Have you ever considered the amount of personal data you disclose each time you use your smartphone or computer? As technology advances, we willingly share our data, trusting that software or applications will handle it appropriately. However, the reality is that our personal information is constantly collected, stored, and shared, whether online or offline.
In today's economy, data has become a valuable commodity. As Mark Cuban describes it, "Data is the new gold. It's the new oil.". This highlights the need for vigilance regarding how our data is collected and managed. By understanding the value of our personal data and taking proactive measures to protect it, we can reduce the risk of financial loss and identity theft while promoting ethical and responsible use of our information.
Data breaches have become a pressing concern in Western countries. Recent reports have shed light on how a popular short-form video app that was perceived by its user as a mere entertainment platform, is now under scrutiny due to its potential threat to national security. Malicious entities exploit user's information, raising concerns about identify intelligence prospects for espionage or blackmailing unsuspecting targets.
Consequently, data breaches can have severe consequences for both individuals and businesses. According to a 2022 report by Statista, online frauds were the most reported cyber threat incidents announced by Cybersecurity Malaysia, with over four thousand reports, followed by malicious codes.
For individuals, safeguarding personal data preserves privacy and shields sensitive information from cybercriminals. In the digital era, where sharing every memorable detail of our lives through news feeds has become effortlessly accessible. We have immersed ourselves in the allure of easy sharing, inadvertently lowered our guard and forgetting the inherent value and preciousness of our personal data. This prevailing mindset has led to a collective oversight and boundaries of personal data and privacy in exchange for necessary enjoyment.
Businesses, on the other hand, must recognise that personal data protection stands as a frontline defence against data breaches, which can lead to financial losses and irreparable damages to their hard-earned reputation. By prioritising robust personal data protection measures, businesses can fortify their foundation, instilling trust among customers and safeguarding their long-term success.
In Malaysia, the Personal Data Protection Act 2010 ("PDPA") aims to safeguard sensitive information from unauthorised access, use, or disclosure. Additionally, the European Union's General Data Protection Regulation (GDPR) sets standards for organisations processing personal data of EU residents. While both PDPA and GDPR share some similarities in terms of their objectives to protect the privacy and personal data of individuals, however, the level and threshold of protection may differ.
Personal data includes any data in any form, whether it is collected, recorded, stored, or processed by any means. For example, Personal data can be the information provided when filling out a survey form or even your thumbprint used for office door access. Although we may feel comfortable sharing our personal data in our daily activities, without proper protection and safeguarding, this information can be stolen or misused, resulting in financial loss, identity theft, and even reputational damages.
The Malaysian legislator has introduced seven (7) data protection principles for data users to comply with. These principles provide guidelines for safeguarding personal data from unauthorised access, misuse, or disclosure. The 7 principles are as follows:
Security – it imposes an obligation on a data user to take measures to protect personal data from loss, misuse, modification, unauthorised or accidental access or disclosure, and alteration or destruction during its processing;
Purpose – it prohibits a data user from processing personal data without the consent of a data subject;
Data Integrity – it requires a data user to take steps to ensure data hygiene;
Notice and Choice – it requires data user to inform a data subject of various matters relating to the information of that data subject;
Disclosure – it prohibits disclosure of personal data;
Access – it gives right for data subject to access their own data; and
Retention – personal data shall not be retained longer than necessary.
Adhering to these principles helps ensure that personal data is processed and protected in a lawful and responsible manner. While individuals enjoy the services provided by data users, finding a balance between enjoying digital services and protecting personal data is crucial for safeguarding privacy and security. In conclusion, personal data protection is essential in today's digital age and cannot be compromised. By implementing practical measures and adhering to relevant regulations and laws, individuals and businesses can protect their personal data from unauthorized access, use, or disclosure.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
