THE alarming increase in the number of online scams and fraudulent activities in Malaysia can largely be traced to the weak enforcement of our Personal Data Protection Act 2010 (PDPA). Due to the absence of severe penalties for violations, many companies exhibit lax adherence to this Act.
Adding fuel to the fire is the burgeoning illicit trade in personal data on dark web forums. Bad actors have found a thriving market for personal information, banking details and more, which are being used to commit identity theft, scams and other cybercrimes.
This underscores the urgent need for companies to ensure robust security measures to protect their customers’ personal data.
One major case that happened in the United States highlights the urgency for enhancing personal data protection in Malaysia – the Equifax data breach in 2017, where hackers exploited the vulnerability of a web application to access the personal data of 143 million people.
This breach led to significant reputational damage for Equifax, a credit reporting agency, which also had to pay a settlement of up to US$700mil.
Several cases of data breaches have occurred in Malaysian in the past few years, involving, among others, a banking institution, multimedia and broadcast agency, and the Election Commission (EC).
These instances point us to the crux of the matter – the urgent need to revise and strengthen the PDPA. The following are proposed:
> Appoint a data protection officer to ensure accountability;
> Introduce a data breach notification system to enhance transparency;
> Provide a clear definition of the role and responsibilities of a data processor;
> Enable data portability to grant individuals control over their data;
> Set guidelines for the transfer of personal data to places outside Malaysia;
> Increase the penalties for misuse of data or breach of the PDPA; and
> Enhance enforcement powers.
We can draw inspiration from the European Union’s General Data Protection Regulation (GDPR) for a more robust data protection legislation with stringent enforcement mechanisms and heavy penalties for non-compliance.
Let’s not delay in making the necessary changes. Our digital landscape’s safety, integrity, and the trust of the public depend on these crucial changes.
RAYMON RAM
Certified fraud examiner
Graymatter Forensic Advisory
Kuala Lumpur
Already a subscriber? Log in
Get 20% OFF The Star Digital Access
Cancel anytime. Ad-free. Unlimited access with perks.
