MALAYSIA Tanah Tumpah Darahku


Friday, August 12, 2022

MP calls for PDPA amendment after iPay88 data breach


Lembah Pantai MP Fahmi Fadzil urged the government to amend the Personal Data Protection Act 2010 (PDPA) to compel companies to notify the authorities immediately when there is a data breach.

“We must look at personal data as a ‘national treasure’. Its safety must be taken seriously by all quarters.

“Imagine the trauma suffered by the victims after their personal information gets stolen and misused for criminal activities. They could even end up being victims of scams later on,” he said in a statement.

Yesterday, Free Malaysia Today reported that online payment gateway provider iPay88 acknowledged that a cybersecurity breach may have compromised the card data of its users.

The company added that it had initiated a probe on May 31, engaging experts to mitigate the matter, but did not specify when the security breach had happened.

Since then, Communications and Multimedia Minister Annuar Musa announced an investigation on the matter as well.

Hurling brickbats at iPay88, Fahmi said the company only made a public statement on the data breach yesterday, about three months after the incident happened.

He chided the company for not providing complete details on how much data has been compromised and whether affected parties were notified of it.

“iPay88 must provide details like when the security breach was detected and whether those affected were informed or not.

“The company must understand that it is their customers that made them a success story. If iPay88 is sincere, they must compensate those affected,” the PKR information chief said.

On July 16, Fahmi submitted a motion to the Dewan Rakyat to table a private member’s bill to amend the PDPA.

Apart from making it compulsory for private firms to notify the authorities of a data breach, the bill also proposed to include federal and state governments under the legislation as it currently only regulates the processing of personal data in commercial transactions.

Lembah Pantai MP Fahmi Fadzil

Establish RCI

Meanwhile, Fahmi also alleged that the Association of Banks in Malaysia and Association of Islamic Banking and Financial Institutions Malaysia are not proactively dealing with security breaches involving customer data in financial institutions.

“Yesterday, both organisations said commercial banks take such matters very seriously but I beg to differ.

“Our financial institutions, including Bank Negara Malaysia, must be proactive in helping victims of a personal data breach especially when it is caused by weaknesses in our financial ecosystem like the iPay88 case,” he said.

With that, Fahmi urged the government to establish a royal commission of inquiry (RCI) to investigate all cases involving personal data breaches to identify measures to solidify Malaysia’s cybersecurity.

“As of now, we have heard that over 100 million personal data got compromised in the last five years. We need the RCI to stop the problem and dispense justice to the victims,” he said. - Mkini

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.