Kevin Shepherdson
KUCHING: Some of the more common privacy data breaches in Malaysia involve leakage of personal data as a result of unauthorised disclosure from day-to-day work activities, Straits Interactive shares with The Borneo Post.
Chief executive officer Kevin Shepherdson gave an example of mistakenly CC’ing instead of BCC’ing when sending mass email broadcasts, attaching unprotected spreadsheets, or mistakenly disclosing spreadsheets to the wrong recipients, or having weak or no passwords for online accounts.
“In addition, breaches can also be caused by security-related activities such as releasing CCTV footage on to social media without authorisation or consent from the individual,” Shepherdson said.
“Under Malaysia’s Personal Data Protection Act (PDPA), besides data breaches, other common breaches involve marketers who contact callers without consent, failure to allow users to opt-out and quietly or secretly processing personal data without formally notifying or informing individuals.”
According to Shepherdson, there tends to be a common misconception that data protection laws don’t apply to small and medium enterprises (SMEs), non-profit organisations, and voluntary welfare organisations because they’re too small.
“If Singapore statistics are anything to go by, all kinds of smaller organisations have already gotten into trouble.
“Examples include a caterer, a florist, a martial arts group, a financial advisor, restaurant, travel agency, and a tuition agency.”
He revealed that another misconception they see is that organisations think the PDPA relates to security and personal data protection.
“We’d like to highlight that security and protection are only a subset of the seven principles of the PDPA. The other principles involve rules which govern how data is collected, used, disclosed and shared, or stored and disposed of.
“We’d also like to highlight organisations can be prone to breaches of other PDPA principles and in Malaysia, there is criminal liability attached to the breach.
“We often see that the weakest link in the chain of an organisation is the employee, through being unaware of potential data breaches.”
Last month saw Straits Interactive and the International Islamic University of Malaysia (IIUM) entering into a Memorandum of Agreement (MoA) allowing for greater co-operation of developing initiatives on promoting and increasing data protection and compliance competencies in Malaysia.
By partnering with IIUM, Shepherdson said that Straits Interactive intends to deliver more hands-on data protection workshops to educate organisations in terms of PDPA compliance, and prevent breaches of the PDPA.
The group also intents to provide local data protection certification courses for data protection officers, supported by Malaysia’s regulator in data protection – the Personal Data Protection Department and publish research and findings regarding data protection issues and potential data breaches to create further awareness.