From the event of the ASEAN YOUTH CONFERENCE (AYC) 2018, at the International Islamic University Malaysia, 22 September 2018.
I will be delivering a keynote under the above topic. For my presentation SLIDES, please click: The Fourth Industrial Revolution and the Inflation of.
Kuala Lumpur, 6/3 (ANTARA News) – Dosen Cyberlaw Fakultas Hukum International Islamic University Malaysia, Dr Sonny Zulhuda, mengharapkan pemerintah dan Parlemen Indonesia segera membahas RUU Perlindungan Data Pribadi agar penyalahgunaan data pribadi tidak terjadi.
“Patut diakui Indonesia masih tertinggal dalam hal ini. Meskipun kita memiliki beberapa peraturan perundangan, hal tersebut masih bersifat generalis namun minimalis,” katanya.Dia mengemukakan hal itu di Kuala Lumpur, Selasa, ketika dimintai tanggapan adanya penyalahgunaan Nomor Induk Kependudukan (NIK) dan Kartu Keluarga (KK) terkait laporan masyarakat yang menemukan pendaftaran sejumlah nomor dengan satu NIK.
Ada peraturan yang agak spesifik, kata dia, namun hanya berlaku bagi data dalam media elektronik dan bentuknya berupa regulasi yang tidak menyediakan sanksi perdata maupun pidana.
Dia mengatakan, saat ini sudah ada usaha menyiapkan draf RUU Perlindungan Data Pribadi namun masih belum diketahui kapan akan dibawa ke parlemen untuk diperbincangkan dan diputuskan. Artinya masih panjang perjalanannya untuk disahkan menjadi undang-undang.
Dalam era “big data” ini, data merupakan aset dan komoditas. Juga menjadi obyek perlindungan hukum. “Di tengah-tengah eksploitasi data baik oleh pemerintah, industri maupun individu yang berkepentingan, perlindungan terhadap data pribadi menjadi keniscayaan,” katanya.
Di Indonesia, data-data pribadi terkait kependudukan dan demografis seperti NIK, KTP elektronik dan KK sangat penting dilindungi agar tidak mudah dieksploitasi.
Firstly, data users can do the least by keeping the public informed about what is going on.
Secondly, we should treat this as an issue of national security.
Thirdly, it is time to test the mechanism of our law.
The year 2017 is notably the beginning of some successful prosecutions under the Act, which is a crucial milestone in itself. On a positive note, we should take this crisis as an opportunity to also prove our legal mechanism.
On top of that, what we are facing now is something bigger: it is testing our resilience as a nation. The challenge is more than a damage control: it is to deal efficiently with the massive data crisis like what is happening now.
This is not a one-off duty as data security is a process rather than a result. As Vince Lombardi was once famously quoted, it is not so much about how we fall down, but rather on how to raise back. And by “we” I mentioned in this last paragraph, it is you and me and every one of us the individuals to whom the personal data actually belong to.
By: Sonny Zulhuda
This note was a reproduction of the same published by the New Straits Times here.
BANK Negara Malaysia (BNM) Governor Tan Sri Muhammad Ibrahim was recently quoted in theNew Straits Times as saying that guidelines governing cryptocurrencies were expected to be unveiled by the end of the year, which is less than three months from now.
Cryptocurrency is a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of the banking system. It is an emerging financial technology enabled by innovation and is increasingly popular among Internet users. It challenges financial and regulatory rules on currency and payment systems.
BNM’s statement could not have come at a better time as cryptocurrencies, such as Bitcoin, are increasingly popular in Malaysia. Not only do we see companies and communities accepting Bitcoin, but small businesses, such as a nasi kerabu stall in Kota Baru, Kelantan, were also reported as accepting payment in Bitcoin.
As with any new and disruptive technology-based business phenomenon, cryptocurrency has its pro and cons. Proponents view it as a natural solution for fast-growing electronic commerce through a ubiquitous technology like the Internet. They also argue that cryptocurrencies benefit people who are otherwise denied access to banking services.
While allowing cryptocurrencies may signal our business friendliness to the digital economy, it also triggers risks and uncertainties. The greatest of them is their potential use in crimes, such as money laundering and financing terrorism. There have been instances in other countries where Bitcoin has been used in the Dark Web for illicit transactions. Indeed, the anonymity that comes with the use of cryptocurrency is a cause for concern as it makes it harder to ensure consumer protection.
APAPUN DISIPLIN ILMUMU, PELAJARILAH EKONOMI DIGITAL!
Oleh: Sonny Zulhuda
1. Indonesia dan Malaysia melalui pemimpinnya masing-masing telah menetapkan bahwa Ekonomi Digital menjadi fokus utama dalam membangun negara dan meningkatkan ekonomi bangsa. Tidak hanya jalur lebar Internet yang diperhebat, namun penguasaan konten lokal dan industri kreatif kini menjadi generator baru bagi kemajuan bangsa.
