KUCHING: Malaysians are increasingly more aware of the risks associated with breaches of their personal data, and we have seen a sharp increase in data privacy civil suits in the local Malaysian courts in the past five years, Straits Interactive says.
When queried on the cost of data breaches in the Asean region, particularly in Malaysia, Straits Interactive senior consultant in Malaysia, Dr Sonny Zulhuda told The Borneo Post in an email interview that the cost of data breaches can be seen in many areas.
“In terms of legal liabilities, companies in breach of the Malaysian PDP Act 2010 can be fined up to RM500,000 – for offences such as unlawful sale or unlawful collection of personal data, as well as collection of data without the required certificate of registration,” he commented.
“When a data breach occurs, costs can also be incurred through technical repairs and loss of reputation. Business can also suffer because of bad publicity.
“Civil suits can also be brought against companies, and these can cost businesses a lot of money. Malaysians are becoming increasingly more aware of the risks associated with breaches of their personal data, and we have seen a sharp increase in data privacy civil suits in the local Malaysian courts in the past five years.”
Zulhuda, who is also an Associate Professor with the International Islamic University Malaysia, went on to highlight that unlike companies in the US and Europe, many companies in the Asean have yet to reach an acceptable level of preparedness.
“Data protection does not tend to be a part of the business culture, however some industries (banking and finance) are more prepared due to legislation and legal requirements.
“To bolster the understanding and preparedness of other industries, we need more public awareness, training, and certified professionals in the field of data protection.”
Zulhuda also highlighted that one major concern in Malaysia is how much our MyKad (ID cards) details are easily and unnecessarily exposed.
He pointed out that many people needlessly impose the collection or retention of MyKad details before people start business communication or interactions, enter premises, or participate in events.
“Unfortunately, lots of people are happy to submit these details and this gives the impression that these practices are approved and not an issue.
“Another problem is direct marketing, as well as unsolicited commercial calls, emails and text messages. While it’s clear individuals have the right to refuse direct marketing, it still regularly happens.”
Zulhuda revealed that at Straits Interactive, they are championing a public-private partnership by establishing alliance with academia, industries and the government.
“This partnership will ensure Malaysia as a nation moves together and responds to data privacy issues with a common understanding and comprehensive programmes,” he said.
“With the passing and enforcement of the EU General Data Protection Regulation (GDPR) in May 2018, Malaysia needs to gear up for these stronger laws and better enforcement.
“The GDPR applies to companies who also interact with European citizens, and this requires short-term training programmes and certifications in the field of data protection.
“A collaboration at the regional level is also timely and necessary. We are heading towards that.”