Ransomware Attack: How a PDP law compliance can be of any help

By: Sonny Zulhuda

Ransomware

No! We are not talking about how to cure a ransomware attack such as “WannaCry” after it happens. That is not going to happen. Legal compliance is, from the perspective of business continuity and data disaster management, always at the “preventive” side rather than “curative” or “recovery” domain. Just like how technically a data backup is more preventive rather than reactive.

Then, are we saying that complying with Personal Data Protection law is going to prevent incidents like ransomware attack? Not necessarily true. But obviously, by keeping yourself updated about legal requirements pertaining to personal data protection, you will activate a “standby” mode.

Complying with the legal requirements on data protection such as Data Security and Data Retention standards, for example, people in your organisation are made aware that some security measures had to be put in place to protect the personal data system, which often overlaps with other database or information systems in your organisation: payroll system, human resources system, financial system, CRM system, and so on, because in each of those there are personal data of data subjects that you or your organisation process/processes.

That is why, a compliance with PDP law such as the Malaysian Personal Data Protection Act 2010, can be a gateway to better data protection in your organisation from unwanted attacks or other risks to the data integrity and security. In fact, the PDPA 2010 hints that a data due diligence

In fact, the PDPA 2010 hints that a data due diligence such as your data risk management that you conduct in your organisation will not only mitigate the risk to data attack but also will be your “legal defence” in case such attack takes place despite your mitigating measures. This is what transpires from the provisions of the PDPA 2010.

So, the equation is not complicated:

Data due diligence = legal compliance + risk management = legal defence

Good luck! 🙂

Advertisements

From the 2nd Annual Summit on Personal Data Protection (KL, 12-13 Dec 2012)

By: Sonny Zulhuda

Brochure2 PDP Forum Dec 2012This 2nd Annual Personal Data Protection Summit was held in Royale Chulan of Kuala Lumpur. As admitted by the organiser (the World Asian Summit), this year edition showed much bigger interest. This impressive crowd attendance can only mean one thing: the undeniable importance of the PDP Act 2010.

The Deputy Minister Dato’ Joseph Salang had re-emphasised the Government’s seriousness about implementing the long-awaited legislation, which was already passed since June 2010. In his key-note speech, he again revealed that the Act will be enforced on the 1st January 2013 – echoing similar statement by the Minister of Information, Communications and Culture recently (Read reports on Dato’ Joseph’s announcement here, here and here).

I was invited to speak in the 2-day conference, on “Reality check on the right to privacy in Malaysia — and how is it affected by the mobile technologies and social media.” Continue reading

  • December 2017
    M T W T F S S
    « Nov    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,582 other followers