Privacy, Cybersecurity & Technology-UAT

Your privacy is extremely important. In fact, our Courts have even recognised that right to privacy is a constitutional law. You should care about your privacy to prevent unauthorised use of your personal information, identity theft, fraud, spam, financial loss as well as insult on your modesty. All persons, whether laymen, public figures and celebrities have a reasonable expectation of privacy.

You can claim damages for losses suffered and an injunction to prevent further dissemination or publication of your personal information. As for breach of personal data protection law, you can also lodge a complaint with the personal data protection authority for them to take criminal legal action against the infringer.

Under the Personal Data Protection Act 2010, if you are a data user (i.e. someone who processes personal data), you are required to comply with all the following principles:

• General Principle
• Notice and Choice Principle
• Disclosure Principle
• Security Principle
• Retention Principle
• Data Integrity Principle
• Access Principle

Under the Personal Data Protection Act 2010, if you are a data user (i.e. someone who processes personal data), you are required to comply with all the following principles:

• Right to be told whether your personal data is processed by an organisation
• Right to access your personal data
• Right to rectify your personal data
• Right to withdraw consent to processing of your personal data
• Right to prevent processing of your personal data likely to cause damage or distress
• Right to prevent processing for purposes of direct marketing

We live in a digital world where technology and Internet form part of our life. Technology law basically refers to different statutes and rules that apply to computer and Internet topics, such as hacking, identity theft, false information, confidential information, trade secrets, electronic and digital signatures, personal data protection, communication and multimedia, electronic commerce, etc. These laws exist to protect you in your digital life.

The first thing you should do is immediately limit the thief’s access to your personal accounts, change the password of your bank accounts and cancel your credit cards and ATM cards. You then need to alert the relevant government authorities and seek an advice from a lawyer.

Cybersecurity is the collection of technologies, processes and best practices that give protection of networks, services and devices and the data on them from theft, damage or unauthorised use.

Cyber attack refers to an offensive action (such as authorised access, unapproved changes and malicious destruction) intended to undermine the functions of physical infrastructure (e.g., power grids, nuclear reactors) as well as computational infrastructure (e.g., computers, networks). Examples of cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.

In Malaysia, we do not have a stand-alone cybersecurity law. We rely on Personal Data Protection Act 2010 to protect our personal data; Computer Crimes Act 1997 to protect unauthorised access to computer material; Penal Code to protect us from fraud; Communications and Multimedia Act 1998 to protect us from anyone who uses application services with the intent to annoy, abuse, threaten or harass at any number or electronic address and use of hardware, software or tools to commit cybercrime. Certain sectors such as banks, capital market service providers as well as critical national information infrastructure have rules and guidelines that spell out minimum baseline obligations on cybersecurity. However, these technology laws do not provide a regulatory framework for the routine and proactive protection of critical national information infrastructure. A stand-alone Cybersecurity Act will enhance the powers to complement the existing technology laws.