KUALA LUMPUR, 26th October 2023 – The Consumer Choice Center (CCC) urges the government especially the Ministry of Digital and Communications to consider amending the Personal Data Protection Act 2010 by expanding the application of the act to the public sector.
Wakil Pusat Pilihan Pengguna Malaysia, Tarmizi Anuwar berkata: “Representative of the Malaysian Consumer Choice Centre, Tarmizi Anuwar said: “There is a need for the Personal Data Protection Act 2010 to be extended to the public sector in order to improve the quality of data security and transparency in the public sector. Notably, yesterday’s 2023 Mid-Year Threat Landscape Report by Cyber Security Malaysia showed that the government sector experienced the highest breach or leakage of information in the first half of this year at 22 percent.”
In addition, according to the amount of data leaked by sector, the Government sector is in the second highest place at 28.67 percent behind the banking sector at 37.65 percent. Followed by telecommunications by 20.98 percent, logistics and transport by 9.67 percent and retail by 3.02 percent.
Currently, Act 709 does not apply to the federal government, state governments and their agencies but only applies to commercial transactions of personal data.
“Currently, any public sector data leaks will be investigated by the Federal and state governments, the National Cyber Security Agency (Nacsa) which is under the jurisdiction of the National Security Council (MKN). However, until now there is no clear structure regarding the process to be taken when an information leak occurs in the public sector.”
“In addition, there is no mechanism for individuals to claim compensation when there is a leak in the public sector that causes users to suffer material damage such as financial damage or non-material damage such as loss of reputation or psychological burden. We should take the example of the General Data Protection Regulation (GDPR) by the European Union which is quite comprehensive by taking into account the risk of information leakage in the public sector and the right of users to seek compensation,” he said.
Commenting on the factors and weaknesses of leaks such as vulnerable software, weak access control, data disclosure and critical issues, Tarmizi suggested that the government to improve and enforce the policies and procedures of a public sector organization’s data protection.
“The public sector needs to upgrade data protection procedures in the public sector such as controlling access to sensitive data by limiting data access only to certain employees or deleting data that is no longer used to avoid the risk of internal breaches and theft or loss of data.”
“The public sector also needs to upgrade to safer software with a focus on standards and results rather than fixing any single technology or solution and does not preclude the use of new technologies,” Tarmizi concluded.