2. Pengalaman saya selama 15 tahun sebagai peneliti, akademisi dan praktisi hukum teknologi informasi, melihat semakin perlunya kita untuk memparalelkan segala ilmu, pengetahuan dan teori yang kita pelajari dengan perkembangan dunia digital. Ekonomi digital yang didominasi dengan penguasaan teknologi informasi dan optimalisasi data mengharuskan kita menjawab berbagai tantangan digital.
3. Saya saksikan sendiri di berbagai universitas top di dunia seperti Oxford, Sydney, UNSW, Tsinghua, Toronto dan Yonsei University mereka sudah mendirikan lembaga kajian yang fokus terhadap isu konvergensi teknologi informasi dalam berbagai aspeknya. Universitas Indonesia dan UNPAD saya pikir sudah memulai lebih awal dalam konteks Indonesia. Yang lainnya, belum kelihatan! Sementara, semakin banyak pula lembaga internasional yang menyediakan program, beasiswa, fellowship dan event-event yang bertujuan mencari bakat-bakat muda dalam kajian konvergensi informasi ini. Continue reading
By: Sonny Zulhuda
Last week I received this invitation letter to speak at the Third Asia Privacy Bridge Forum, hosted by Barun ICT Research Centre, Yonsei University, Seoul, South Korea towards the end of June 2017. The Director of the Centre, Dr. Beomsoo Kim noted that this Forum is supported also by KISA (Korea Internet and Security Agency) and the Korean Ministry of Interior. I am asked to speak about the development of the data protection laws in two countries Malaysia and Indonesia.
This is an exciting surprise. Not only because it would be my first visit to Korea, but also because I will have an invaluable opportunity to mingle with the Asia Pacific and international network on privacy and data protection; and to share with them what is up in Malaysia and Indonesia on this subject.
There are other speakers who are expected to speak from different jurisdictions: Korea, Japan, Singapore and China including: 1. Dr. Beomsoo Kim (Yonsei University, South Korea); 2. Jongsoo Yoon (Lee & Ko, South Korea); 3. Dr. Kaorii Ishii (University of Tsukuba, Japan); 4. Dr. Warren B. Chick (Singapore Management University); 5. Dr. Sonny Zulhuda (International Islamic University Malaysia); 6. Mr. Eunsil Lee (Seoul Metropolitan Police Agency); and Rona Morgan, Singapore-based IAPP Asia Director.
After all, the event sets as an ultimate aim a common desire to move forward collectively and globally in addressing the challenges of enforcing data privacy laws.
From the Malaysian perspective, this is the time to showcase what it has done or set to do beyond the initial period of public education on the law. What has been done towards enforcement? That is specifically questions that I would like to share during the Conference. Besides, the fact that the industries have moved further to issue self-regulatory Codes of Practice is also a stimulating development.
From the Indonesian perspective, there is quite a few development to share. In the past year, it is noteworthy that the 2008 Law on Information and E-Transaction (“UU-ITE”) was amended by the Parliament to strengthen some aspects of the law, including on the “Right to be Forgotten”. Then, still in 2016, the Information Minister issued a new Ministerial Regulation on the Protection of Personal Data Processed Electronically. This regulatory piece is indeed a milestone to the data privacy law in Indonesia, albeit that it is a subsidiary legislation, rather than a parliamentary statute. Beyond this, there is this Bill draft of the Personal Data Protection Act that has been consolidated in early 2017.
With all these development, I hope I can portray insightful updates to the Forum and ultimately to everyone who shares the interest on this subject. But first, let’s hope my visa is ready on time.
UPDATE: the visa was ready on 23rd June, and I’m scheduled to fly on Sunday night.
By: Sonny Zulhuda
No! We are not talking about how to cure a ransomware attack such as “WannaCry” after it happens. That is not going to happen. Legal compliance is, from the perspective of business continuity and data disaster management, always at the “preventive” side rather than “curative” or “recovery” domain. Just like how technically a data backup is more preventive rather than reactive.
Then, are we saying that complying with Personal Data Protection law is going to prevent incidents like ransomware attack? Not necessarily true. But obviously, by keeping yourself updated about legal requirements pertaining to personal data protection, you will activate a “standby” mode.
Complying with the legal requirements on data protection such as Data Security and Data Retention standards, for example, people in your organisation are made aware that some security measures had to be put in place to protect the personal data system, which often overlaps with other database or information systems in your organisation: payroll system, human resources system, financial system, CRM system, and so on, because in each of those there are personal data of data subjects that you or your organisation process/processes.
That is why, a compliance with PDP law such as the Malaysian Personal Data Protection Act 2010, can be a gateway to better data protection in your organisation from unwanted attacks or other risks to the data integrity and security. In fact, the PDPA 2010 hints that a data due diligence
In fact, the PDPA 2010 hints that a data due diligence such as your data risk management that you conduct in your organisation will not only mitigate the risk to data attack but also will be your “legal defence” in case such attack takes place despite your mitigating measures. This is what transpires from the provisions of the PDPA 2010.
So, the equation is not complicated:
Data due diligence = legal compliance + risk management = legal defence
Good luck! 🙂
Sonny Zulhuda