By: Sonny Zulhuda
A close forum named Focus Group Discussion (FGD) on IPR and Open Data in the Digital Environment was recently held on 9th November 2018 at Al-Nawawi Conference Room, Ahmad Ibrahim Kuliyyah of Law, International Islamic University Malaysia (IIUM). The event was involving two universities from two countries which are the International Islamic University Malaysia (IIUM) and Universitas Padjadjaran (UNPAD), Indonesia.
In his welcoming remarks, the Dean of Ahmad Ibrahim Kuliyyah of Laws, Prof. Dato’ Sri Dr. Ashgar Ali Ali Mohamed extended his gratitude and warm welcome to the delegations from UNPAD. He believed that this two-way discussion should be conducted more regularly in promoting the intellectual discourse between two countries. In a reciprocal gesture, Prof Dr H Ahmad M. Ramli from the Faculty of Law, UNPAD in his keynote address appreciated the initiative by IIUM in conducting this group discussion.
This FGD was part of the research work under the Fundamental Research Grant Scheme, funded by the Ministry of Education, Malaysia. The group discussion was divided into 4 sessions, involving 11 speakers altogether; 7 from UNPAD and 4 from IIUM. Here are some excerpts:
Session 1: IPR Between Tradition and Innovation Continue reading “Intellectual Property Rights and Open Data in the Digital Environment”
By: Sonny Zulhuda
Last time In May ’12, I was invited by the Federation of Public Listed Companies (FPLC) and the Malaysian Institute of Corporate Governance (MICG) to speak in their National Conference on IT Governance, Data Protection and Cyber Security.
I chose to speak about the importance of the Privacy Impact Assessment (PIA) as an implementing tool for complying with the data management rules and obligations under the law. The exact title of my presentation was “Privacy Impact Assessment for a Better Corporate Governance: The New Legal Landscape in Managing Corporate Data Assets.”
In fact, this was the first time I spoke about it. I just felt that people especially the corporate citizens need to be told in a more practical way on why and how they should comply with the laws on personal data management, i.e. the Personal Data Protection Act 2010 as far as Malaysia is concerned.
The PDPA itself is, of course, silent about this PIA. But that does not mean having or executing a PIA would be useless. PIA is indeed a very helpful organisational tool to ensure compliance with the law on data protection. Malaysian law is not excepted. Continue reading “Privacy Impact Assessment (PIA) – In the Light of the Data Protection Law in Malaysia”
By: Sonny Zulhuda
The following is the abstract of the paper I presented (in a poster) at the recent 7th Asian Law Institute (ASLI) Conference at the International Islamic University Malaysia, 25-26 May 2010.
“In the information economy that relies heavily on the sustainability of information technology and the availability of data for business, data theft is equal to a catastrophe that causes massive losses to organisations. Authorities and technologists have put in place myriad of criminal laws and security tools to address this issue, only to see that the incidents of data theft become more rampant. The complications is because data theft involves a range of security issues, ranging from flawed physical control to a weak personal data management, from a single mistake of people on data processing, to a collective negligence of decision makers in the boardroom.
“In the context of corporation, the idea of holding the management board responsible is now increasingly attractive due to the fact that the victims of data theft would see a better chance of getting compensation. This is a rising trend on the law on data theft where certain duties are imposed on the management board of the companies.
“The law, as appears in some jurisdictions such as the US and the UK, obliges the board to exercise certain level of due diligence in managing data asset in the company. Besides, new laws impose duty on the companies to disclose or quickly notify threat or actual attack of data theft that occurs and potentially affects their clients, partners, customers or anyone who happen to be their data subjects. This paper reckons that in shifting some duties to the companies, the incidents of data theft can be better prevented. It argues that it is a good move for other countries like Malaysia to emulate such legal development.”
By: Sonny Zulhuda
Understanding data protection principles is crucial to (re)formulate the business processes. For companies and organisations that in any way involve the use and exploitation of personal data of their employees, customers (actual and potential) and business partners, series of actions need to be taken to comply with the legal regime on data protection.
In Malaysia, this is particularly a cause of concern nowadays as the new law on personal data protection clearly requires data users to take certain actions.
Laid in the main body of the law is the prescription of data protection principles from which stemming all the rights, duties and liabilities of each of data user and data subject (Note: ‘data user’ is those who use, collect, process, etc. the personal data that belong to certain individuals. Those individual are called ‘data subject’).
In Personal Data Protection Bill that was recently passed by Malaysian Lower House of Representatives, the principles of personal data protection is laid down in Part II, sections 5-12. Continue reading “Data Protection Principles under PDP Law”
By: Sonny Zulhuda
At the closing week of year 2009, I’ll present my paper entitled: ‘Corroborative Intersection between Information Security Standards and the Legal Framework on Data Management’ at the Second International Conference on Computer ad Electrical Engineering (ICCEE 2009), 28-30 December 2009, Dubai, United Arab Emirates. The conference is organized by IEEE and IACSIT, both are renowned international associations for the electronic, computer and IT industry professionals. having gone through review and recommendations, over 200 papers will be presented at the two-day parallel sessions, discussing various aspects of computer and electronic industries. My paper talks about legal and industrial frameworks. I am looking forward to meeting the participants in person and having some networking sessions.
