Ransomware Attack: How a PDP law compliance can be of any help

By: Sonny Zulhuda

Ransomware

No! We are not talking about how to cure a ransomware attack such as “WannaCry” after it happens. That is not going to happen. Legal compliance is, from the perspective of business continuity and data disaster management, always at the “preventive” side rather than “curative” or “recovery” domain. Just like how technically a data backup is more preventive rather than reactive.

Then, are we saying that complying with Personal Data Protection law is going to prevent incidents like ransomware attack? Not necessarily true. But obviously, by keeping yourself updated about legal requirements pertaining to personal data protection, you will activate a “standby” mode.

Complying with the legal requirements on data protection such as Data Security and Data Retention standards, for example, people in your organisation are made aware that some security measures had to be put in place to protect the personal data system, which often overlaps with other database or information systems in your organisation: payroll system, human resources system, financial system, CRM system, and so on, because in each of those there are personal data of data subjects that you or your organisation process/processes.

That is why, a compliance with PDP law such as the Malaysian Personal Data Protection Act 2010, can be a gateway to better data protection in your organisation from unwanted attacks or other risks to the data integrity and security. In fact, the PDPA 2010 hints that a data due diligence

In fact, the PDPA 2010 hints that a data due diligence such as your data risk management that you conduct in your organisation will not only mitigate the risk to data attack but also will be your “legal defence” in case such attack takes place despite your mitigating measures. This is what transpires from the provisions of the PDPA 2010.

So, the equation is not complicated:

Data due diligence = legal compliance + risk management = legal defence

Good luck! 🙂

Privacy Policy in Corporate Practices

By: Sonny Zulhuda

Today my MBA students presented their assessment on privacy policy. This is a practical session for them to see how the principles of personal data protection are being put in in real life corporate conduct. They form a group and choose company of their own in order to look at their privacy policy as stated in their official websites.

The session was very informative and interactive, in which students were to highlight in summary what those companies do in general and what they do with personal information. Then they presented their assessment, examining how good the privacy policy is prescribed, and how well it is compliant with the principles of personal data protection law.

Among the interesting findings that they presented were: Continue reading

Data Protection Principles under PDP Law

By: Sonny Zulhuda

Understanding data protection principles is crucial to (re)formulate the business processes. For companies and organisations that in any way involve the use and exploitation of personal data of their employees, customers (actual and potential) and business partners, series of actions need to be taken to comply with the legal regime on data protection.

In Malaysia, this is particularly a cause of concern nowadays as the new law on personal data protection clearly requires data users to take certain actions.

Laid in the main body of the law is the prescription of data protection principles from which stemming all the rights, duties and liabilities of each of data user and data subject (Note: ‘data user’ is those who use, collect, process, etc. the personal data that belong to certain individuals. Those individual are called ‘data subject’).

In Personal Data Protection Bill that was recently passed by Malaysian Lower House of Representatives, the principles of personal data protection is laid down in Part II, sections 5-12. Continue reading

  • June 2017
    M T W T F S S
    « May    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,573 other followers