Malaysia data privacy is still shambolic

2 years ago, I wrote an article on LinkedIn titled “Malaysia, when will you take data privacy seriously?“. What has changed? Very little. 

Last Friday I received an SMS and a WhatsApp message from an ex-bank employee who was terminated from a complaint I made (not about him) about the bank violating my data privacy. The bank and/or their agents have been calling my number for several years (more than 5), and I have made numerous (many, many) requests not to be called or have my name deleted from their calling database. This has fallen into deaf ears until I decided to take matters into my own hands.

Red means NO!

In May of this year, I decided to use Twitter to tweet my unpleasant experiences and my displeasure to the bank’s Twitter handle. They responded with canned replies and made promises that really did not amount to anything. Right after my 2nd last complaint to date, the following day I got another telemarketer from the bank calling me (again) trying to sell me their insurance package. By now, I already got their head of customer advocacy center’s contact and I called him to complain again. This complaint got this telemarketer from the bank fired. Friday, this ex-employee sent me a WhatsApp and an SMS message telling his side of the story, asked me to withdraw my complaint and have him reinstated.

I replied and said that my complaint was not about him but the lax practices of the bank to protect the private details of a customer. A customer, as yours truly, who has made scores of complaints in the past not to be called.

This bothered me a lot. This ex-employee has my contact details with him. What other personal and private details are in his hands now?

This morning on Saturday weekend, I found about the news of another bank sending wrong e-statements to some of their customers. e-statements that belong to some other customer, but can be opened with recipient’s credentials. Again, this is another grave matter where the private details of customers are not only not protected, but also not taken seriously, as in my own case right now.

A legal recourse

In the past, many of us have little recourse to put an end to these nonsense. We see our own Personal Data Protection Act that did not do enough to rid the data privacy violation scourge. But I can see the tide turning, albeit slow and small for now, because the Malaysia Communications and Multimedia Commission (MCMC) is serious in tackling the data privacy and data leaks issue. Their webpage’s immediate pop-up shows:

MCMC Complaint Diagram

This is the official path where citizens can address the protection and the security of their private data, and get a possible potent solution to their woes.

Over to you 

This data privacy issue is a two-way street. The relevant authority has given us citizens a channel to air our grievances and get our concerns addressed, but we as consumers, as customers, have to do our part as well. If we accept that our private data is open to abuse and misuse, our apathy will not wish this issue to disappear. We have to do our part to voice out, to complain (constructively of course), and hold those who hold our private data responsible for their actions and inactions.

Still shambolic but will get better

I am often emboldened by good news of the European GDPR (General Data Protection Regulation). The strong enforcements of GDPR have deterred many organizations, governmental and commercial, to apply better data protection structures to ensure data privacy of its citizens as consumers.

GDPR is not perfect but I believe it has created a safe and confident system for the people living in EU. Malaysia’s PDPA is not perfect either but the enforcement lax in the past has seeded the rampant abuse and misuse of our private data. With MCMC’s initiatives, this one end is doing its part to combat data privacy issues.

But at the other end, we as Malaysians must also do our duties to fight for our rights as well. Europeans are often vocal about their rights and how their PII (Personal Identifiable Information) should be handled. That is because their data privacy is protected and guaranteed by the laws of the land, such as GDPR. Hence, we as Malaysians should take comfort that MCMC can take the form of a strong regulator in the protection of our private data if we demand our rights that our private data be protected.

Things are still shambolic, but it will get better. Just do our part as Malaysians. Just don’t be apathetic.

Tagged , , , , , , , , , . Bookmark the permalink.

About cfheoh

I am a technology blogger with 25+ years of IT experience. I write heavily on technologies related to storage networking and data management because that is my area of interest and expertise. I introduce technologies with the objectives to get readers to *know the facts*, and use that knowledge to cut through the marketing hypes, FUD (fear, uncertainty and doubt) and other fancy stuff. Only then, there will be progress. I am involved in SNIA (Storage Networking Industry Association) and as of October 2013, I have been appointed as SNIA South Asia & SNIA Malaysia non-voting representation to SNIA Technical Council. I currently run a small system integration and consulting company focusing on storage and cloud solutions, with occasional consulting work on high performance computing (HPC).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.