“Can my lecturer access my personal information?” – And Other Issues of Data Protection at the Higher Learning Institutions 

By: Sonny Zulhuda 

In the past week alone, I spoke about the personal data protection law at two Malaysian public universities; Universiti Sultan Zainal Abidin (UniSZA) Kuala Terengganu and Universiti Malaysia Pahang (UMP) Pekan. While the former was an internal programme, the latter talk was attended by other public universities’representatives who were members of Majlis Tatatertib dan Disiplin Universiti-universiti Awam Malaysia (MATDUM).

In this post, I would like to note some discussions we had on the implementation of the Personal Data Protection Act 2010 at the University environment.

IMG_20170319_095449

The education industry is indeed among those where personal information is highly processed. The data subjects include students (prospective, actual and graduates), university’s employees, as well as any individuals involved in the data processing.

Continue reading

Developing Privacy-Friendly Mobile Apps: Takeaways for Mobile Developers

By: Sonny Zulhuda

Image credit: computerworld.com

Image credit: computerworld.com (click on the image for full display)

This week (28th Aug) I will be participating in a national event dedicated for the modern digital lifestyle in Malaysia, named KL CONVERGE! which runs from 27th-29th August 2015 at Kuala Lumpur Convention Centre (KLCC) in the heart of the Malaysia’s capital. Visit the site here: http://www.klconverge.my/.

As the site highlights, KL CONVERGE! is a multi-platform digital content and creative industry event showcasing the world’s latest achievements and opportunities in the music, film, gaming and Internet space. It seeks to provide an immersive experience to show “how technology and content is an everyday part of our lives.” The event is bringing together leading industry executives from multimedia, applications, Internet and creative content to discuss, deliberate, showcase and celebrate the issues, opportunities and successes in digital space.

I have a honour to be part of the event to speak about key privacy issues for mobile apps developers – thanks to my friends and partners at the Data Protection Academy (DPA) LLP (Noris and Eddie). The discussion will reflect the new legal landscape brought about by the Personal Data Protection Act 2010 that concern mobile apps designers and developers. It’s this Friday, 28th August 2015 at 4.00PM (not one of the best time to listen a talk – sigh) at Room 306 KLCC Convention Hall. It is adjacent to the majestic Petronas twin tower, and it is a free admission event 😉 (ugh.. still..) (*_*)

In the one-hour talk, I will demonstrate the salient features of the data privacy laws in Malaysia and the emerging global trend, especially concerning the users/consumers of mobile apps. Issues such as data collection, notification and retention will be touched. Not less importantly will be the issue of personal data security that each mobile apps developer will have to consider when they decide to retain users’ personally identifiable information (PII). But on top of all those, I am posing a big question: “Should you ever collect the users’ personal information at all?” — I am at the moment finalising my presentation and will share here the key points in due course. See you there, if you make it:)

The Problems with IoT (Internet of Things)

By: Sonny Zulhuda

Today I will be speaking at the IT Governance, Assurance and Security Conference 2015, held annually by ISACA Malaysia and the Malaysian National Computer Confederation (MNCC). In the slotted debate panel, I will be speaking about the problems and challenges brought about the Internet of Things (IoT) vis a vis individuals’ privacy. My debate counterpart will be Mr. Hizamuddin from MDEC.

Here are some details:

Debate ISACA

And here is for the event link:

http://www.isaca.org/chapters3/Malaysia/Documents/IT%20GOV%202015.pdf

The summary of my points are aa follows:

=== IoT vs Privacy ===

1. IoT is conceptually flawed/problematic because it equates human and other objects (“things”)

* Under EU Data protection law, there is a legal rule protecting individuals against data automated processes

* IoT, like any other innovations, is wrongly perceived as technical matters, not really human affairs

* Privacy is a fundamental need, its protection cannot be sidelined, reduced or outsourced to others (including things)

2. Businesses looking for a quick RoI, invested only on technical requirements, not on the prerequisite culture

3. Those countries who introduce IoT (US, EU, Japan, Korea) are already equipped with a strong privacy laws, unlike Malaysia where the law is in the making at initial stage.

