PETALING JAYA: While it is necessary to log your name and phone number before entering certain premises during the conditional movement control order (MCO), experts say measures should be taken to prevent people from falling victim to scammers.
Datuk Kenny Goh, chief executive officer and co-founder of digital technology company Macro Kiosk, said concern over data privacy at this time was part of an adjustment to the “new normal”.
“I understand why people are raising concerns as the Covid-19 pandemic has forced people to re-evaluate what privacy means to them.
“On the positive side, giving out info is a responsible thing to do because it helps with contact tracing. However, it is also worrying when the information is not being guarded properly, ” he said.
Goh urged businesses to take a digital approach such as generating QR codes for registration instead of asking people to write down their details.“This way, people’s information is not easily exposed as it will be uploaded to an online system that can only be accessed by few. Right now, anyone can easily walk up to a log book and take pictures of whatever they see, ” he said.
Cybersecurity expert Fong Choong Fook said the move to aid contact tracing could lead to a deluge of unwanted calls and spam, if proper checks were not put in place.
“Spam messages have become more sophisticated as they feel personalised. The messages are no longer just generic notices offering you products or services because scammers can now easily get your name or MyKad number, ” he added.
Fong said public should know more about how their personal information will be handled by owners of premises.
“The big question here is how are the details in the log books being treated by the custodian or the person handling the data, such as the security guards or owners of premises?” asked the LGMS group managing director.
The Personal Data Protection Act 2010 requires businesses to adhere to certain requirements when processing personal information.
Bar Council Information Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong said this included keeping the data secure, not disclosing it to third parties without consent, and within the purpose of which the data is collected.
Processing personal data in ways that were not compliant with the PDPA could lead to a fine of not more than RM300,000 or jailtime of not more than two years, or both.
However, there is a lack of awareness on personal data protection among Malaysians, said Fong.
“I don’t think many people are fully aware of their rights as stated in the PDPA. The custodians who are collecting or holding people’s personal information also have to be aware of their responsibilities and liabilities, ” he said.