Revised law on data leak to be tabled in June

pic by TMR FILE

THE government aims to table a revised data protection law by next June, as it seeks to bolster defence against rampant data breaches in the country.

Communications and Multimedia Minister Gobind Singh Deo (picture) said his ministry is still engaging with stakeholders to ensure that punishment for the offence is not limited to just the perpetrators but on all parties responsible.

“We are currently looking at ways on how we can strengthen and reinforce the Personal Data Protection Act 2010 (Act 709). It is important that we make sure that whatever data that is used and acquired are obtained via a legitimate process.

“It (punishment on data breaches) must be expanded to include those who benefit from the illegal data but before we arrive at any decision, the ministry will consider the views of all relevant parties and weigh every option to tackle this problem,” Gobind told the Dewan Rakyat yesterday.

He was responding to a supplementary question by Datuk Seri Dr Ronald Kiandee (Pakatan Harapan-Beluran) who asked the minister if considerations are made to put the onus of data breaches on companies or parties responsible for the data.

Kiandee had raised the data breach in September involving Malindo Airways Sdn Bhd where personal details of millions of the air carrier’s passengers were exposed. The information included passport details, home addresses and phone numbers that were leaked through online data exchange forums.

Malindo fell victim less than a month after a similar case was reported at Astro Malaysia Holdings Bhd. Astro had discovered then that details of its subscribers’ MyKad data such as their names, identity card numbers, birth dates, gender and addresses had been accessed without authorisation.

The minister stressed it was important that agencies such as the Malaysian Communications and Multimedia Commission (MCMC) provided systems and frameworks that would not only prevent breaches from taking place but on how best to swiftly react to any cyber attack and minimise its impact.

“For this, we need the right kind of expertise. The ministry and MCMC are looking into this and we hope to create systems that would enable the authorities to quickly process information related to data breaches and react speedily before it spreads. The public has to be guaranteed of two things — namely that their data is safe and that any leak will be resolved immediately,” he said.