Sunday, September 30, 2012

Woes mount as data protection enforcement sits idle

PETALING JAYA, September 30 2012 (The Star by Hariati Azizan) : Have you gone a day without receiving irritating phone calls, SMS or email messages offering personal loans, free medical check-up or new credit cards?
If your answer is “No”, you are not alone; thousands of Malaysians are bombarded with such messages daily.
If you have received many unsolicited sales calls and messages daily, then it is also likely that your data has been collected and sold to a third party without your consent.
A check of the classified sections of a few dailies by Sunday Star showed that there are still individuals and organisations who are offering databases of personal information for sale despite the public uproar they have caused in the past.
According to the National Consumer Complaints Centre (NCCC), which have received complaints from many consumers inundated with unsolicited calls and SMSes coaxing them to buy a service or goods, the main reason for this abuse is that Malaysia has yet to enforce the Personal Data Protection Act (PDPA) although it was gazetted into law in June 2010.
“The law needs to be enforced as many unscrupulous people are taking advantage of this situation to use people's personal data for transactions without their knowledge,” said NCCC senior manager Matheevani Marathandan.
Under the PPDA, it is a crime for companies to use an individual's personal data for commercial transactions without his or her consent.
It also prohibits the selling and buying of personal data.
The offence carries a maximum fine of RM500,000, a three-year jail term or both.
Prof Abu Bakar Munir, a professor of law at Universiti Malaya who was also involved in the drafting of the PDPA, said it is urgent that the Act be implemented soon.
“Personal data is the new currency of the digital world, so people are concerned about their privacy,” said Prof Abu Bakar, who was one of the speakers at a recent media forum on the PDPA's enforcement hosted by security firm Symantec.
Campaign Against Spam SMS spokesman Lim Chong Wei said the PDPA should have been enforced earlier.
“The problem is that there is too little enforcement,” he said, adding that the lack of enforcement has kept SMS spam high on the list of complaints to the Malaysian Communications and Multimedia Commission in the last few years.

Monday, September 24, 2012

Stories of Insufficient and Incomplete Shredding

Presently, many organisations no longer handle their own document shredding due to the unreliability of common office paper shredders. Instead of risking having their shredding documents stolen and reconstructed, making all kinds of sensitive and private information available, many organisations choose to outsource this function to document shredding services.

There were few incidences in history that can bring about to this major change in the way organisations go about with document shredding.
 
Back in November 1979, 52 US citizens were taken hostage after a group of 300 to 500 angry students took over the US Embassy in Iran. Although the student's initial plan was to hold the hostages for less than a week, the hostages were only released after 444 days later (20th January, 1981). The reason for this is simply 'insufficient document shredding'!

Shortly after taking over the building, radical revolutionary students (who were convinced that the embassy was a centre of opposition to the new government after the downfall of the Shah of Iran) reconstructed and displayed confidential documents that US diplomats and admin personnel had frantically shredded as they were being invaded. This rushed document shredding job proved disastrous, as it helped strengthen radical Iranian claims.
 
The 2001 Enron accountancy scandal was another major incident in history that resulted in a catastrophic outcome as a result of inadequate document shredding. Much of the incriminating evidence in the Enron accountancy scandal was gathered from the shredded documents. We are left wondering as to how could this be possible? These documents were definitely shredded but the shredded documents were easily reassembled as the documents were not fed through the shredder properly (it was parallel rather than the perpendicular to the shredder blades).

Have we learnt anything from history? Since these incidences of major breaches in security, there is now a high demand for more secure methods of sensitive documents such as onsite shredding whereby the shredded materials on board the mobile shredding truck are compacted and mixed with other materials in large volumes, making it virtually unidentifiable and not easily reconstructed. Therefore, be careful and take necessary steps when dealing with document shredding. Learn from past mistakes as a famous quote once said; " Who controls the past controls the future..."