2 years ago, I wrote an article on LinkedIn titled “Malaysia, when will you take data privacy seriously?“. What has changed? Very little.
Last Friday I received an SMS and a WhatsApp message from an ex-bank employee who was terminated from a complaint I made (not about him) about the bank violating my data privacy. The bank and/or their agents have been calling my number for several years (more than 5), and I have made numerous (many, many) requests not to be called or have my name deleted from their calling database. This has fallen into deaf ears until I decided to take matters into my own hands.
Red means NO!
In May of this year, I decided to use Twitter to tweet my unpleasant experiences and my displeasure to the bank’s Twitter handle. They responded with canned replies and made promises that really did not amount to anything. Right after my 2nd last complaint to date, the following day I got another telemarketer from the bank calling me (again) trying to sell me their insurance package. By now, I already got their head of customer advocacy center’s contact and I called him to complain again. This complaint got this telemarketer from the bank fired. Friday, this ex-employee sent me a WhatsApp and an SMS message telling his side of the story, asked me to withdraw my complaint and have him reinstated.
I replied and said that my complaint was not about him but the lax practices of the bank to protect the private details of a customer. A customer, as yours truly, who has made scores of complaints in the past not to be called.
This bothered me a lot. This ex-employee has my contact details with him. What other personal and private details are in his hands now?
This morning on Saturday weekend, I found about the news of another bank sending wrong e-statements to some of their customers. e-statements that belong to some other customer, but can be opened with recipient’s credentials. Again, this is another grave matter where the private details of customers are not only not protected, but also not taken seriously, as in my own case right now.
A legal recourse
In the past, many of us have little recourse to put an end to these nonsense. We see our own Personal Data Protection Act that did not do enough to rid the data privacy violation scourge. But I can see the tide turning, albeit slow and small for now, because the Malaysia Communications and Multimedia Commission (MCMC) is serious in tackling the data privacy and data leaks issue. Their webpage’s immediate pop-up shows:
MCMC Complaint Diagram
This is the official path where citizens can address the protection and the security of their private data, and get a possible potent solution to their woes.
Over to you
This data privacy issue is a two-way street. The relevant authority has given us citizens a channel to air our grievances and get our concerns addressed, but we as consumers, as customers, have to do our part as well. If we accept that our private data is open to abuse and misuse, our apathy will not wish this issue to disappear. We have to do our part to voice out, to complain (constructively of course), and hold those who hold our private data responsible for their actions and inactions.
Still shambolic but will get better
I am often emboldened by good news of the European GDPR (General Data Protection Regulation). The strong enforcements of GDPR have deterred many organizations, governmental and commercial, to apply better data protection structures to ensure data privacy of its citizens as consumers.
GDPR is not perfect but I believe it has created a safe and confident system for the people living in EU. Malaysia’s PDPA is not perfect either but the enforcement lax in the past has seeded the rampant abuse and misuse of our private data. With MCMC’s initiatives, this one end is doing its part to combat data privacy issues.
But at the other end, we as Malaysians must also do our duties to fight for our rights as well. Europeans are often vocal about their rights and how their PII (Personal Identifiable Information) should be handled. That is because their data privacy is protected and guaranteed by the laws of the land, such as GDPR. Hence, we as Malaysians should take comfort that MCMC can take the form of a strong regulator in the protection of our private data if we demand our rights that our private data be protected.
Things are still shambolic, but it will get better. Just do our part as Malaysians. Just don’t be apathetic.
