Personal Data Governance from A Cyber Security Perspective

By: Sonny Zulhuda

Data privacy and data security are two sides of a coin – unseparable. Despite efforts by experts to explain this, yet the misunderstanding that they defeat each other is still widely looming.  In this APAC Cyber Security Summit held in on 3rd June 2016 in Kuala Lumpur and attended by more than two-hundred regional participants, I took another attempt to explain this: How protecting one’s data privacy can contribute to a larger information security practices. Not coincidentally, one can see it from the other side: In order to afford maximum protection of one’s privacy, efforts must be taken to secure his data. Thus, data security is part of a bigger personal data privacy protection. Confused? Don’t be.

APAC Cyber Summit 2016_1The truth is, personal data management does include protecting its confidentiality, integrity and availablity. And doing so, it means one must ensure the privacy and security of personal data goes side by side.

In a report released by the PriceWaterhouseCoopers (PWC) in 2016 on Personal Data Use Governance – Mitigate Risk while Unlocking Business Value, there is a sfift (or more sutiably, an expansion) of personal data risks landscape from merely a security and regulatory issue, to an intersection of issues of ethical, regulatory, litigation, security and serivce quality.

At this Conference, I highlighted the latest status and implementation of the Malaysian Personal Data Protection Act 2010 and tried to show how the new regulatory framework reshape the landscape of information security in Malaysia.

The points can be summarised as follows:

  1. Perspective #1. PDPA 2010 creates data management principles
  2. Perspective #2. PDPA 2010 spells out the duties throughout data lifecycle
  3. Perspective #3. PDPA 2010 identifies data risks
  4. Perspective #4. PDPA 2010 creates new data offences
  5. Perspective #5. PDPA 2010 creates duty of data due diligence
Advertisements

Privacy – How to be Assured in Cyberspace

By: Sonny Zulhuda

This year’s ISACA Malaysia’s Conference is renamed a CyberSecurity, IT Assurance & Governance (CIAG) Conference 2016, held on 30th May 2016, in Le Méridien hotel, Kuala Lumpur. My friends and colleagues in ISACA Malaysia are kind enough to invite me for the fourth time in their annual national conference. Last year, I was invited to speak about the pros and cons of Internet of Things (IoT) in the form of a debate, together with a representative from the Malaysian Digital Economy Corporation (MDec).

 

In this year’s edition, I was seated in a panel discussion to speak about the protection (or  Assurance) of privacy in the cyberspace. With me as panelists are Mr. Retnendran Subramaniam CISA, CRISC (former ISACA Malaysia chairman) and Mr. Victor Lo, the Head of Information Security, InfoTech Division, MDeC. The panel was moderated by Mr. Jason Yuen from the Ernst & Young Malaysia. Continue reading

The Problems with IoT (Internet of Things)

By: Sonny Zulhuda

Today I will be speaking at the IT Governance, Assurance and Security Conference 2015, held annually by ISACA Malaysia and the Malaysian National Computer Confederation (MNCC). In the slotted debate panel, I will be speaking about the problems and challenges brought about the Internet of Things (IoT) vis a vis individuals’ privacy. My debate counterpart will be Mr. Hizamuddin from MDEC.

Here are some details:

Debate ISACA

And here is for the event link:

http://www.isaca.org/chapters3/Malaysia/Documents/IT%20GOV%202015.pdf

The summary of my points are aa follows:

=== IoT vs Privacy ===

1. IoT is conceptually flawed/problematic because it equates human and other objects (“things”)

* Under EU Data protection law, there is a legal rule protecting individuals against data automated processes

* IoT, like any other innovations, is wrongly perceived as technical matters, not really human affairs

* Privacy is a fundamental need, its protection cannot be sidelined, reduced or outsourced to others (including things)

2. Businesses looking for a quick RoI, invested only on technical requirements, not on the prerequisite culture

3. Those countries who introduce IoT (US, EU, Japan, Korea) are already equipped with a strong privacy laws, unlike Malaysia where the law is in the making at initial stage.

Beyond Personal, Data and Protection: Keynote Address at ISACA Annual Conference 2013

By: Sonny Zulhuda

ImageIn less than three weeks (since I spoke in GIGS2013 Summit), this Big Data concern had had me involved in more direct and personal way. The Malaysian chapter of the Information Systems Audit and Control Association (ISACA) – yes, you’ve heard about their CISA and CISM professional certification, that’s their product – will hold its annual IT Governance, Assurance and Security Conference on 18-19 June 2013 in Kuala Lumpur, Malaysia.

The massive intersection between the Big Data, security issues, compliance as well as data protection legislation had taken me into the epicenter of the complicated development of IT governance: I will be delivering a keynote address of the event with my paper entitled: Beyond “personal”, “data” and “protection” – How the Data Privacy Law Transforms Business Landscape in Malaysia and Beyond. — wow, that is.. long!

Continue reading

Speaking at the Global Information Governance Summit (GIGS 2013)

By: Sonny Zulhuda

ImageThis is just to share of my upcoming presentation at the Global Information Governance Summit (GIGS 2013) that is held in Kuala Lumpur, 28th-29th of May 2013.

I will be speaking in the session 3 of day 2, entitled “Selected Issues in Information Security Law and Data Protection”. I will be speaking more specifically about the threat of identity theft; spam; data surveillance and cyber-terrorism!

The event is jointly organised by the QC Consulting and Universiti Teknologi Malaysia (UTM) Space. Here is the snapshot of the agenda at the second day.

 

Image

The list of the speakers are amazing. I hope I can deliver something new to the audience. Let me know if you’re there too. That is for now, will share more when things are done!:)

Privacy Impact Assessment (PIA) – In the Light of the Data Protection Law in Malaysia

By: Sonny Zulhuda

ImageLast time In May ’12, I was invited by the Federation of Public Listed Companies (FPLC) and the Malaysian Institute of Corporate Governance (MICG) to speak in their National Conference on IT Governance, Data Protection and Cyber Security.

I chose to speak about the importance of the Privacy Impact Assessment (PIA) as an implementing tool for complying with the data management rules and obligations under the law. The exact title of my presentation was “Privacy Impact Assessment for a Better Corporate Governance: The New Legal Landscape in Managing Corporate Data Assets.”

In fact, this was the first time I spoke about it. I just felt that people especially the corporate citizens need to be told in a more practical way on why and how they should comply with the laws on personal data management, i.e. the Personal Data Protection Act 2010 as far as Malaysia is concerned.

The PDPA itself is, of course, silent about this PIA. But that does not mean having or executing a PIA would be useless. PIA is indeed a very helpful organisational tool to ensure compliance with the law on data protection. Malaysian law is not excepted. Continue reading

National Security in Digital Economy: Redefinition, Reaction and Legal Reform

By: Sonny Zulhuda

This is my latest paper that I recently presented in the 1st International Conference on International Relations and Development (ICIRD) organised by a consortium of Thai top universities, and held in the beautiful campus of Thammasat University, Bangkok, Thailand.

This paper investigates the need for global government and especially Malaysia to relook at and redefine the concept of national security amid the changing circumstances especially in relation to the country’s increased reliance on the information and communications technology (ICT).

The challenge is, the more a governance system is exposed to the Internet and ICT, the bigger the risks it would face. When the security of the system is not reliable enough to secure the system, information assets are at stake and the country’s critical information infrastructure (such as defence, communications, energy and medical systems) would become loophole that undermines national security.

Continue reading

  • December 2017
    M T W T F S S
    « Nov    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,582 other followers