Sunday, December 23, 2012
Greetings of the Season and Best Wishes for the New Year!
MyShred Mobile would like to wish all a Merry Christmas and Best Wishes for a Happy New Year! We will be closed on the 25th of December 2012 (Tuesday) and will resume for business on the 26th of December 2012 (Wednesday).
Thursday, December 13, 2012
Personal Data Protection Act 2010 Kickstarts 01.01.2013
KUALA LUMPUR: The Personal Data Protection Act, aimed at preventing abuse of personal data of citizens for commercial purposes, would come into force on Jan 1, said Deputy Information, Communications and Culture Minister Datuk Joseph Salang.
He said the Act, which was passed by Parliament in 2010, would play a crucial role in safeguarding the interest of individuals, and made it illegal for corporate entities or individuals to sell personal information or allow the use of data by third parties.
Many quarters, he said, felt that the enactment of the Act was timely as it would facilitate the transfer and transmitting of personal and often very important information seamlessly.
"It gives the public more control over their personal data. Whenever consent is required for data processing, it'll have to be given expressly rather than impliedly or be assumed," he said in his keynote address at the Second Annual Personal Data Protection Summit, here, today.
He said organisations, on the other hand, would need to embark on continuous data privacy audit exercise to ensure compliance with the law as they now faced increased responsibility and accountability in processing personal data disclosed to them.
Salang said, to administer this piece of legislation, the Personal Data Protection Department was established on May 16, 2011. The Act was similar to legislation to protect personal data which had been enacted in other jurisdictions such as Hong Kong, New Zealand, Canada and the European Union, he said.
Salang said under the Act, offenders were liable to be jailed for up to two years or fined RM300,000, or both, if convicted.
He urged the public to be careful about information they shared online, especially in social media applications.
"Unfortunately, this is an 'open window' to our lives which makes it easier for those with nefarious intent to obtain information and use it for their own ends," he cautioned.
- Bernama
Sunday, September 30, 2012
Woes mount as data protection enforcement sits idle
PETALING JAYA, September 30 2012 (The Star by Hariati Azizan) : Have you gone a day without receiving irritating phone calls, SMS or email messages offering personal loans, free medical check-up or new credit cards?
If your answer is “No”, you are not alone; thousands of Malaysians are bombarded with such messages daily.
If you have received many unsolicited sales calls and messages daily, then it is also likely that your data has been collected and sold to a third party without your consent.
A check of the classified sections of a few dailies by Sunday Star showed that there are still individuals and organisations who are offering databases of personal information for sale despite the public uproar they have caused in the past.
According to the National Consumer Complaints Centre (NCCC), which have received complaints from many consumers inundated with unsolicited calls and SMSes coaxing them to buy a service or goods, the main reason for this abuse is that Malaysia has yet to enforce the Personal Data Protection Act (PDPA) although it was gazetted into law in June 2010.
“The law needs to be enforced as many unscrupulous people are taking advantage of this situation to use people's personal data for transactions without their knowledge,” said NCCC senior manager Matheevani Marathandan.
Under the PPDA, it is a crime for companies to use an individual's personal data for commercial transactions without his or her consent.
It also prohibits the selling and buying of personal data.
The offence carries a maximum fine of RM500,000, a three-year jail term or both.
Prof Abu Bakar Munir, a professor of law at Universiti Malaya who was also involved in the drafting of the PDPA, said it is urgent that the Act be implemented soon.
“Personal data is the new currency of the digital world, so people are concerned about their privacy,” said Prof Abu Bakar, who was one of the speakers at a recent media forum on the PDPA's enforcement hosted by security firm Symantec.
Campaign Against Spam SMS spokesman Lim Chong Wei said the PDPA should have been enforced earlier.
“The problem is that there is too little enforcement,” he said, adding that the lack of enforcement has kept SMS spam high on the list of complaints to the Malaysian Communications and Multimedia Commission in the last few years.