PDP Law Compliance for Educational Institution

By: Sonny Zulhuda

Educational institutions -universities, colleges, schools, etc.- are among those who are regulated by the Personal Data Protection Act (PDPA) 2010. The data subjects include: students (obviously the main object here), staffs or employees, vendors, alumni, sponsors, as well as those applicants who have yet join the universities/schools.

The amount of personal data are potentially bulky: personal details, medical records, financial and scholarship records, academic records, student societies records, disciplinary records and even post-study information about the students. Given this situation, people who deal with students’ data in the educational institutions would need to ensure their handling of personal data is in line with the demands of the Act.

In introducing the subject matter to the community in the University, I will be speaking in this following workshop, together with my friend Noriswadi Ismail from Quotient Consulting Sdn Bhd and PDP Academy LLP, and Dr. Federico Feretti from Brunel Law School, London, UK.

Banner PDP Workshop AIKOL 28052014 (4)

Consumers to take control of their Personal Data

My Intro: The following passages were published by the Star in their Sunday Edition (6th January 2013) at pp 23-24. The article is about what Malaysian consumers should know and do in relation to their personal data. It is based on another interview the journalist had with me. For the benefit of the readers, I reproduce some parts of the article in this page. Should you want to read it in full, check the newspaper’s page HERE.

======================================

“Consumers, take control of your personal data”

The Personal Data Protection Act 2010 has come into force, but the public will have to do their part to make it effective.

Credit: The Star Online

Credit: The Star Online

EAGER to win the grand prize, Maria (not her real name) did not hesitate to “drop” her name card at the door for a lucky draw at a company dinner. Weeks later, she found herself inundated with phone calls and text messages offering different services and products.

It is an accepted practice in Malaysia to leave our call cards or personal information at the registration counter of public events. But have you ever wondered what your personal data will be used for later? Or how it will be stored?

This has become so common here that no one thinks twice about the risks and implications, says personal data protection law expert Dr Sonny Zulhuda.

Under the newly enforced Personal Data Protection Act 2010 (PDPA), however, this practice will have to be reviewed, particularly for business entities that use these occasions as an opportunity to build their network of potential customers.

Continue reading

PDP Act Compliance Program – Where to Start?

By: Sonny Zulhuda

success manThis New Year was marked by concerns about complying with the Personal Data Protection (PDP) Act 2010 for Malaysian data users: Bankers, Telco’s, Insurers, Hospitals, Marketers, Airliners, Property Sellers, and many more.

For data users, this is what you may consider:

1. Get to know about the law and its implication to you;

2. Make self-assessment on your current business processes to what extent it complies (or not) with the law;

3. Plan a massive personal-data compliance programme.

For the first one, the shortcut is to attend forum, workshops or training on Personal Data Protection law. There are now few such training in the market. Identify them and get involved. There are few types of training you can consider, according to your needs:

Continue reading

What You Need to Know about the PDPA

==============================

My Intro: The following article, appeared in The Star newspaper, is about public awareness on the Personal Data Protection Act (PDPA) 2010 (Act 709). The journalist had compiled the report out of few resources, including the PDP Department and myself (through series of interaction). It is indicated at the bottom of the article itself. I reproduce the article in this page for the benefit of more readers.

Cheers! Sonny Zulhuda

==============================

“What You Need to Know about the PDPA”

(Reproduced from The Star Online, published on Sunday, 30/12/2012)

PDPA 2010A freelance journalist from Penang was already coping with the pain from a hemorrhoids surgery when she had to endure another hurtful experience – she discovered that her surgeon had taken photographs of her private parts without her consent when she was under.

When she confronted him, she was told that it was “normal procedure” and a common practice for “medical purposes”. Outraged that her privacy had been violated, she sued the doctor.

This is one of the many cases of personal data breaches and privacy violations in the country. Hence, the enforcement of the Personal Data Protection Act (PDPA) this New Year is much lauded. In fact, it is long awaited – for some, over a decade long.

However, while pictures of one’s private parts may constitute as personal data, the aggrieved patient would not be able to take action under the Act – our PDPA only regulates commercial transactions. (The freelance journalist, however, won RM25,000 in damages in her civil court case.)

Here are some of the facts you need to know about the PDPA: Continue reading

  • August 2017
    M T W T F S S
    « Jul    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,574 other followers