Malaysia needs stronger data laws to protect consumers

There is no provision by the law that guarantees confidential data will not be abused, says CEO


Malaysian consumers need more protection of their personal information that is currently provided under the law, according to the security industry.

While there is the Personal Data Protection Act 2010 to provide general protection, the Act does not stop companies that collect personal information from using it for something else, said LGMS Services Sdn Bhd CEO Fong Choong Fook.

He said for example, job portals and employment companies are not monitored and yet they are in possession of confidential data — including last drawn salary and other sensitive data.

Fong said there is no provision by the law that guarantees such information will not be abused.

“Users should understand that by uploading their resume online, their data will be used, including to be commercially resold by the job portal.

After the data is obtained by the third party — either a jobseeker consulting firm or an employer — there is no law ensuring that the data will be only used according to the purpose that it was primarily given,” he told The Malaysian Reserve.

Fong said as the current law is not enough to address this concern, the authorities can refer to the US’ Health Insurance Portability and Accountability Act 1996 as an example to strengthen the existing policy.

“In the US, hospital and insurance providers can be charged if they do not employ adequate security control of patient health records.

“They will also conduct regular audits to see what kind of security control and how the organisation uses the data,” Fong said.

Besides law enforcement, he said business owners must be held responsible to ensure that the data is kept securely to prevent any employees from misusing it.

“The company must report their employee to the authorities, should they discover any dishonest breach of public data,” he said.

Last Monday, more than 46 million records were confirmed to have been compromised — including personal details such as identification card (IC) numbers, addresses and mobile numbers.

The personal records were offered for sale on trade portal by unknown sellers.

Meanwhile, Federation of Public Listed Companies Bhd president Tan Sri Megat Najmuddin Megat Khas said the government must address the matter to prevent the issue of data being compromised from happening again.

“If there is a need for the authorities to conduct regular check to ensure the company complies with the law and its organisation policy, please do it,” he said, adding that business owners must ensure that standard operation procedures and policies pertaining to data protection should be properly put in place.