Monday, September 24, 2012
Stories of Insufficient and Incomplete Shredding
Presently, many organisations no longer handle their own document shredding due to the unreliability of common office paper shredders. Instead of risking having their shredding documents stolen and reconstructed, making all kinds of sensitive and private information available, many organisations choose to outsource this function to document shredding services.
There were few incidences in history that can bring about to this major change in the way organisations go about with document shredding.
Back in November 1979, 52 US citizens were taken hostage after a group of 300 to 500 angry students took over the US Embassy in Iran. Although the student's initial plan was to hold the hostages for less than a week, the hostages were only released after 444 days later (20th January, 1981). The reason for this is simply 'insufficient document shredding'!
Shortly after taking over the building, radical revolutionary students (who were convinced that the embassy was a centre of opposition to the new government after the downfall of the Shah of Iran) reconstructed and displayed confidential documents that US diplomats and admin personnel had frantically shredded as they were being invaded. This rushed document shredding job proved disastrous, as it helped strengthen radical Iranian claims.
The 2001 Enron accountancy scandal was another major incident in history that resulted in a catastrophic outcome as a result of inadequate document shredding. Much of the incriminating evidence in the Enron accountancy scandal was gathered from the shredded documents. We are left wondering as to how could this be possible? These documents were definitely shredded but the shredded documents were easily reassembled as the documents were not fed through the shredder properly (it was parallel rather than the perpendicular to the shredder blades).
Have we learnt anything from history? Since these incidences of major breaches in security, there is now a high demand for more secure methods of sensitive documents such as onsite shredding whereby the shredded materials on board the mobile shredding truck are compacted and mixed with other materials in large volumes, making it virtually unidentifiable and not easily reconstructed. Therefore, be careful and take necessary steps when dealing with document shredding. Learn from past mistakes as a famous quote once said; " Who controls the past controls the future..."
Wednesday, February 15, 2012
Protecting Your Personal Data
The Star - Sunday February 12, 2012
By DATUK SERI DR RAIS YATIM
At long last, we now have a venue to bring up grouses about our personal data being given away without our knowledge – the Personal Data Protection Department, which was officially launched on Thursday.
ISSUES related to Personal Data Protection have been dabbled with for a long time in this part of the world. The Personal Data Protection Act 2010 (PDPA) is one of the cyber legislations aimed at regulating the processing of personal data in commercial transactions.
The Act was passed by Parliament in May 2010 and the Personal Data Protection Department was created a year later. At a cyber seminar in November 2001, I raised the importance of Malaysia creating an Act to protect the personal data of an individual.
Awareness had risen not only because of rapid commercial development involving violations of personal data such as credit status of individuals, but also invasion through the means of communication tools being detected and questioned.
During the seminar, I spoke on the rights and liabilities pertaining to information; protection of information from unlawful use; the right to information; the status of information belonging to individuals and the overall issues pertaining to the future of online trade and commerce using other people’s data.
"Under the law, the Federal and State Governments are exempted from the PDPA application. This is to give space and the right for the Government to use one’s basic personal data to be processed for legal administrative purposes." - DATUK SERI DR RAIS YATIM
When you purchase an item online, your credit card data is online as well. Your banking activities precipitate the storage, retrieval as well as the movement of your credit and debit records.
To some quarters, these are useful if not valuable information. Wrongly used, your very own data could be the meat for a sly move or the subject matter of fraud.Whichever way you look at it, modern life has involved us in a multi-faceted approach towards preserving our rights in respect of personal data.
Now, 11 years later, we are dealing with personal data again with the opening of the department (on Thursday) and a seminar on its legislation. In this context, our Government’s efforts to recognise individual interests through efforts to protect personal data should be given due recognition.
While the PDPA functions in the commercial environment, abuse of telephony communication networks or other channels through violations of personal data are also closely associated with the Communications and Multimedia Act (CMA) 1998.
For example, a person who intentionally infiltrates and gets without permission any information, including data through telephony or other means of communications under S.234 of the CMA, can be jailed up to one year or fined up to RM50,000 or both, if convicted.
The word “intercepts, attempts to intercept or procures through any other person, any communications” have very broad implications and applications to the extent of involving the personal data of an individual.
On the other hand, the CMA is complementary to the PDPA and the expedient should be used in the best interest of the people in terms of integrity and security of personal data of an individual. The promulgation of the personal data protection legislation was also mentioned in the CMA to “ensure information security, and network strength and reliability”.
Defining personal data
To ordinary citizens, a common question is: What is actually personal data? Under Section 4 of the PDPA, personal data means any information concerning commercial transactions stored or recorded and which can be managed automatically or as a file system.
It does not matter whether the information is being processed, stored automatically or filed by any party. But it will only be an offence if the information data is used in the commercial environment.
The next question is: If certain personal data are not involved in any commercial transaction, does the question of offence or abuse arise? This seems to be the implications and applications of the new law. Hence, the commercial environment should be involved before a criminal offence is recognised under the PDPA.
Generally, personal data has a very wide scope, covering sensitive and personal information such as blood type, health records and descriptions, political and religious beliefs, mental or physical conditions, or any other data needed by the authority from time to time.
Normal personal data also involves details on bank accounts, credit cards, telecommunication links like telephone or any other information stipulated by the minister under the PDPA from time to time.
The lists of personal data under the PDPA could also be expanded by the authority based on the demands of the living environment. However, details or information of one’s credit ratings are put under the Credit Rating Agency Act 2010 and so are not covered by the PDPA. It is clear that while the register or lists of personal data could be added according to the needs and interests of the consumers in the commercial environment in the future, the public need to know their rights under the new law.
It should also be stressed that the PDPA comprises seven key principles that must be adhered to under S.5(1) to protect the integrity of personal data. They are:
> A user is not allowed to process the personal data of another user without permission. The process here simply means data handling through an automated or computerised system or method or any other process;
> The user must comply with the Principle of Notice and Choice in which the information and purpose of the preliminary communication are conveyed to the data subject;
> The Principle of Disclosure spells out the need to disclose the use of personal data;
> The Principle of Security states that when processing personal data of any subject, precautionary measures must be taken so that the data is safe, and not tampered with, abused, missing or given to irrelevant parties;
> The Principle of Storing specifies that any personal data shall not be kept in a processing system longer than needed;
> The Principles of Data Integrity: all personal data must be accurate, complete, non-confusing and up-to-date in line with the purpose of storing and processing; and
> The Principle of Access: a user must be given access to his/her own personal data, which is kept by another user, and to be allowed to update the data.
With these principles in place, users and e-commerce practitioners will be more confident that their personal information are well protected. In the meantime, a practical and reasonable code of practice can be formulated by private effort or on the initiatives of Personal Data Commissioner.
Scope of the Act
Under the law, the Federal and State Governments are exempted from the PDPA application. This is to give the space and the right for the Government to use one’s basic personal data to be processed for legal administrative purposes.
The law will also speed up the development of electronic connection and transactions like e-commerce and e-business. It can be concluded that the existence of the law will, among others, help Malaysia to become a communication and electronic trade centre; an attractive location for investment in multimedia and communications industry; and an international trade partner which is able to offer personal data protection assurance according to international standards.
More than 100 countries have or are in the process of introducing personal data protection legislation as the borderless transaction environment entails a free flow of information through electronic networks worldwide to cater to the needs to comply with international standards.
The activities and scopes of the Personal Data Protection Act, among others, cover the Registration of Personal Data Users; Creation of the Consumer Data Forum; Creation of the Personal Data Practice Code; Appointment, Functions and Powers of Personal Data Protection Commissioner, including Financial Provisions; Creation of the Personal Data Protection Provident Fund; Creation of the Personal Data Protection Advisory Committee; Creation of the Appeal Tribunal; Inspection Procedures, Complaints and Investigation; and Enforcement.
Personal data processed by an individual for the purpose of personal, family or household affairs, including for recreational purposes, are excluded from the provisions of this Act.
The security, integrity and protection of personal data are a fundamental factor to shift the country from a manufacturing-based economy to high-value knowledge economy through the support of ICT infrastructure. The rise of electronic-based transactions has assailed the status of personal data which previously did not have a high commercial value.
This Act, of course, is able to strengthen personal data protection as a social obligation. This is important in order to protect the privacy of an individual, apart from the objective of producing dignified, integral and responsible traders in daily practices hinged on widespread use of e-commerce characteristics.
The importance of decisiveness and efficiency in all matters pertaining to enforcement must be stressed. May the Personal Data Protection Commissioner implement this principle in an effort to produce a resilient society for the benefit of future generations.
> Datuk Seri Dr Rais Yatim, who is Information, Communication and Culture Minister, officially opened the new Personal Data Protection Department in Kuala Lumpur on Thursday. - THE STAR
By DATUK SERI DR RAIS YATIM
At long last, we now have a venue to bring up grouses about our personal data being given away without our knowledge – the Personal Data Protection Department, which was officially launched on Thursday.
ISSUES related to Personal Data Protection have been dabbled with for a long time in this part of the world. The Personal Data Protection Act 2010 (PDPA) is one of the cyber legislations aimed at regulating the processing of personal data in commercial transactions.
The Act was passed by Parliament in May 2010 and the Personal Data Protection Department was created a year later. At a cyber seminar in November 2001, I raised the importance of Malaysia creating an Act to protect the personal data of an individual.
Awareness had risen not only because of rapid commercial development involving violations of personal data such as credit status of individuals, but also invasion through the means of communication tools being detected and questioned.
During the seminar, I spoke on the rights and liabilities pertaining to information; protection of information from unlawful use; the right to information; the status of information belonging to individuals and the overall issues pertaining to the future of online trade and commerce using other people’s data.
"Under the law, the Federal and State Governments are exempted from the PDPA application. This is to give space and the right for the Government to use one’s basic personal data to be processed for legal administrative purposes." - DATUK SERI DR RAIS YATIM
When you purchase an item online, your credit card data is online as well. Your banking activities precipitate the storage, retrieval as well as the movement of your credit and debit records.
To some quarters, these are useful if not valuable information. Wrongly used, your very own data could be the meat for a sly move or the subject matter of fraud.Whichever way you look at it, modern life has involved us in a multi-faceted approach towards preserving our rights in respect of personal data.
Now, 11 years later, we are dealing with personal data again with the opening of the department (on Thursday) and a seminar on its legislation. In this context, our Government’s efforts to recognise individual interests through efforts to protect personal data should be given due recognition.
While the PDPA functions in the commercial environment, abuse of telephony communication networks or other channels through violations of personal data are also closely associated with the Communications and Multimedia Act (CMA) 1998.
For example, a person who intentionally infiltrates and gets without permission any information, including data through telephony or other means of communications under S.234 of the CMA, can be jailed up to one year or fined up to RM50,000 or both, if convicted.
The word “intercepts, attempts to intercept or procures through any other person, any communications” have very broad implications and applications to the extent of involving the personal data of an individual.
On the other hand, the CMA is complementary to the PDPA and the expedient should be used in the best interest of the people in terms of integrity and security of personal data of an individual. The promulgation of the personal data protection legislation was also mentioned in the CMA to “ensure information security, and network strength and reliability”.
Defining personal data
To ordinary citizens, a common question is: What is actually personal data? Under Section 4 of the PDPA, personal data means any information concerning commercial transactions stored or recorded and which can be managed automatically or as a file system.
It does not matter whether the information is being processed, stored automatically or filed by any party. But it will only be an offence if the information data is used in the commercial environment.
The next question is: If certain personal data are not involved in any commercial transaction, does the question of offence or abuse arise? This seems to be the implications and applications of the new law. Hence, the commercial environment should be involved before a criminal offence is recognised under the PDPA.
Generally, personal data has a very wide scope, covering sensitive and personal information such as blood type, health records and descriptions, political and religious beliefs, mental or physical conditions, or any other data needed by the authority from time to time.
Normal personal data also involves details on bank accounts, credit cards, telecommunication links like telephone or any other information stipulated by the minister under the PDPA from time to time.
The lists of personal data under the PDPA could also be expanded by the authority based on the demands of the living environment. However, details or information of one’s credit ratings are put under the Credit Rating Agency Act 2010 and so are not covered by the PDPA. It is clear that while the register or lists of personal data could be added according to the needs and interests of the consumers in the commercial environment in the future, the public need to know their rights under the new law.
It should also be stressed that the PDPA comprises seven key principles that must be adhered to under S.5(1) to protect the integrity of personal data. They are:
> A user is not allowed to process the personal data of another user without permission. The process here simply means data handling through an automated or computerised system or method or any other process;
> The user must comply with the Principle of Notice and Choice in which the information and purpose of the preliminary communication are conveyed to the data subject;
> The Principle of Disclosure spells out the need to disclose the use of personal data;
> The Principle of Security states that when processing personal data of any subject, precautionary measures must be taken so that the data is safe, and not tampered with, abused, missing or given to irrelevant parties;
> The Principle of Storing specifies that any personal data shall not be kept in a processing system longer than needed;
> The Principles of Data Integrity: all personal data must be accurate, complete, non-confusing and up-to-date in line with the purpose of storing and processing; and
> The Principle of Access: a user must be given access to his/her own personal data, which is kept by another user, and to be allowed to update the data.
With these principles in place, users and e-commerce practitioners will be more confident that their personal information are well protected. In the meantime, a practical and reasonable code of practice can be formulated by private effort or on the initiatives of Personal Data Commissioner.
Scope of the Act
Under the law, the Federal and State Governments are exempted from the PDPA application. This is to give the space and the right for the Government to use one’s basic personal data to be processed for legal administrative purposes.
The law will also speed up the development of electronic connection and transactions like e-commerce and e-business. It can be concluded that the existence of the law will, among others, help Malaysia to become a communication and electronic trade centre; an attractive location for investment in multimedia and communications industry; and an international trade partner which is able to offer personal data protection assurance according to international standards.
More than 100 countries have or are in the process of introducing personal data protection legislation as the borderless transaction environment entails a free flow of information through electronic networks worldwide to cater to the needs to comply with international standards.
The activities and scopes of the Personal Data Protection Act, among others, cover the Registration of Personal Data Users; Creation of the Consumer Data Forum; Creation of the Personal Data Practice Code; Appointment, Functions and Powers of Personal Data Protection Commissioner, including Financial Provisions; Creation of the Personal Data Protection Provident Fund; Creation of the Personal Data Protection Advisory Committee; Creation of the Appeal Tribunal; Inspection Procedures, Complaints and Investigation; and Enforcement.
Personal data processed by an individual for the purpose of personal, family or household affairs, including for recreational purposes, are excluded from the provisions of this Act.
The security, integrity and protection of personal data are a fundamental factor to shift the country from a manufacturing-based economy to high-value knowledge economy through the support of ICT infrastructure. The rise of electronic-based transactions has assailed the status of personal data which previously did not have a high commercial value.
This Act, of course, is able to strengthen personal data protection as a social obligation. This is important in order to protect the privacy of an individual, apart from the objective of producing dignified, integral and responsible traders in daily practices hinged on widespread use of e-commerce characteristics.
The importance of decisiveness and efficiency in all matters pertaining to enforcement must be stressed. May the Personal Data Protection Commissioner implement this principle in an effort to produce a resilient society for the benefit of future generations.
> Datuk Seri Dr Rais Yatim, who is Information, Communication and Culture Minister, officially opened the new Personal Data Protection Department in Kuala Lumpur on Thursday. - THE STAR
Thursday, February 9, 2012
Thursday, January 26, 2012
New Department To Oversee Implementation Of Malaysian Personal Data Protection Act 2010
KUALA LUMPUR (Jan 14, 2012): Information, Communication and Culture Deputy Minister Datuk Maglin D'Cruz has announced that the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi Malaysia) has been created within the ministry under the Personal Data Protection Act 2010. - Bernama.
Tuesday, January 24, 2012
Subscribe to:
Posts (Atom)
