Speak Privacy an Asian Way — at Asia Privacy Bridge Forum in Korea

By: Sonny Zulhuda

seoul.jpg

Last week I received this invitation letter to speak at the Third Asia Privacy Bridge Forum, hosted by Barun ICT Research Centre, Yonsei University, Seoul, South Korea towards the end of June 2017. The Director of the Centre, Dr. Beomsoo Kim noted that this Forum is supported also by KISA (Korea Internet and Security Agency) and the Korean Ministry of Interior. I am asked to speak about the development of the data protection laws in two countries Malaysia and Indonesia.

This is an exciting surprise. Not only because it would be my first visit to Korea, but also because I will have an invaluable opportunity to mingle with the Asia Pacific and international network on privacy and data protection; and to share with them what is up in Malaysia and Indonesia on this subject.

There are other speakers who are expected to speak from different jurisdictions: Korea, Japan, Singapore and China including: 1. Dr. Beomsoo Kim (Yonsei University, South Korea); 2. Jongsoo Yoon (Lee & Ko, South Korea); 3. Dr. Kaorii Ishii (University of Tsukuba, Japan); 4. Dr. Warren B. Chick (Singapore Management University); 5. Dr. Sonny Zulhuda (International Islamic University Malaysia); 6. Mr. Eunsil Lee (Seoul Metropolitan Police Agency); and Rona Morgan, Singapore-based IAPP Asia Director.

After all, the event sets as an ultimate aim a common desire to move forward collectively and globally in addressing the challenges of enforcing data privacy laws.

From the Malaysian perspective, this is the time to showcase what it has done or set to do beyond the initial period of public education on the law. What has been done towards enforcement? That is specifically questions that I would like to share during the Conference. Besides, the fact that the industries have moved further to issue self-regulatory Codes of Practice is also a stimulating development.

From the Indonesian perspective, there is quite a few development to share. In the past year, it is noteworthy that the 2008 Law on Information and E-Transaction (“UU-ITE”) was amended by the  Parliament to strengthen some aspects of the law, including on the “Right to be Forgotten”. Then, still in 2016, the Information Minister issued a new Ministerial Regulation on the Protection of Personal Data Processed Electronically. This regulatory piece is indeed a milestone to the data privacy law in Indonesia, albeit that it is a subsidiary legislation, rather than a parliamentary statute. Beyond this, there is this Bill draft of the Personal Data Protection Act that has been consolidated in early 2017.

With all these development, I hope I can portray insightful updates to the Forum and ultimately to everyone who shares the interest on this subject. But first, let’s hope my visa is ready on time.

UPDATE: the visa was ready on 23rd June, and I’m scheduled to fly on Sunday night.

Advertisements

Developing Privacy-Friendly Mobile Apps: Takeaways for Mobile Developers

By: Sonny Zulhuda

Image credit: computerworld.com

Image credit: computerworld.com (click on the image for full display)

This week (28th Aug) I will be participating in a national event dedicated for the modern digital lifestyle in Malaysia, named KL CONVERGE! which runs from 27th-29th August 2015 at Kuala Lumpur Convention Centre (KLCC) in the heart of the Malaysia’s capital. Visit the site here: http://www.klconverge.my/.

As the site highlights, KL CONVERGE! is a multi-platform digital content and creative industry event showcasing the world’s latest achievements and opportunities in the music, film, gaming and Internet space. It seeks to provide an immersive experience to show “how technology and content is an everyday part of our lives.” The event is bringing together leading industry executives from multimedia, applications, Internet and creative content to discuss, deliberate, showcase and celebrate the issues, opportunities and successes in digital space.

I have a honour to be part of the event to speak about key privacy issues for mobile apps developers – thanks to my friends and partners at the Data Protection Academy (DPA) LLP (Noris and Eddie). The discussion will reflect the new legal landscape brought about by the Personal Data Protection Act 2010 that concern mobile apps designers and developers. It’s this Friday, 28th August 2015 at 4.00PM (not one of the best time to listen a talk – sigh) at Room 306 KLCC Convention Hall. It is adjacent to the majestic Petronas twin tower, and it is a free admission event 😉 (ugh.. still..) (*_*)

In the one-hour talk, I will demonstrate the salient features of the data privacy laws in Malaysia and the emerging global trend, especially concerning the users/consumers of mobile apps. Issues such as data collection, notification and retention will be touched. Not less importantly will be the issue of personal data security that each mobile apps developer will have to consider when they decide to retain users’ personally identifiable information (PII). But on top of all those, I am posing a big question: “Should you ever collect the users’ personal information at all?” — I am at the moment finalising my presentation and will share here the key points in due course. See you there, if you make it:)

PDP Law Compliance for Educational Institution

By: Sonny Zulhuda

Educational institutions -universities, colleges, schools, etc.- are among those who are regulated by the Personal Data Protection Act (PDPA) 2010. The data subjects include: students (obviously the main object here), staffs or employees, vendors, alumni, sponsors, as well as those applicants who have yet join the universities/schools.

The amount of personal data are potentially bulky: personal details, medical records, financial and scholarship records, academic records, student societies records, disciplinary records and even post-study information about the students. Given this situation, people who deal with students’ data in the educational institutions would need to ensure their handling of personal data is in line with the demands of the Act.

In introducing the subject matter to the community in the University, I will be speaking in this following workshop, together with my friend Noriswadi Ismail from Quotient Consulting Sdn Bhd and PDP Academy LLP, and Dr. Federico Feretti from Brunel Law School, London, UK.

Banner PDP Workshop AIKOL 28052014 (4)

Personal Data Protection Act & Information Assurance – at ISACA Evening Talk

By: Sonny Zulhuda

I will be speaking on the above topic this week (Tuesday, 18th February 2014) to  IT Governance professionals affiliated under the ISACA Chapter Malaysia. I was informed at least one hundred people will be attending.

ISACA Feb 2014This will be my first speech on PDPA after the lapse of 3-month grace period set up by the PDP authority in Malaysia. I can foresee the level of enthusiasm from participants is high.

Details are here: http://www.isaca.org/chapters3/Malaysia/Documents/Talk%20-%20PDPA%20-%20Feb%202014%20FINAL.pdf

Here is the home page for the Chapter: http://www.isaca.org/chapters3/Malaysia/Pages/default.aspx

What You Need to Know about the PDPA

==============================

My Intro: The following article, appeared in The Star newspaper, is about public awareness on the Personal Data Protection Act (PDPA) 2010 (Act 709). The journalist had compiled the report out of few resources, including the PDP Department and myself (through series of interaction). It is indicated at the bottom of the article itself. I reproduce the article in this page for the benefit of more readers.

Cheers! Sonny Zulhuda

==============================

“What You Need to Know about the PDPA”

(Reproduced from The Star Online, published on Sunday, 30/12/2012)

PDPA 2010A freelance journalist from Penang was already coping with the pain from a hemorrhoids surgery when she had to endure another hurtful experience – she discovered that her surgeon had taken photographs of her private parts without her consent when she was under.

When she confronted him, she was told that it was “normal procedure” and a common practice for “medical purposes”. Outraged that her privacy had been violated, she sued the doctor.

This is one of the many cases of personal data breaches and privacy violations in the country. Hence, the enforcement of the Personal Data Protection Act (PDPA) this New Year is much lauded. In fact, it is long awaited – for some, over a decade long.

However, while pictures of one’s private parts may constitute as personal data, the aggrieved patient would not be able to take action under the Act – our PDPA only regulates commercial transactions. (The freelance journalist, however, won RM25,000 in damages in her civil court case.)

Here are some of the facts you need to know about the PDPA: Continue reading

  • October 2017
    M T W T F S S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,574 other followers