When you “fly”, does your data fly along or fly away?

By: Sonny Zulhuda

Now everyone can “fly”! Yes we know that. But when you fly, will your personal information fly away in the sky? That, not everyone knows.  This is the simple question that makes the backdrop of my recent paper, to be presented in Singapore’s International Conference of Social Science and Humanities (ICSSH2011) at the end of this month.

The paper is entitled: “Personal Data “Up in the Air” – A Tale of Two Malaysian Airlines in Dealing with Consumers Online Privacy.” It is a joint effort with one of my former students Ms. Maryam Delpisheh.

We know that uncertainties and concerns surrounding the privacy of personal information in Malaysia in the wake of many data abuse incidents had led to the passing of Personal Data Protection Act (PDPA) 2010. In a market where personal data has long been widely traded and unjustifiably exploited, the coming of this law could resemble the arrival of a long-awaited messiah expected to correct the evils and rectify people’s problem in a very immediate manner.

Continue reading

Advertisements

“Social Engineering” a.k.a. Phishing

By: Sonny Zulhuda

Yay! I opened my Inbox this morning and I just won another LOTTERY I never participated in! Feeling lucky don’t you? This is what I just received:

 

 

 

PRIZE AWARD NOTIFICATION!!!

We are pleased to inform you of your Email Success in our Computer Balloting made today for winners from the AUSTRALIAN LOTTERY EMAIL AWARD, as part of our Promotional Draws held this month.

This is a Scientific Computer Game in which your Email Address was used. It is a Promotional Program by AUSTRALIAN LOTTERY EMAIL AWARD.It is a Promotional Program that chooses emails world wide to encourage Internet users; therefore you do not require buying Ticket to enter for it. This is an Email Internet Program were winners are randomly selected from all over the world through Computer Draw System and extracted from over 800,000 Email Addresses from Unions, Association and Corporate Bodies listed online.

Below are your Winning Details:
Reference No: 575061725
Batch No: 056490902/188
Ticket No: 07-42-97-66-11-00
Winning Number No: ILP/HW46704/08

Wow. You don’t think I would rush checking for the accuracy or genuineness of this award right? Of course not, because for one simple reason, this kind of message could not deserve even a curiosity let alone excitement. This is obviously a phishing message which is a gateway to identity theft.

Continue reading

Data Privacy in Indonesia — Quo Vadis?

Oleh: Sonny Zulhuda

(Disadur dari Kolom Telematika di Detikinet.com terbit tgl 24/1/2011 disini)

boss-spying-on-youBerita tentang kemungkinan kebocoran (atau tepatnya pembocoran) 25 juta data pelanggan telekomunikasi di Indonesia merupakan sebuah isu yang perlu dicermati lebih dalam. Kejadian serupa telah menghantui komunitas pengguna dan pelanggan jasa telekomunikasi (termasuk e-commerce) di berbagai belahan di dunia.

Dengan berbagai inovasi teknologi informasi, data pribadi tidak lagi dilihat sebagai kelengkapan transaksi, namun telah menjadi komoditas bisnis. Tidak salah jika muncul anggapan bahwa tambang data (data mining) tidak lama lagi akan menjadi primadona bisnis menggantikan tambang emas yang makin terkikis ketersediaannya.

Inti permasalahan tentang kebocoran data konsumen terletak pada beberapa kesalahan berpikir yang perlu segera dikoreksi. Pertama, bahwa DATA (termasuk data pribadi) tidak seperti harta/aset yang memiliki sifat dan hak-hak terkait perlindungan properti (property rights). Kedua, bahwa hak melindungi kepentingan dan kehidupan PRIBADI bukan merupakan bagian dari hak asasi manusia.

Continue reading

Rights of Individual under Data Protection Law

By: Sonny Zulhuda

In the week that passed I spoke in one national seminar on Personal Data Protection Act that took place in the The Ritz Carlton Kuala Lumpur, July 21, 2010. The audience came from various industries including banks, regulators, insurance, medical services, investment as well as legal firms.

My session that went between 12.00 -01.00 pm focused on the Rights of Individuals as Data Subjects under the newly-passed Personal Data Protection Act 2010 of Malaysia. Those rights of data subjects were provided in Part Two, division 4, sections 30-44. In short, those rights can be enlisted as follows:

  • Right to access
  • Right to correct data
  • Right to withdraw consent for data processing
  • Right on sensitive data
  • Right to prevent distress/damage
  • Right to prevent direct marketing

The session was ended with discussing some prominent issues that confronted individuals such as issues of workplace monitoring, junk mail/spam, data theft, and pictures taken at public places. One important message (of many) that I discussed with audience was that, in order to achieve better implementation of law, organizations should see and manage it using the perspective of individuals, not merely that of the organisation; because in organisations, their people (employers, employees, business partners) are all data subjects too.

Data Protection Principles under PDP Law

By: Sonny Zulhuda

Understanding data protection principles is crucial to (re)formulate the business processes. For companies and organisations that in any way involve the use and exploitation of personal data of their employees, customers (actual and potential) and business partners, series of actions need to be taken to comply with the legal regime on data protection.

In Malaysia, this is particularly a cause of concern nowadays as the new law on personal data protection clearly requires data users to take certain actions.

Laid in the main body of the law is the prescription of data protection principles from which stemming all the rights, duties and liabilities of each of data user and data subject (Note: ‘data user’ is those who use, collect, process, etc. the personal data that belong to certain individuals. Those individual are called ‘data subject’).

In Personal Data Protection Bill that was recently passed by Malaysian Lower House of Representatives, the principles of personal data protection is laid down in Part II, sections 5-12. Continue reading

Legal and Industrial Frameworks on Data Management

By: Sonny Zulhuda

At the closing week of year 2009, I’ll present my paper entitled: ‘Corroborative Intersection between Information Security Standards and the Legal Framework on Data Management’ at the Second International Conference on Computer ad Electrical Engineering (ICCEE 2009), 28-30 December 2009, Dubai, United Arab Emirates. The conference is organized by IEEE and IACSIT, both are renowned international associations for the electronic, computer and IT industry professionals. having gone through review and recommendations, over 200 papers will be presented at the two-day parallel sessions, discussing various aspects of computer and electronic industries. My paper talks about legal and industrial frameworks. I am looking forward to meeting the participants in person and having some networking sessions.

Here is the abstract:

This paper examines the intersection between the industrial standards and the legal framework in defining the scope of information security obligations in relation to the management of data and information assets. It undertakes two primary tasks; namely assessing the scope of legal compliance as stated in the internationally-accepted information security standards, in particular the Information Security Management Standards (ISMS); and identifying the legal trends adopted by laws in major jurisdictions, especially the UK and the US. It found that the intersection between the standards and the law is crucial and corroborative; one is found to compliment the other.

Some more snapshots and briefs will come soon.

Election and the Voters’ Personal Data Privacy

By: Sonny Zulhuda

ag00163_

On Wednesday this week the Indonesian Embassy in KL held a ceremony officiating the upcoming-election committee and its secretariat. The Ambassador attended the ceremony and so did most of the embassy officials. I was invited as a witness for the proceeding as a representative of the community in Malaysia.

What led me to write here was particularly an issue (among so many) that came up in my discussion with several members of election committee and reps from participating political parties after the function: privacy right of the voters.

Continue reading

  • October 2019
    M T W T F S S
    « Sep    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,630 other followers