Privacy Policy in Corporate Practices

By: Sonny Zulhuda

Today my MBA students presented their assessment on privacy policy. This is a practical session for them to see how the principles of personal data protection are being put in in real life corporate conduct. They form a group and choose company of their own in order to look at their privacy policy as stated in their official websites.

The session was very informative and interactive, in which students were to highlight in summary what those companies do in general and what they do with personal information. Then they presented their assessment, examining how good the privacy policy is prescribed, and how well it is compliant with the principles of personal data protection law.

Among the interesting findings that they presented were: Continue reading

Advertisements

Data Protection Principles under PDP Law

By: Sonny Zulhuda

Understanding data protection principles is crucial to (re)formulate the business processes. For companies and organisations that in any way involve the use and exploitation of personal data of their employees, customers (actual and potential) and business partners, series of actions need to be taken to comply with the legal regime on data protection.

In Malaysia, this is particularly a cause of concern nowadays as the new law on personal data protection clearly requires data users to take certain actions.

Laid in the main body of the law is the prescription of data protection principles from which stemming all the rights, duties and liabilities of each of data user and data subject (Note: ‘data user’ is those who use, collect, process, etc. the personal data that belong to certain individuals. Those individual are called ‘data subject’).

In Personal Data Protection Bill that was recently passed by Malaysian Lower House of Representatives, the principles of personal data protection is laid down in Part II, sections 5-12. Continue reading

On the Misuse of Workplace Technologies

By: Sonny Zulhuda

This week I was speaking about the misuse and abuse of workplace technologies during a session of a two-day seminar/workshop on employment law in Kuala Lumpur. The workshop was attended by mostly legal executives from a range of local companies. The technologies meant here are those Internet-associated tools such as electronic mails, blogs, Internet messaging and online networking sites (e.g. facebook, myspace, hi5, and the likes).

The main concern on which this presentation is grounded was that organizations need to ensure a good return of investment (ROI) over the technologies they use at their workplace. This is because the ROI may be interrupted by range of risks of the use (and misuse/abuse) of the technologies such as wasted productivity, financial loss due to business discontinuity or system defect, and also legal liabilities.

Continue reading

Isu-isu Keselamatan dan ‘Privacy’ dalam Penggunaan E-mail di Premis Kerja

Oleh: Sonny Zulhuda

Saat ini e-mail telah menjadi media komunikasi yang makin popular baik untuk konteks komunikasi personal maupun untuk komunikasi rasmi dan urusan berbisnis. Hal ini disebabkan oleh semakin pesatnya kemajuan teknologi komunikasi dan maklumat menerusi Internet yang telahpun dipakai oleh hampir semua bidang industri dan sektor kerajaan di Malaysia. Hal ini pula merupakan konsekuensi dari perkembangan aplikasi e-government bagi bidang awam dan kerajaan, serta e-commerce bagi sektor industri dan swasta.

Continue reading

Managing Online Risks through Contractual Instruments

By: Sonny Zulhuda

By transforming to the workplace environment that uses the Internet and other devices of information and communications technology (ICT) as the enabler in running their businesses, organizations are exposed to potential risks out of the abuse and misuse of the said technology by internal employees and any strangers outside the company alike. Such misuse can take the form of security breaches, theft of company’s informational assets, lost productivity, wasted computer resources, electronic viral infections, business interruption and public embarrassment should a workplace lawsuit be filed.

While lots are done for preventing external hackers from jeopardizing internal network and information system, risks from internal sources are often overlooked by most companies. In fact, the threats exposed by these ‘internal saboteurs’ may be as great as the external intruders, and therefore may be as harmful as the external sources of threats.

Continue reading

Electronic Privacy at Workplace

By: Sonny Zulhuda

Introduction

The massive use of internet and other appliances of information and communications technologies (ICT) at the workplace has intensified productivity through intensive communications between employers and employees as well as between a company and external parties including customers, clients, regulators, etc. Most workplace has now installed Internet and email system by which the employees and employers build their networks and communications both internally and externally. Electronic mail, or e-mail, is a boon to office communications. All employees can be notified instantaneously of important office matters. Phone messages can be logged on the computer and sent via e-mail. A message for someone in a meeting can be e-mailed.

However, what most employees fail to realize with respect to e-mail is that:

  • They are probably not the only person who has access to their e-mail, despite the password protection;
  • Electronic mail, even if deleted from their personal databases, can be saved in numerous forms by the computer’s own internal backup systems, or by the person to whom the e-mail is being sent.

There is arising concern on employees’ email surveillance that has been widely practiced by employers. This practice, while seen important for maintaining ‘due diligence’ of a company, gives rise to questions of intrusion to privacy.

Continue reading

Personal Data and E-Security (3) – Its Implication to Business Organizations

By: Sonny Zulhuda

Implications of Data Protection Laws to Business Organizations

Whichever approach being preferred, it is quite true to forewarn industries and business organizations that the legislatures worldwide are seeking even wider legal measures to protect personal information. It will someday come to the point where all matters will be regulated.

To enable continued business activities and growth, organizations needs to be alert of the legal risks surrounding the personal data protection. The legal fences being enacted will automatically reduce the organizations’ liberty to conduct activities previously enjoyed. Especially with ever increasing consumerism that keeps watching the industries, puts them in liability risks whenever principles of data collection and use is ever infringed. The lack of awareness in this aspect will certainly position them in high risk too. There seems no available option for business organizations other than to follow and comprehend the development of the law and safely avoid legal liabilities.

Continue reading

  • October 2017
    M T W T F S S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,574 other followers