MCMC, data commission need more powers to deal with cyber-crimes, says expert
Building a case against cyber-criminals takes time and effort.
PETALING JAYA: A cyber-security law specialist has called for greater powers for Malaysia’s internet regulators to deal with cyber-crimes such as data theft and loss of private information.
Shanthi Kandiah said currently, the Malaysian Communications and Multimedia Commission (MCMC) and the Personal Data Protection Commission (PDPC) are not legally empowered to impose monetary penalties directly on companies.
She told FMT that cyber-security cases are treated like any other criminal case, with prosecution powers in the hands of the Attorney-General’s Chambers.
This means that building a case against cyber-criminals will take more time and effort.
“The burden of proof is high, so the threshold of bringing people to task is also higher because of the nature of the liability,” the lawyer told FMT.
She said getting to the root of a data breach is no easy task.
Under the Personal Data Protection Act, she said, the responsibility falls on data users such as companies and not third-party data processors such as cloud service providers.
She said if MCMC and PDPC had powers to impose fines, they could act quickly and bring companies that are negligent in data security to task.
“Giving the agencies such powers would send the message more quickly,” she added.
In the EU, Shanthi said, companies neglecting data security could be hauled up under the Global Data Protection Regulation, a personal data protection law applied in all EU countries.
Stay current - Follow FMT on WhatsApp, Google news and Telegram
“It’s an administrative action where agencies themselves can levy fines,” she said, citing as example a US$123 million fine imposed on the Marriott group for failing to notify customers that their data had been breached.