Data Breach a Test to Our Digital Resilience

By: Sonny Zulhuda
DSC_0025
Malaysian public has recently been perturbed by a series of personal data breach one after another. While the investigation is taking place, one can only expect that what has surfaced may only be a tip of an iceberg.
As the country embraces digital economy and aims at a cashless society by 2020, this data security crisis becomes a part of the equation. More digitised information and more synchronised data mean a bigger risk of data breach calamities. As a country, there is no backing out from this equation even though that means we have to learn it hard.
As a consequence, a data breach is not a matter of ‘whether’ but is a matter of ‘when’ it will happen. This requires us to adopt a risk management approach. Failure of managing the risks can be increasingly costly. The problem is, it is too often when we realise there is a data, it may be already too late. The alleged leak and illegal sale of Malaysian telecommunications data are said to have happened years ago. By now, we are already five years too late!
Time is of the essence here. As we start to learn about the breaches that took place, swift actions are warranted. There are few points to consider by all the stakeholders.
Firstly, data users can do the least by keeping the public informed about what is going on.
Even though our PDP law does not oblige data users to notify data subjects about any breach, this is warranted for transparency and trust preservation, and hence their business continuity plan.
Secondly, we should treat this as an issue of national security.
Not only because massive data of the majority of the public is affected, but also because those data come from the telecommunications and financial industries which are deemed among the ten critical national information infrastructures (CNII) as outlined by the Malaysian National Cyber Security Policy (NCSP) 2006. So, data security under this CNII must be given utmost priority. Both public and private sectors must cooperate in dealing with the crises.
Thirdly, it is time to test the mechanism of our law.
These incidents of a personal data breach either maliciously or negligently occurred, will need to be tested against the Personal Data Protection principles enshrined in the Act. The authority needs to speed up the activation of the Personal Data Protection Act (PDPA) 2010 after some “day-nap”. Other agencies need to help in accordance with the statutory powers granted to each of them.

7E3A8212

The year 2017 is notably the beginning of some successful prosecutions under the Act, which is a crucial milestone in itself. On a positive note, we should take this crisis as an opportunity to also prove our legal mechanism. 

On top of that, what we are facing now is something bigger: it is testing our resilience as a nation. The challenge is more than a damage control: it is to deal efficiently with the massive data crisis like what is happening now.

This is not a one-off duty as data security is a process rather than a result. As Vince Lombardi was once famously quoted, it is not so much about how we fall down, but rather on how to raise back. And by “we” I mentioned in this last paragraph, it is you and me and every one of us the individuals to whom the personal data actually belong to.

Advertisements

Developing Privacy-Friendly Mobile Apps: Takeaways for Mobile Developers

By: Sonny Zulhuda

Image credit: computerworld.com

Image credit: computerworld.com (click on the image for full display)

This week (28th Aug) I will be participating in a national event dedicated for the modern digital lifestyle in Malaysia, named KL CONVERGE! which runs from 27th-29th August 2015 at Kuala Lumpur Convention Centre (KLCC) in the heart of the Malaysia’s capital. Visit the site here: http://www.klconverge.my/.

As the site highlights, KL CONVERGE! is a multi-platform digital content and creative industry event showcasing the world’s latest achievements and opportunities in the music, film, gaming and Internet space. It seeks to provide an immersive experience to show “how technology and content is an everyday part of our lives.” The event is bringing together leading industry executives from multimedia, applications, Internet and creative content to discuss, deliberate, showcase and celebrate the issues, opportunities and successes in digital space.

I have a honour to be part of the event to speak about key privacy issues for mobile apps developers – thanks to my friends and partners at the Data Protection Academy (DPA) LLP (Noris and Eddie). The discussion will reflect the new legal landscape brought about by the Personal Data Protection Act 2010 that concern mobile apps designers and developers. It’s this Friday, 28th August 2015 at 4.00PM (not one of the best time to listen a talk – sigh) at Room 306 KLCC Convention Hall. It is adjacent to the majestic Petronas twin tower, and it is a free admission event 😉 (ugh.. still..) (*_*)

In the one-hour talk, I will demonstrate the salient features of the data privacy laws in Malaysia and the emerging global trend, especially concerning the users/consumers of mobile apps. Issues such as data collection, notification and retention will be touched. Not less importantly will be the issue of personal data security that each mobile apps developer will have to consider when they decide to retain users’ personally identifiable information (PII). But on top of all those, I am posing a big question: “Should you ever collect the users’ personal information at all?” — I am at the moment finalising my presentation and will share here the key points in due course. See you there, if you make it:)

ID Theft and Consumer Protection — From the GCC Review Workshop

By: Sonny Zulhuda

Initiated by the Communications and Multimedia Consumer forum of Malaysia (CfM), this national workshop took place on Thursday, 6th May 2010 at the MCMC Headquarter, Cyberjaya, Selangor, Malaysia. Participants came from various quarters such as universities, industries as well as government agencies. The main agenda was to review the provisions of General Consumer Code and to come up with recommendations to improve them.

Before the participantsgo to smaller group discussions, the floor heard presentation from some representatives of the Consumer Forum as well as the Government. Among others, En. Maz Malek (from the Ministry of Information, Communications and Culture) strongly emphasised that consumers interest is government interest, and is a national interest. In order to reflect this seriousness, the Government urges that consumer complaints would have to be entertained and settled in 72 hours (3 days). He also stressed about the newly-passed Personal Data Protection Act that would reform the legal landscape of consumer protection in Malaysia.

Mr. Abdul Rosyid from the Ministry of Domestic Trade, Cooperatives and Consumerism Affairs informed the workshop participants that Direct Selling Act and Consumer Protection Act have been emended to include electronically-effected transactions under their protection. Nevertheless, there are still lots of pressing issues going on in the public that are not entirely settled. He mentioned among others the issue of misuse of personal data and incidents of unknown parties sending sms-es asking people to provide their personal data under the pretext of awarding presents or bonuses, etc. This is simply phishing/smishing issues in which personal data and identities are stolen.

This unwanted disclosure, namely information theft or data theft, is on rise due to at least two motives; Continue reading

  • December 2017
    M T W T F S S
    « Nov    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,582 other followers