workshop

By: Sonny Zulhuda

Initiated by the Communications and Multimedia Consumer forum of Malaysia (CfM), this national workshop took place on Thursday, 6th May 2010 at the MCMC Headquarter, Cyberjaya, Selangor, Malaysia. Participants came from various quarters such as universities, industries as well as government agencies. The main agenda was to review the provisions of General Consumer Code and to come up with recommendations to improve them.

Before the participantsgo to smaller group discussions, the floor heard presentation from some representatives of the Consumer Forum as well as the Government. Among others, En. Maz Malek (from the Ministry of Information, Communications and Culture) strongly emphasised that consumers interest is government interest, and is a national interest. In order to reflect this seriousness, the Government urges that consumer complaints would have to be entertained and settled in 72 hours (3 days). He also stressed about the newly-passed Personal Data Protection Act that would reform the legal landscape of consumer protection in Malaysia.

Mr. Abdul Rosyid from the Ministry of Domestic Trade, Cooperatives and Consumerism Affairs informed the workshop participants that Direct Selling Act and Consumer Protection Act have been emended to include electronically-effected transactions under their protection. Nevertheless, there are still lots of pressing issues going on in the public that are not entirely settled. He mentioned among others the issue of misuse of personal data and incidents of unknown parties sending sms-es asking people to provide their personal data under the pretext of awarding presents or bonuses, etc. This is simply phishing/smishing issues in which personal data and identities are stolen.

This unwanted disclosure, namely information theft or data theft, is on rise due to at least two motives; Continue reading

Privacy Policy in Corporate Practices

By: Sonny Zulhuda

Today my MBA students presented their assessment on privacy policy. This is a practical session for them to see how the principles of personal data protection are being put in in real life corporate conduct. They form a group and choose company of their own in order to look at their privacy policy as stated in their official websites.

The session was very informative and interactive, in which students were to highlight in summary what those companies do in general and what they do with personal information. Then they presented their assessment, examining how good the privacy policy is prescribed, and how well it is compliant with the principles of personal data protection law.

Among the interesting findings that they presented were: Continue reading

  • November 2019
    M T W T F S S
    « Oct    
     123
    45678910
    11121314151617
    18192021222324
    252627282930  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,630 other followers