Personal data protection law to be enforced by year-end?

Personal data protection law to be enforced by year-end?: Page 2 of 2

By Edwin Yapp June 5, 2013

Wrestling with SMS spam

Malaysia’s PDPA is aimed at regulating the processing of the personal data of an individual who is involved in commercial transactions, by the data user, to provide protection to the individual's personal data, and thereby protect the interest of the individual concerned.

Consumer advocates and digital agencies have argued that the Act, among other things, is supposed to curb the rising scourge of unsolicited or unwanted spam sent via SMSes to subscribers, a phenomenon that has been rising in the past few years in Malaysia.

When asked if the PDPA covered the regulation of such SMS spam that is indiscriminately sent to mobile phone subscribers, ZicoLaw’s Subramaniam confirmed that it does but was quick to add that the Act did not cover the regulation of the content of those unsolicited SMSes.

“When the PDPA comes into force and if, for example, my phone number is given to somebody else, then that is a breach of the Act because doing so would be considered personal data [being given out],” he said.

“[However] the PDPA does not govern the content [of the SMS] as the regulation of content sent in SMSes is under the purview of the industry regulator, the Malaysian Communications and Multimedia Commission (MCMC),” he added.

In the recent Malaysian GE13, mobile phone subscribers were bombarded almost daily with SMSes, many of which were ostensibly sent out on behalf of the ruling coalition, the Barisan Nasional.

Pressed further as to who should be responsible for the tackling this unsolicited SMS spam, fellow panellist Anwar Yusoff of CyberSecurity Malaysia (CSM) said that it’s best to leave it to the MCMC.

“On the regulation and enforcement [of content], it’s best they [MCMC] answer,” said the head of innovation and commercialisation at CSM. “Our role is purely to look after certain aspects, for example, the issue of spam and what needs to be done from a technical standpoint.”

Personal data protection law to be enforced by year-end?: Page 2 of 2 Cheah (pic) said governments globally and regionally are struggling to find the balance between how to control content that is not appropriate, such as SMS spamming, and at the same time not to come across as practising censorship.

She noted that with social media, bulletin boards and the like, it’s really hard for governments throughout the world to balance between excessive control and the application of a light-handed approach to curbing inappropriate content.

“[This issue] is really tied in with government management,” she explained. “There are really no clear cut answers and this is just another manifestation of how technology has taken us to places we haven’t been before.”

Product to mitigate risk

Meanwhile at the roundtable event, AIG launched a comprehensive cyber insurance solution dubbed CyberEdge, a product which the company claims will provide a 'unique and comprehensive cyber solution for cyber liabilities exposure' that current commercial insurance policies may not cover.

Citing a Deloitte Touche 2011 report on cyber-security, Emily Poh, AIG’s assistant vice-president of financial lines, said that despite 75% of organisations having experienced some form of cyber incident, the awareness of cyber risk remains low.

“A corporate risk management framework needs to address cyber exposures, yet many risk managers in Malaysia rarely evaluate cyber risks,” she said.

Poh said the rise of cyber threats prompted AIG to develop CyberEdge. Unveiled June 4, the product is specially designed to address the consequence of losing corporate information and personal data from cyber threats. It covers companies’ liability arising from breaching data protection laws.

In tandem with the launch, AIG has also made available a CyberEdge free-to-download mobile application for the Apple iPad. For an in-depth look at CyberEdge, click here to find out more.

Related Stories: