PDPA vs Data Leak
Have you ever wondered what happen to the personal data we give to service providers such as Telcos, Broadcasters, Cable/Satellite TV Operators, OTT Content Operators, Online Subscription Services, etc?
No doubt we are protected by the law under the purview of Personal Data Protection Act or PDPA. But still how many times have we been bombarded with illicit phone calls, junk mails and junk emails from third party service providers or CPs for all sorts of things including text, audio, and video messages?
So with the law in place, why are we still subject to these kind of harassment?
The Personal Data Protection Act 2010 (PDPA) was passed by the Malaysian Parliament in May 2010 and received Royal Assent on 2 June 2010. The PDPA came into force on 15 November 2013 by way of notification in the Government Gazette, with a three month sunrise period which ended on 15 February 2014. (https://united-kingdom.taylorwessing.com/globaldatahub/article_malaysia_dp.html)
PDPA is applicable across the board. Anybody who collects personal information is entrusted to safeguard the data. It is their civic duty and responsibility to maintain data integrity without succumbing to illegal activities. Any such acts committed should be construed as a breach of trust and punishable by law. The authorities should take stern actions against the perpetrators. This is what we as citizens want to see taking place more often.
Despite the law being in place data leakage does not seem to stop. The frequency of bogus phone calls and junk emails doesn’t seem to reduce as well. The service providers should provide better data security by improving on their network & database security policy. They should keep a tight lid on the people in charge of customer data. We can’t rule out inside job! There’s a lot of money being offered by the CPs and the temptation is hard to resist.
We, the customers/consumers/subscribers, have no visibility on their internal IT policy. When we agree to subscribe to their services we put our total faith in their hands to uphold the law. What happens afterward is another story altogether.
The enforcement task is monumental. The relevant authorities may not have enough resources to monitor and take actions. Very seldom we hear CPs being dragged into courts for breaking the law. Nevertheless, the authorities shouldn’t use this as an excuse to distant themselves from their responsibilities. A concerted and collaborative effort amongst agencies must be put in place to address these issues. The public must be made to believe or convinced that their data is safe whether with the Government or other third-party service providers (online and offline).
We have a problem at hand..data leakage. This is manifested by:
- junk mails we receive at home
- junk emails we receive in our computers/handphones/tablets
- bogus phone calls we receive from all sorts of people selling all sorts of products and services
The law is there, supposedly to protect us but does it work so far? We want to see more actions taken by relevant authorities to mitigate these annoying issues. Otherwise, public confidence in the authorities would erode further and all stakeholders would be on the losing end.