THERE must be an immediate amendment to beef up the Personal Data Protection Act 2010 (PDPA) after some 100 million sets of personal data were reportedly compromised over the last five years, said Lembah Pantai MP Fahmi Fadzil.
The PKR lawmaker said that this amendment was critical as instances of stolen data continue to run rampant in the country with the latest leak occurring just last week when a cybersecurity expert claimed that there was a possible data leak on the PIKAS website.
PIKAS is a public-private partnership immunisation programme aimed at employees in the manufacturing sector, coordinated by the ministry.
The expert, Dr Suresh Ramasamy, further claimed to have discovered a PIKAS portal server which allowed him to access an open directory containing Excel files with employee details including MyKad or passport number, employee ID, age, gender and contact number. He claimed to have seen more than 2,000 files.
On this matter, Fahmi expressed concern that the data reported as compromised are stolen from companies and agencies under various government ministries.
“There were previously attempts made to amend the PDPA during the previous Pakatan Harapan government under the then-communications and multimedia minister Gobind Singh Deo. However there has been no updates to the status of the review since the change in administration in March 2020,” he said in a statement today (June 6).
“I urge the current minister and the personal data protection commissioner to explain the status of the PDPA review, as well as measures that have been taken to guarantee the safety of Malaysians’ personal data.
“The minister must utilise the coming Parliament proceeding beginning July 18 to table the amendment to the act. God willing, I will also submit a private member’s bill for the amendment in the same Parliament session.”
The opposition lawmaker went on to highlight eight other incidents of data leaks that had occurred since 2017, including the selling of the personal details of millions of Malaysians supposedly stolen by hackers from the National Registration Department (JPN).
The data set is said to contain information, including the full names, IC numbers, addresses and photographs, of about 22.5 million Malaysians born between 1940 and 2004.
However, Home Minister Datuk Seri Hamzah Zainudin responded to the report by saying that the dataset did not belong to JPN.
Interestingly, Fahmi noted that despite the scale of the leaks, only one high-profile case had been brought to court which involved the data breach of around 30 million Malindoo Air passengers.
“Other high-profile cases involving over 70 million personal data either have not been taken to court or the results of the investigation by the ministries and agencies involved are unknown to the public,” he remarked.
“This situation does not bode well for the rakyat or economy. Where has all the stolen data gone? Why is data theft still prevalent? Is the stolen data abused by criminals for scams or other illicit activities? This issue is indeed worrying.” – June 6, 2022
Main photo credit: The Star
