In July 2022, the new Minister of Communications and Multimedia, then a Member of Parliament (MP) Fahmi Fadzil has submitted a notice of motion to the Dewan Rakyat to table a private member’s bill to amend the Personal Data Protection Act 2010 (PDPA). (Malaysia Kini)
The proposed amendment seeks to give more independence to the Personal Data Protection Commission and its commissioner by making them answerable to Parliament instead of the communications and multimedia minister.
The proposed amendments include having the PDPA cover the federal and state governments and introduce mandatory breach notification rules.
Fahmi said that this amendment was critical as instances of stolen data continue to run rampant in the country. (Focus Malaysia)
As Fahmi himself noted, despite the scale of the leaks, only one high-profile case had been brought to court while others are supposedly still pending investigation by the ministries and agencies involved are unknown to the public.
After the ipay88 incident in May 2022, which until todate, still remained a mystery and in recent time where the personal details of about 5 million passengers and employees of a low costs airline was reportedly hacked by cybercriminals, every of these hacking incident was always denied by the organizations concerned. (TEM)
Either they claimed such details are not theirs or they would say they will investigate, the organizations themselves are rarely investigated or actions brought against them.
None of the organizations appeared to have any sense of urgency to alert or caution their customers on the consequences whenever there is a beach and the data they have on their customers are stolen by hackers.
Maybe an alert is an admission of failure on their part in protecting the data which explains why all of them remained to stay silent.
The increasing frequency of organisations getting hacked and their data stolen is frightening and it points to these organisations providing only minimal or insufficient protection of the data held. And they are not penalised at all by the authorities when the data of their customers are stolen.
And it is always the individuals who would suffer and ended up as victims of scams.
There were previously attempts made to amend the PDPA during the previous Pakatan Harapan government under the then-communications and multimedia minister Gobind Singh Deo. (Focus Malaysia)
However, there were no updates to the status of the review since the change in administration in March 2020.
In 2013, Malaysia enforced the Malaysian Personal Data Protection Act 2010 (“PDPA”) which spells out the 7 data protection principles to regulate and safeguard the processing of personal data.
Breach of any of the said principles by any data user shall amount to a criminal offense under the PDPA and is punishable by a fine of up to RM 300,000 and/or up to 2 years imprisonment.
The PDPA is only applicable to commercial transactions and pursuant to Section 3(1) of the PDPA, the Federal and State Governments are not subjected to the PDPA.
Hence, it can be said that people have no recourse against the government for any breach of their data held by the government under the PDPA.
With regard to the government’s accountability, merely amending the PDPA to include a certain degree of liability on the government agencies in safeguarding personal data will not do the trick.
Fahmi can explore and possibly adopt the approach taken under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the public sector.
One of the requirements under the GDPR with regard to the government agencies that process personal data is to appoint a Data Protection Officer (“DPO”) who will be responsible, among others, to monitor the compliance of the government agency with the GDPR and other data protection provisions and policies.
The GDPR also requires the public sector bodies to adhere to specific transparency obligations by providing the data subjects with information such as the identity, contact details and the representatives of the government agencies who are the controller of the personal data, the contact details of the DPO and the purposes of the processing of the personal data as well as the legal basis for the processing.
Despite being ranked among the top 10 countries with high commitment to cybersecurity in the Global Cybersecurity Index 2020, Malaysia still has a lot to improve in the area of privacy and personal data protection.
The worrying increase in the number of personal data breaches presently requires urgent amendment to the PDPA or new legislation, policy or guidelines for better protection of the citizens’ personal data including a mandatory requirement for a robust and transparent investigation to be conducted on all breaches to ensure that the breach cases are handled with a just outcome.
Fahmi had said in Sept 2022 that the finance minister, communications and multimedia minister must formulate a plan to impose heavier punishment on incidents of data theft besides compensating those who have had their personal data stolen.
Now that he is the Communications and Multimedia Minister, the public has high expectations that he will follow through on what he said earlier before he is the Minister. (FMT)
Fahmi should also prioritise and assert the ECONOMIC RIGHTS OF OUR DATA in any revision to the PDPA.
In countries like China, Australia, EU and India, their data protection act requires organisations to keep the data they collected in the country where they operate in and they can't transfer or stored it outside these countries.
Effectively, it affects multinationals who is not headquartered in these countries. These countries have the rights, economically, legally and in every other way of description over these data collected from their country.
Practically every industry sector has been affected by the new data-driven economy, which has also created a dependency on a supply-chain of services.
It is undeniable that commerce and online services produce an unprecedented amount of data. This sheer increase in quantity has pushed data up the political agenda, capturing the attention of businesses and policy-makers alike.
Significant advances in data processing technologies, increases in processing power and speed, as well as the development of Artificial Intelligence (AI) have all enabled countries and organisations to unlock new insights from their data assets, often in the form of trends, patterns and associations.
This potential to turn data into useful insights is an important factor in creating economic value, as these insights can be used by decision-makers to optimise the allocation of resources and develop new capabilities such as transforming public services, improve consumer experiences, unlocking new treatments for healthcare to enabling smart devices.
The existing state of cybersecurity at federal agencies isn’t the fault of anyone.
Having a political class that doesn't know anything about how technology and the internet works is a major national security risks as cyber warfare is and will be the key and primary strategy for a lot of dominant nation states.
Thus, in developing and bolstering our national security, maybe Fahmi, when looking into the need for the government, should look outside and possibly adopts technologies widely used in the private sector.
And lastly, to aid and accelerate the country’s digital transformation, Fahmi should look into the enactment of an Access to Information (ATI) act as soon as possible.
Assuming the new government intends to follow and continue with the Digital Economy Blueprint that was launched in 2021 by the previous 2 administration, where the then government acknowledged open data as a requirement for digital transformation, the open data agenda involves proactive disclosure of data whereas an ATI law is typically a by-request disclosure.
An ATI law compels the disclosure of data that relates to the public sector’s activities, including information that the government may be hesitant to share.
An ATI law formalises the right of people to access information held by public and in some cases private entities. It provides clear processes for people to request information and for government bodies to respond to such requests.
As of 2021, about 2/3 of countries globally have an ATI decree, whether in the form of a law or an actionable regulation. (TJP)
Around 91% of the world’s population and 96% of the population in the Asia Pacific live in a country with an ATI decree.
Thailand, Indonesia, Timor-Leste, Vietnam, and the Philippines are among those countries. (TJP)
Malaysia still does not have an ATI decree at the national level.
Many ATI laws around the world embody the ‘open by default’ principle by listing specific grounds on which information is exempted from disclosure such as due to privacy and security reasons. (TJP)
Without legislative preparedness, the country’s digital ambitions are mere buzzwords.
Catch up with: Part 1
FLK is a content creator under the Newswav Creator programme, where you get to express yourself, be a citizen journalist, and at the same time monetize your content & reach millions of users on Newswav.
Log in to creator.newswav.com and become a Newswav Creator now!
Newswav is solely an aggregation platform and hosts the content. The views expressed and content above including media (pictures, videos, etc) were provided by the author. If you have any questions about the content, copyright or other issues of the work, please contact Newswav.
![[UPDATED] Annuar Musa among those sacked by Umno?](https://cdn.newswav.com/img/topic/politics.jpeg)