Address issue of privacy, cyber security expert tells Putrajaya

Security services firm LGMS founder CF Fong. (Facebook pic)

PETALING JAYA: Malaysia does not have to look far in its move to review the Personal Data Protection Act (PDPA) 2010, a cyber security expert said.

Security services firm LGMS founder CF Fong said the government needs to address the issue of privacy, which can be done even before changes are made to the PDPA.

“One thing of concern to Malaysians is the issue of privacy. We will always receive spam calls from agents and brokers. It is annoying and disturbing.

“The government can follow what Singapore has done, by setting up a centralised registry for Malaysians to register their numbers so that they will no longer receive spam calls.

“Have a centralised ‘do not call’ list. If you do not wish to receive any spam calls, register your number. Any advertiser needs to check the list first.

“This can lead to much better privacy,” he told FMT.

Fong was referring to Singapore’s Do Not Call (DNC) Registry, which allows those who do not want to receive marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations to register.

His comments come in the wake of the government’s plan to review the PDPA.

It was reported that the communications and multimedia ministry, through the Personal Data Protection Department, is reviewing the PDPA to ensure it is in line with current developments.

Its minister Gobind Singh Deo reportedly said the review would be premised on the need for effective and efficient implementation of the PDPA, as well as to streamline international requirements concerning personal data protection.

This includes the many key points of the European Union’s General Data Protection Regulation (GDPR).

Fong said another issue which needs attention is enforcement. He recalled the telecommunications data leak from two years ago, and pointed out how the company consolidating the data had somehow leaked them out.

“This has led to data being sold on the dark web. The data of most Malaysian mobile phone holders are still being sold on the dark web today,” he said.

He also questioned what became of the data leak, if the authorities had identified the culprit and action taken.

“The incident just died off. To my knowledge, there was no prosecution,” he said.

The data breach was discovered by Lowyat.net in October 2017 after someone tried to sell personal details of telco subscribers for an undisclosed amount on its forums.

Over 46 million mobile phone numbers from Malaysian telcos and mobile virtual network operators (MVNO) were leaked online.

The report said the leak included postpaid and prepaid numbers, customer details, addresses as well as SIM card information.

The data was from various telcos including DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel.