Review Data Act so action can be taken against government for misconduct, Putrajaya told


Source: Malay Mail Online

KUALA LUMPUR, Feb 6 — A group consisting of civil societies and “concerned individuals” today called for the Personal Data Protection Act 2010 to be reviewed so that federal and state governments will be held responsible for any leaks of personal data that they collect.

The group of 13 organisations and four individuals said the recent cases of data leak show that the Act, short for PDPA, must be reviewed to include governments and government agencies in order to mitigate future breaches.

“It is high time that the PDPA is reviewed to cover Federal and State Governments and their agencies which collect, store and process user personal data.

“It is no longer acceptable that the Government and its agents are allowed to ignore the importance of data protection standards as they are also vulnerable to the threats of data breaches,” the group said in a statement.

Section 3 (1) of the PDPA states that the Act does not apply to the Federal and State governments.

Earlier last month, personal details of more than 200,000 registered organ donors were leaked.

According to news reports this included MyKad numbers, home addresses and telephone numbers of pledgers and their next of kin.

Prior to that, a similar incident was reported last September when the personal details of some 40 million Malaysians were leaked between 2014 and 2016.

“Despite the gravity of the situation, the Personal Data Protection Commission, the Malaysian Communications and Multimedia Commission and the Royal Malaysian Police have failed to offer any substantial remedy or action plan to address the leaks,” the group said.

Among the undersigned organisations were Sinar Project, Amnesty International Malaysia and Centre for Independent Journalism, while tech blogger Keith Rozario was among the undersigned individuals.