‘E-hailing firms must protect data’

PETALING JAYA: Weak enforcement of the Personal Data Protection Act (PDPA) has made it vital for e-commerce firms and e-hailing providers to protect such information, according to the Bar Council.

Its Information Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong said there had not been much news on the enforcement of the Act.

“There were cases of companies being fined, but high-profile cases such as the data breach involving telecommunications companies two years ago have yet to be resolved,’’ he said.

Welcoming the requirement of selfie verification on e-hailing passengers as an effective mechanism to protect the drivers, he said those concerned with data privacy breaches could not do much if they wanted to use the service.

“The onus will be on ride-sharing companies to protect their users’ personal data,” he said in an interview.

Foong’s comments were in light of the concerns over data privacy following a law introduced by the Transport Ministry in July last year, requiring passengers to submit their identity credentials upon registration with any e-hailing platform.

The Star reported on Sunday that e-hailing giant Grab has made it mandatory for passengers to submit a one-time selfie verification by July 12 in an effort to make its platform safer for both drivers and passengers.

However, the selfie verification is not an alternative to the ministry’s e-hailing regulations.

Passengers have expressed concern over possible breach and abuse of their personal data by a third party, although other e-hailing companies have been using selfies and photos of MyKad for verification before the regulation was announced.

Bar Council Personal Data Protection Committee chairman Deepak Pillai said one should always be concerned when submitting personal data online.

“They should be clear as to the organisation they are providing their personal data to, what the personal data can be used for and to whom it can be disclosed,” he said.

Pillai said such information should be provided upfront by the provider of the e-hailing services and definitely within their Privacy Notice, which is a mandatory requirement of the PDPA.

“In my own view, it is clear that the PDPA applies to all e-hailing service providers and the onus is on them to comply with the minimum security requirements set out in the Act and more.

“If there is a breach, they would be subject to complaints, investigations and penalties provided for under the Act,’’ he said.

Cybersecurity expert Fong Choong Fook said there were not many successful prosecutions on data management negligence in Malaysia.

“A good example was the telco data leak, where over 40 million phone records were exposed and traded under the dark web with no prosecution against the party at fault. That is why the general public is still sceptical about the execution of PDPA,” he said.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Did you find this article insightful?


100% readers found this article insightful

Next In Nation

KJ: More than 3,500 have received Pfizer shots, over a million already registered on MySejahtera app
Khairy: Health Ministry reviewing terms of purchase for Johnson & Johnson Covid-19 vaccine
EPF declares 5.2% for conventional savings, 4.9% for syariah
Covid-19: Khairy opts out of Pfizer vaccine, says will take whatever NPRA approves next to boost confidence
Covid-19: CoronaVac vaccine to undergo evaluation, bottling assessment process before getting approval, says KJ
Covid-19: First batch of CoronaVac vaccine arrives at KLIA
Man who rammed into cars in Sungai Buloh nabbed
INTERACTIVE: In the midst of the pandemic, many Malaysians are falling out of the labour force
The app for getting immunised
All smiles behind face masks at mass wedding ceremony

Stories You'll Enjoy