PETALING JAYA: A lawyer proficient in cybersecurity laws has advised Putrajaya to first reclassify and refine the terms and powers when amending the Personal Data Protection Act (PDPA) 2010.
Derek Fernandez told FMT this would include detailing all types of data, new digital technologies and policies to provide better security, and fair data usage terms.
He said the amendment should contain provisions to allow qualified firms to carry out independent cybersecurity audits and certification on all entities holding data, and should take into account their standard operating procedures and staff training methods.
“This is needed especially for companies or entities that handle a lot of public data, where misuse of such data can cause financial losses to the public, or jeopardise our national security and economic well-being,” he said.
Fernandez said the PDPA should also provide limitations to control misuse of personal data by requiring the data processor to inform the person who has given their consent the exact name and particulars of the person or entity that their data is being given to.
Last week, communications and digital minister Fahmi Fadzil said the ministry was seeking to amend the PDPA to make companies accountable for data in their possession, and to cover more industries.
Responsibility and accountability
Fernandez said amending the PDPA would ensure companies take responsibility and be accountable for the data that they procured and utilised in their day-to-day business by putting in place cybersecurity measures.
“These laws need to be amended to restore a fair level of responsibility and accountability on those who reap, or seek to reap, the benefits of digitalisation without paying a fair cost for cybersecurity,” he said.
He observed that there was a lack of strong deterrent measures to hold companies accountable for safeguarding data in their possession.
As a result, companies take data protection too lightly, thus exposing their customers and the public to cybercrimes.
‘Amendment long overdue’
Cybersecurity firm NovemCS’s CEO, T Murugason, said the amendment was necessary and long overdue.
He said Malaysia’ current PDPA legislation was lagging far behind that of other developed nations, such as Singapore’s PDPA, and the European Union’s General Data Protection Regulation (GDPR).
“Malaysia may have passed a data protection Act first (compared to EU and Singapore), but the difference in execution and enforcement has caused the country to lag behind.
“It’s no use just mouthing fancy terms like ‘data is the new currency’, when those responsible to keep the data safe are negligent in protecting it,” he said. - FMT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.