Don’t waste this vital law
FOR some, data is the new oil. For others, data is personal, and it is not something we would “like” and swipe, and it is not something we would want to put up for sale. If the data relates to an individual and he/she does not want his/her data to be left unprotected, is it wrong?
Last week, we were slammed with the news that 800,000 users’ information was stolen from the Election Commission’s database (“Over 800,000 Malaysians’ personal data with photos, allegedly stolen from MYSPR site, being sold for about RM9,000, The Star, Nov 11; online at bit.ly/star_dataleak).
Earlier this year, 22.5 million citizens had their data – including full names, identification numbers, home addresses, phone numbers and ID photos – stolen from government servers and sold on the dark web (“Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000”, The Star, May 18; online at bit.ly/star_ stolen).
Should we simply prepare ourselves to face more data breaches of government databases, or is there some approach to this issue that could stop that from happening?
Different data types have different functions, depending on why the data is being given and what it is being used for. Notwithstanding its uses, it is what the data contains that has value and worthiness to criminals. How to measure this? Simple: It is valuable if it has information we would only want to disclose for official reasons or that we would prefer to share only with chosen people. Most of the time, we consider such information to be personal and private.
Personal information is actually protected under Malaysian law, specifically by the Personal Data Protection Law 2010 (PDPA). Unfortunately, it does not apply to the government, as stated under Section 3 of said law.
Privacy scholars have widely criticised this section. Not only that, if we refer to the parliamentary debate on the data protection Bill, questions about the non-application were not answered adequately.
Until today, the question remains unanswered and it has opened the door to criticisms of the PDPA. Nevertheless, we still need to remember that at least we have such a law.
So why not amend the law to fit the current challenges of data breaches? Why not implement the law for the government as well?
It is a well-known fact that it is the government that collects most data from the people.
Just consider the recent breach involving the data of 800,000 citizens – do we really need more evidence to show that the government really needs to apply the law accordingly?
We must not forget that Malaysia was among the earliest countries to implement its data protection law. Looking back at the historical development of the law, through all the struggles and hurdles, I think what we have today can be considered a milestone. So let’s ask ourselves, is the government wasting a law that could bring greater good than harm?
SITI NUR FARAH ATIQAH SALLEH Nilai, Negri Sembilan