Malaysia

MP moots bill for Personal Data Protection Act to include govt entities

Weakness in law presents real challenges towards securing Malaysians’ personal data, says Fahmi Fadzil

Updated 4 years ago · Published on 04 Jun 2022 10:00AM

MP moots bill for Personal Data Protection Act to include govt entities
Fahmi Fadzil says that he does not think the Personal Data Protection Act 2010 included the numerous challenges we face today when it was first put together. – The Vibes file pic, June 4, 2022

by Danial Dzulkifly

KUALA LUMPUR – Opposition lawmaker Fahmi Fadzil has mooted a private member’s bill to propose an amendment to the Personal Data Protection Act 2010 (PDPA) that would extend accountability to government and state government entities.

The Lembah Pantai MP told The Vibes this is necessary seeing that there is a worrying increase of Malaysians’ personal data being leaked into the digital sphere, with more incidents involving data managed by government entities.

“Our data governance protocols need to be updated. When PDPA was put together, I don’t think it included the numerous challenges we are facing today.

“As such, I would be in favour of reforming the PDPA to make government agencies, those who are handling our data, and intermediaries to be held accountable as well,” he said.

While the PDPA is designed to protect the personal data of individuals with respect to commercial transactions, the legislation does not apply to government or state governments, as clearly stated in Section 3 of the act.

Fahmi stated that this represents a clear weakness in the law, which has led to either a lack of transparency on the overall progress in investigating possible data leaks and their alleged perpetrators.

“This is where there is a lacuna or a weakness in the law. To date, I can’t recall where investigations have led to court convictions and there have not been any major updates on any of these cases.

“This absolute deafening silence on actions, or inaction, definitely affects public perception about how safe our data really is.

“This is where we have to reform. I think I have to consider speaking with my colleagues. Perhaps we have to bring some kind of legal reform, or a private member’s bill so that the government will look into the matter seriously,” he said.

Bangi MP Ong Kian Ming has criticised the easy access of personnel information of company employees who sign up for the vaccination programme. – The Vibes file pic, June 4, 2022
Bangi MP Ong Kian Ming has criticised the easy access of personnel information of company employees who sign up for the vaccination programme. – The Vibes file pic, June 4, 2022

Most recently, IT and cybersecurity expert Suresh Ramasamy reportedly shared on LinkedIn that 2,000 Excel files containing possibly more than 1.7 million personnel data linked to the Pikas programme can be downloaded directly from the Miti website.

Pikas is a public-private partnership immunisation programme aimed at employees in the manufacturing sector, coordinated by the International Trade and Industry Ministry.

The incident prompted Bangi MP Ong Kian Ming, a former deputy minister at the ministry, to criticise the easy access of personnel information of company employees who sign up for the vaccination programme.

The Pikas system has data points such as company names, NRIC/passport numbers, phone numbers and roles in one’s company.

Prior to this incident, news broke out last month that hackers had stolen the personal details of some 22.5 million Malaysians from the National Registration Department.

The leak included MyKad numbers, names, dates of birth, home addresses, gender, and registered phone numbers belonging to those born between 1940 and 2004.

The hackers are said to be looking to sell the data for US$10,000 (RM43,870) in bitcoin.

Home Minister Datuk Seri Hamzah Zainudin had since denied that the leak originated from the NRD.

Need to fortify overall data security infrastructure

Fahmi also cited another prominent data leak incident in the past decade, where some 46.2 million personal information was leaked back in 2014.

Syahredzan Johan says there is a need to strengthen the overall data security infrastructure as well. – The Vibes file pic, June 4, 2022
Syahredzan Johan says there is a need to strengthen the overall data security infrastructure as well. – The Vibes file pic, June 4, 2022

The data in question was handled by Nuemera (M) Sdn Bhd, which was contracted by the Malaysian Communications and Multimedia Commission (MCMC) to handle Public Cellular Blocking Services.

Despite the incident that occurred back in 2014, news of the data leak only reached the public sphere in 2017.

In 2018, Fahmi had filed a civil suit against both MCMC and Nuemera for their alleged failure to protect personal data under their purview.

The initial police investigation indicated that the leak could have originated from Nuemera but they eventually cleared the firm of any wrongdoing.

The lawmaker had also since withdrawn the suit and there have been no updates on investigations on the data leak.

Similarly, DAP’s social media bureau chairman and lawyer Syahredzan Johan also concurred with Fahmi, but he added that there is a need to strengthen the overall data security infrastructure as well.

“I would welcome a review of the PDPA to consider the inclusion of government and state entities. However, I believe the core issue is regarding the data security and integrity of these entities.

“Clearly, there seem to be issues with the security infrastructure of these databases, whether it is technical or human weaknesses. Even if the law is made wider, if the security and integrity are not improved, data leaks will continue to occur.

“By the time the law is used, the data will already be in the wrong hands,” he said to The Vibes.

For context, Syahredzan had also represented Fahmi in his civil suit against Nuemera. – The Vibes, June 4, 2022

Related News

Malaysia / 1y

Minister calls for radio to remain a unifying force on World Radio Day

Malaysia / 1y

Fahmi denies asking Google to disable ringgit currency converter widget

Malaysia / 1y

Fahmi urges media to cooperate in police probes into news sources

Malaysia / 2y

TikTok increases content moderation after cyberbullying incident

Malaysia / 2y

RM100 fine for cyberbullying no deterrent, says Fahmi

Malaysia / 2y

Bersatu author of its own misfortunes, says lawmaker

Spotlight

Malaysia

PRN Negeri Sembilan: The battlegrounds, big names and three-cornered fights to watch

By Alfian Z.M. Tahir

People

Woman ends up with RM500 over food bill after date with ‘doctor’

Malaysia

Love scam: Twelve China nationals arrested in Ipoh over suspected online call centres

Malaysia

ASLI to field female candidate in Jeram Padang DUN

Community

‘Furry officer’ laid to rest as Kuching traffic police mourn beloved stray cat (video)

By Alfian Z.M. Tahir

Malaysia

Father mauled by crocodile as son watches in horror in Sabah river (UPDATED)

Malaysia

Johor shuts down Forest City Network School premises

Malaysia

Singapore: Chief Justice Sundaresh Menon to retire in Feb 2027, succeeded by Justice Sushil Nair

You may be interested

Malaysia

Syed Saddiq completes 170km Thanksgiving Charity Run after acquittal, surpassing fundraising target

Malaysia

Kidnap victim rescued within 48 hours, 6 suspects nabbed

Malaysia

Moderate 5.4-magnitude earthquake strikes Sulawesi Sea, no tsunami threat reported

Malaysia

SKDS diesel subsidy rollout in Sabah and Sarawak gains momentum

Malaysia

Bersatu ‘messing things up’ for BN, PN candidates, claims Wan Saiful

Malaysia

PRN Negeri Sembilan: Four seats in focus, battle expected to be tougher than Johor

Malaysia

Negeri Sembilan voters called on to back PH for continuity of stable and integrity-based govt

Malaysia

KWAP intructs full internal review after eFishery financial misconduct case