Privacy Impact Assessment (PIA) – In the Light of the Data Protection Law in Malaysia

By: Sonny Zulhuda

ImageLast time In May ’12, I was invited by the Federation of Public Listed Companies (FPLC) and the Malaysian Institute of Corporate Governance (MICG) to speak in their National Conference on IT Governance, Data Protection and Cyber Security.

I chose to speak about the importance of the Privacy Impact Assessment (PIA) as an implementing tool for complying with the data management rules and obligations under the law. The exact title of my presentation was “Privacy Impact Assessment for a Better Corporate Governance: The New Legal Landscape in Managing Corporate Data Assets.”

In fact, this was the first time I spoke about it. I just felt that people especially the corporate citizens need to be told in a more practical way on why and how they should comply with the laws on personal data management, i.e. the Personal Data Protection Act 2010 as far as Malaysia is concerned.

The PDPA itself is, of course, silent about this PIA. But that does not mean having or executing a PIA would be useless. PIA is indeed a very helpful organisational tool to ensure compliance with the law on data protection. Malaysian law is not excepted. Continue reading

Advertisements

The Problems of Identity Theft in Malaysia in the Light of the Personal Data Protection (PDP) Act 2010: A Hope Rejuvenated?

By: Sonny Zulhuda

Nope, this is not (yet) a ready paper. It’s an ongoing research that I am now conducting, funded by an internal research grant. It takes as the background the revolutionary growth of the information and communications technology and its use in the storing, processing and disseminating personal information.

We all know that such phenomenon (ICT+data processing) has unveiled one huge challenge in the form of identity theft. Described as unlawful acquisitions of personal data that belongs to others, identity theft incidents are reported in Malaysian media on regular basis. The lost, stolen or compromised personal data has not become an incident of its own. Rather, it provides “ammunitions” for further action such as credit cards forgery or impersonated bank accounts that are used as a platform for further crimes.

Recently local newspapers had flooded us with news on these, such as these:

“RM4mil (Rp11.2bil) stolen within first three months”

Malaysians have lost RM4mil through phishing (identity fraud) within the first three months of the year alone. There were 457 cases recorded in the first quarter of the year, exceeding the 353 reported for the whole of last year where the victims lost a total of RM1.2mil. In 2009, only 75 cases were reported with total losses of around RM215,000. Federal Commercial Crime Investigations Department director Commissioner Datuk Syed Ismail Syed Azizan said the number of cases reported this year had reached a record high with authorities and the banking industry being almost powerless to curb it. (Click here for the report)

Continue reading

Personal Data Protection Bill passed by Malaysian Parliament

By: Sonny Zulhuda

It is official now, that the long-awaited personal data protection (PDP) Bill had been passed by the Malaysian House of Representative (Dewan Rakyat). I personally attended the debate that was held yesterday, Monday, 5 April 2010 in the Dewan Rakyat. I am particularly glad that I could make it to the Parliament to watch the passing of the Bill that had filled much of my research time since I was doing my Masters dissertation on PDP law back in 2000.

The debate that took place between 17.00 hrs-19.30 hrs was to me more than just a formality of legislative process. MPs from both sides took turn to present their views, experiences, concerns and arguments on many aspects of the law. Some took even lengthy time to establish their points, citing a number of provision of the Bill.

Continue reading

Personal Data and E-Security (2) – Global Responses to Data Protection

By: Sonny Zulhuda

Legal Responses and Liabilities to the Personal Data Protection

The apprehension of consumers regarding the use of their personal data is increasing. A survey on March 2001 published by the Asian Wall Street Journal and Harris Interactive found that 73% Net users are concerned with their personal privacy on the Internet (AWSJ, 22/3/2001). This fact and many more similar surveys conducted worldwide brought policy makers to ponder on how, and to what extent, the state can make laws and regulations to protect people’s right to control the use and exploitation of their personal data in the networked world.

Questions as to which approach is more effective arise. And there are at least two different approaches being championed by different jurisdictions, and eventually inspired others in the world to adopt. The choice is between having state’s legislation to regulate this problem or to leave the Internet industries to regulate themselves. It is submitted that a working knowledge of those legal requirements is essential for parties in a business organizations involved with data systems that store or process the personal data of members of the public.

Continue reading

Personal Data and E-Security (1) – From Liabilities to Asset Management

By: Sonny Zulhuda

This paper seeks to provide an overview of the legal risk liability issues that arise in the management of personal data in e-security policies.  It argues that if personal data is properly managed, not only can legal liabilities be avoided but organizations can transform the practice of personal data management into a corporate asset building exercise. At the end of this paper, the reader should understand how personal data should be managed in a proactive and structured manner in the context of an organization’s e-security policies.

Continue reading

  • May 2019
    M T W T F S S
    « Apr    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,628 other followers