KUALA LUMPUR (June 21): When our private data is being publicly shared online, be it through data leaks or hacking attempts, we assume that data privacy laws are on our side. However, our current policies are ill-equipped to deal with these types of situations.
The Personal Data Protection Act 2010 (PDPA) only applies to personal data handled during commercial transactions and does not affect data stored outside Malaysian shores.
The Act is also in need of a major update, being left untouched for a decade despite the rapidly evolving technological landscape.
Businesses and consumers do not know who to reach out to in the event of a major data breach. Should they report it to the police, the related ministries or the many government agencies with cybersecurity as part of their portfolio? Is there any point in contacting one or all of these?
The roles and responsibilities of these agencies are not well communicated to the public despite the introduction of the Malaysia Cyber Security Strategy (MCSS) and the Malaysia Digital Economy Blueprint.
Basically, Malaysia's data protection laws are weak and wanting, when compared to the extensive data privacy laws enacted overseas, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). A thriving national digital economy needs to be built on top of a well-founded legal framework.
Thankfully, local organisations can take pre-emptive steps to keep their consumer’s data safe and secure, putting them above and beyond the requirements of the law.
Read more about it in this week's issue of DigitalEdge.
Save by subscribing to us for your print and/or digital copy.