Teruskan Pakai Zoom atau Tidak?

Oleh: Sonny Zulhuda

Dikarenakan kondisi darurat pergerakan akibat pandemi Covid-19 saat ini, beberapa produk dan jasa bisnis meroket karena permintaan meningkat. Food delivery, e-commerce portal dan online meeting platform di antara yang menangguk keuntungan. Zoom sendiri sudah menorehkan peningkatan pemakaian 20 kali lipat. Biasanya hanya 10 juta meeting online perbulan, kini setidaknya ada 200 juta meeting online sebulan.

Pertanyaan yang kini banyak dilontarkan masyarakat: Amankah untuk memakai Zoom?

Zoom ini layaknya banyak platform media online lainnya seperti Skype, Google Hangouts dan lain lain. Masing-masing ada kelebihan dan kekurangan baik dari segi setting (setelan), features (spesifikasi) teknis dan non-teknis, ongkos ataupun fasilitas lainnya.

Zoom, seperti layaknya produk lain, sangat mungkin memiliki kekurangan dan kelemahan sistem. Apakah yang lain itu aman? Ketika banyak kasus curi mobil yang melibatkan mobil merek tertentu, apakah karena mobil mereka lain lebih aman? Tidak juga. Mungkin saja karena mobil merek itu adalah yang paling banyak penggunanya sehingga lebih mudah dipelajari, lebih mudah dicari kuncinya dan lebih mudah dijual hasil curiannya.

Ketika penggunaan Zoom meningkat sampai 20 kali ganda, perlu dipahami dari dua sisi: Pengguna dan Penyedia jasa. Dari sisi ppengguna, banyak sekali dari mereka yang baru pertama kali memakai platform seperti ini. Banyak diantara mereka yang baru sekali itu melakukan online meeting. Malah parahnya, banyak juga di antara mereka yang baru pertama kali menggunakan teknologi internet! Bisa dibayangkan apakah para pengguna ini mengerti tentang seluk beluk lalu lintas Internet yang penuh dengan risiko dan rambu-rambunya?

Kedua, pemilik Zoom bisa dijangka kewalahan saat mendapatkan durian runtuh ini. Ada tiga hal yang setidaknya harus mereka sediakan: 1. Setelan teknis, 2. Business process, dan 3. Sumber daya manusia. Apakah Zoom telah siap dalam ketiga hal tersebut untuk menerima luapan pengguna dalam sekelip mata?

Continue reading “Teruskan Pakai Zoom atau Tidak?”

Ransomware Attack: How a PDP law compliance can be of any help

By: Sonny Zulhuda

Ransomware

No! We are not talking about how to cure a ransomware attack such as “WannaCry” after it happens. That is not going to happen. Legal compliance is, from the perspective of business continuity and data disaster management, always at the “preventive” side rather than “curative” or “recovery” domain. Just like how technically a data backup is more preventive rather than reactive.

Then, are we saying that complying with Personal Data Protection law is going to prevent incidents like ransomware attack? Not necessarily true. But obviously, by keeping yourself updated about legal requirements pertaining to personal data protection, you will activate a “standby” mode.

Complying with the legal requirements on data protection such as Data Security and Data Retention standards, for example, people in your organisation are made aware that some security measures had to be put in place to protect the personal data system, which often overlaps with other database or information systems in your organisation: payroll system, human resources system, financial system, CRM system, and so on, because in each of those there are personal data of data subjects that you or your organisation process/processes.

That is why, a compliance with PDP law such as the Malaysian Personal Data Protection Act 2010, can be a gateway to better data protection in your organisation from unwanted attacks or other risks to the data integrity and security. In fact, the PDPA 2010 hints that a data due diligence

In fact, the PDPA 2010 hints that a data due diligence such as your data risk management that you conduct in your organisation will not only mitigate the risk to data attack but also will be your “legal defence” in case such attack takes place despite your mitigating measures. This is what transpires from the provisions of the PDPA 2010.

So, the equation is not complicated:

Data due diligence = legal compliance + risk management = legal defence

Good luck! 🙂

Readings on SOSMA 2012 and the Electronic Monitoring Devices

By: Sonny Zulhuda

emd-sample-ag-250813

Electronic tagging is a form of surveillance which uses an electronic device (a tag) fitted to the person. It is commonly used as a form of electronically monitored punishment for people who have been sentenced to electronic monitoring by a court, or required to wear a tag upon release from prison. The use of electronic monitoring devices in Malaysia has been first introduced by the  Security Offences (Special Measures) Act 2012 (SOSMA) (Act 747). This article sourced few online reading materials relating to the use of electronic monitoring devices vis a vis the SOSMA. Therefore the similar concerns under the new amendment to the Criminal Procedure Code (CPC) 2012 are beyond the ambit of this survey.

In December 2015, Bernama reported that more than 200 people detained under the Prevention of Crime Act (POCA) have been strapped with an electronic monitoring device (EMD), quoting the Federal CID director, Datuk Seri Mohmad Salleh as saying. Salleh added that this effort was taken to monitor the movements of those people (apparently upon release – added), as well as to test the effectiveness of the device. Based on the similar report by Datuk Nur Jazlan Mohamed, the Home Deputy Minister, those who were detained under POCA include mainly those involved in gangsterism, violent crimes, property crimes as well as drug-related crimes. The report can be read here.

A similar provision on the use of EMD is also found in the Security Offences (Special Measures) Act 2012 (SOSMA). In section 7(1), the SOSMA provides for special procedures relating to the electronic monitoring device. It prescribes that, upon application by the Public Prosecutor under section 4 (which provides for the arrest and detention of a person believed to be involved in security offences), the Court shall order the person to be attached with an electronic monitoring device for a period as the Court may determine but which shall not exceed the remainder of the period of detention allowed under subsection 4(5) for purposes of investigation. Section 4(5) of SOSMA grants the maximum of extension to 28 days after the initial 24 hours of detention for the purpose of investigation.

Continue reading “Readings on SOSMA 2012 and the Electronic Monitoring Devices”