Malaysia, when will you take data privacy seriously?

It is sad. I get about 5-10 silly calls a week and a bunch of nonsense messages in my WhatsApp text and SMS. They waste my time, and it has been going on for years. Even worse is that my private details are out there, exposed and likely be abused too.

Once I got a call from a municipal attorney in the state of Kelantan that I have unpaid summons of several thousand ringgit. They have phone number, my IC number and they threatened to send me a note to arrest me if I didn’t pay up. The thing is, I have never been to Kelantan and I challenged them to send the attorney letter to my home address. The guy on the phone hung up.

In this age where digital information is there at our finger tips, the private details of victims are out there, easily used for unsavoury gains. And we as Malaysians should not shrug our shoulders and not assume that everything is like that, as if it is a Malaysia way of life. That apathy, our state of indifference, should be wiped out from our attitude. We should question the government, the agencies of why is our privacy not protected?

We have the Personal Data Protection Act, ratified in 2010. I don’t know the details of the act, but in its most basic form, don’t you think our private details should at least be protected from the telemarketers calling us selling their personal loans, time share travel suites, private massage (with benefits?) and other silly stuff? How can an act, as a law, be so toothless? Why bother drafting the act, and going through multiple iterations, I would suppose, and making it a law, and yet remain so unworthy to be called a act?

In 2017, there was a huge breach of trust. 46.2 million Malaysian mobile phone numbers were leaked online. Customer details, IMEI and IMSI numbers, and the post- and pre-paid numbers were likely to be traded online. This breach, of course, fell onto the lap of our MCMC (Malaysian Communications and Multimedia Commission). That telco breach was a year and a half ago, and I have not heard, seen, or read any enforcement action taken to bring the culprits to the hands of the law. And the telcos, probably got the velvet glove treatment as their punishment.

On a personal side, I have heard of bank employees selling customer details at MYR1.00 per record. That was several years ago. Hospital staff leaked patients records to whoever was paying. And I believe many more incidents are out there, probably blanketed by the apathetic attitude of Malaysians.

My concern of this lack of data privacy enforcement, besides being trampled and stepped upon over and over again, is the likelihood that it would find its way into future discriminatory practices of using AI (Artificial Intelligence). For example, if a person’s health details are exposed and is fed into a company’s “AI” employment filtering and vetting system or a job-performance review, it could possibly jeopardize a person’s employment opportunities or his or her chances of promotion.

That is where we Malaysians can learn a thing or two from the Europeans. I have been reliably informed that a European person’s privacy is his or her birth right. The GDPR (General Data Protection Regular) enforced last year may seems harsh (in terms of its penalties) and difficult, but as the EU (European Union) extends its influence globally, it should compel Malaysian companies and Malaysians to look upon the GDPR as a yardstick for our own data privacy.

It is time we question ourselves to take our data privacy seriously.

[Note: First published on LinkedIn on Apr 1st, 2019]

Tagged , , , , , , . Bookmark the permalink.

About cfheoh

I am a technology blogger with 25+ years of IT experience. I write heavily on technologies related to storage networking and data management because that is my area of interest and expertise. I introduce technologies with the objectives to get readers to *know the facts*, and use that knowledge to cut through the marketing hypes, FUD (fear, uncertainty and doubt) and other fancy stuff. Only then, there will be progress. I am involved in SNIA (Storage Networking Industry Association) and as of October 2013, I have been appointed as SNIA South Asia & SNIA Malaysia non-voting representation to SNIA Technical Council. I currently run a small system integration and consulting company focusing on storage and cloud solutions, with occasional consulting work on high performance computing (HPC).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.