Here is the abstract:
This paper examines the intersection between the industrial standards and the legal framework in defining the scope of information security obligations in relation to the management of data and information assets. It undertakes two primary tasks; namely assessing the scope of legal compliance as stated in the internationally-accepted information security standards, in particular the Information Security Management Standards (ISMS); and identifying the legal trends adopted by laws in major jurisdictions, especially the UK and the US. It found that the intersection between the standards and the law is crucial and corroborative; one is found to compliment the other.
Some more snapshots and briefs will come soon.
By: Sonny Zulhuda *
The tremendous participation of companies in technological race and in exploiting the cyberspace is often marked with over-excitement and the sense of lawlessness. This is not true if one regards the cyberspace as a space without rule. The fact remains that there are rules in cyberspace just as people have rules in the real physical world.
When it comes to the notion of corporate social responsibility (‘CSR’), the matter may become more confusing: what kind of responsibility companies could have, and to whom they owe such responsibility. Assume that an online business entity does not have a physical presence – not physically registered, therefore not legally incorporated: does it assume a corporate status to subject it to the CSR? As for the incorporated ones, question may arise as to what responsibilities they bear when embarking in the online environment and to whom they are owed.
Continue reading “CSR in Cyberspace: A Quest for the Missing Link (An Abstract)”
By: Sonny Zulhuda
The Internet has now taken us to a new dimension of life complete with its new set of lifestyle. The Web 2.0 that famously led its users (Who? Me you and everyone here!) to be the Time Magazine’s 2006 Man of the Year had made us a reader and a writer at the same time; a consumer and a producer at once.
This is the new you. Yourself 2.0 does not only read news or download articles from the Net, but also write blogs or upload creative works online. That is the new you.
Continue reading ““Yourself 2.0: A Cool or a Fool?””
By: Sonny Zulhuda
This week I was speaking about the misuse and abuse of workplace technologies during a session of a two-day seminar/workshop on employment law in Kuala Lumpur. The workshop was attended by mostly legal executives from a range of local companies. The technologies meant here are those Internet-associated tools such as electronic mails, blogs, Internet messaging and online networking sites (e.g. facebook, myspace, hi5, and the likes).
The main concern on which this presentation is grounded was that organizations need to ensure a good return of investment (ROI) over the technologies they use at their workplace. This is because the ROI may be interrupted by range of risks of the use (and misuse/abuse) of the technologies such as wasted productivity, financial loss due to business discontinuity or system defect, and also legal liabilities.
Continue reading “On the Misuse of Workplace Technologies”
This paper is aimed at assessing the perspectives and experiences of Malaysia on the concept and application of electronic government (e-government), more on policy context. Attempts are made to observe preparatory initiatives taken by the government of Malaysia in three distinctive but interconnected aspects: administrative measures, regulatory frameworks, and public participation. Some update applications of e-government in Malaysia will also be touched at the later part. This paper will be ended by underlining the lessons that can be learned by Indonesia in seeking the best format for e-government application, especially in tabling policies and regulatory framework.
Electronic Government (E-Government) is variably defined, but basically refers to “the use by government agencies of information technologies (such as Wide Area Networks, the Internet, and mobile computing) that have the ability to transform relations with citizens, businesses, and other arms of government.” Nevertheless in this context, this general meaning of the Information Technology (IT) has been so much associated to the use of the Internet. Thus e-government would generally mean the development and utilization of Internet-based solutions in government services and works. Exactly like e-commerce, which is a utilization of Internet-based solutions in business activities.
Continue reading “Reinvention of Future Governance through E-Government”
By Sonny Zulhuda
The corporate world today has grabbed the efficiencies of information and communications technology (ICT) in its maximum use. Regardless the size and area of industries, workplaces have been equipped with cutting-edge tools of the computers technology and connected to the Internet. With the adoption of electronic tools such as computers, Internet or Intranet, businesses have been operated more or less electronic way. Meeting notices are no longer served by printed paper, and personal data of employees and customers are no longer kept on bulk of papers previously stored in wooden or metal cabinets. In large extent, the electronic mail (email) and electronic storage have been used to replace traditional way of doing business.
Websites have now become a virtual address of companies. They are used to publish companies’ profile, products, promotions, activities, as well as interactive portals. In Malaysia, for public listed companies alone, there are already 225 public listed companies that have website for their business operations, ranging from merely informational sites to commercially designed and transactional websites (Source: Bursa Malaysia). Besides, more and more government agencies are also posting their websites in the World Wide Web.
Continue reading “Cybersquatting and Some Legal Concerns Surrounding Corporate Websites”