By: Sonny Zulhuda
This 2nd Annual Personal Data Protection Summit was held in Royale Chulan of Kuala Lumpur. As admitted by the organiser (the World Asian Summit), this year edition showed much bigger interest. This impressive crowd attendance can only mean one thing: the undeniable importance of the PDP Act 2010.
The Deputy Minister Dato’ Joseph Salang had re-emphasised the Government’s seriousness about implementing the long-awaited legislation, which was already passed since June 2010. In his key-note speech, he again revealed that the Act will be enforced on the 1st January 2013 – echoing similar statement by the Minister of Information, Communications and Culture recently (Read reports on Dato’ Joseph’s announcement here, here and here).
I was invited to speak in the 2-day conference, on “Reality check on the right to privacy in Malaysia — and how is it affected by the mobile technologies and social media.” Continue reading “From the 2nd Annual Summit on Personal Data Protection (KL, 12-13 Dec 2012)”
By: Sonny Zulhuda
Yay! I opened my Inbox this morning and I just won another LOTTERY I never participated in! Feeling lucky don’t you? This is what I just received:
PRIZE AWARD NOTIFICATION!!!
We are pleased to inform you of your Email Success in our Computer Balloting made today for winners from the AUSTRALIAN LOTTERY EMAIL AWARD, as part of our Promotional Draws held this month.
This is a Scientific Computer Game in which your Email Address was used. It is a Promotional Program by AUSTRALIAN LOTTERY EMAIL AWARD.It is a Promotional Program that chooses emails world wide to encourage Internet users; therefore you do not require buying Ticket to enter for it. This is an Email Internet Program were winners are randomly selected from all over the world through Computer Draw System and extracted from over 800,000 Email Addresses from Unions, Association and Corporate Bodies listed online.
Below are your Winning Details:
Reference No: 575061725
Batch No: 056490902/188
Ticket No: 07-42-97-66-11-00
Winning Number No: ILP/HW46704/08
Wow. You don’t think I would rush checking for the accuracy or genuineness of this award right? Of course not, because for one simple reason, this kind of message could not deserve even a curiosity let alone excitement. This is obviously a phishing message which is a gateway to identity theft.
Continue reading ““Social Engineering” a.k.a. Phishing”
By: Sonny Zulhuda
The following is the abstract of the paper I presented (in a poster) at the recent 7th Asian Law Institute (ASLI) Conference at the International Islamic University Malaysia, 25-26 May 2010.
“In the information economy that relies heavily on the sustainability of information technology and the availability of data for business, data theft is equal to a catastrophe that causes massive losses to organisations. Authorities and technologists have put in place myriad of criminal laws and security tools to address this issue, only to see that the incidents of data theft become more rampant. The complications is because data theft involves a range of security issues, ranging from flawed physical control to a weak personal data management, from a single mistake of people on data processing, to a collective negligence of decision makers in the boardroom.
“In the context of corporation, the idea of holding the management board responsible is now increasingly attractive due to the fact that the victims of data theft would see a better chance of getting compensation. This is a rising trend on the law on data theft where certain duties are imposed on the management board of the companies.
“The law, as appears in some jurisdictions such as the US and the UK, obliges the board to exercise certain level of due diligence in managing data asset in the company. Besides, new laws impose duty on the companies to disclose or quickly notify threat or actual attack of data theft that occurs and potentially affects their clients, partners, customers or anyone who happen to be their data subjects. This paper reckons that in shifting some duties to the companies, the incidents of data theft can be better prevented. It argues that it is a good move for other countries like Malaysia to emulate such legal development.”