The Right to Privacy
The right to privacy is a fundamental human right that focuses on protecting your personal information, maintaining your independence and your preserving dignity.
Every person must have ownership of their personal data, and you must ensure that you have control over the collection and use of your personal data, including granting consent about who it can be shared with.
Having personal autonomy and control over your personal data will provide you with protection from unwanted invasion, intrusion, or harassment from others.
The right to privacy should guarantee the protection for decisions regarding medical choices, religious beliefs, and participation in consensual activities without external interference. In an ever-evolving technological environment, safeguarding your privacy has become essential to ensure full control over private information.
You must take control of how your personal data is collected, processed, stored, and used. This will help ensure that your personal data is handled in a lawful, fair, and respectful manner. It will also help set limits on arbitrary interference, unauthorised access, and misuse of personal information.
Personal Data Protection
Personal data refers to any information that can identify a person, including their name, address, phone number, email address and medical history. The purpose of personal data protection is to ensure that individual's information is handled in a way that is lawful, fair, and respectful of their privacy rights.
This includes protecting personal data from unauthorised access, theft, loss, or misuse by public and private entities.
Examples of breaches that have occurred
The Malay Mail article, `Major data breaches in Malaysia in the past 24 months’ published on 31 December 2022, highlights a variety of data breaches that occurred in 2022 including:
December 2022
Data leak allegations involving approximately 13 million account holders from Maybank, the Election Commission, and satellite broadcaster, Astro.
November 2022
The alleged data breach at the Election Commission, where a seller of the stolen data claimed to have registered voters’ MyKad numbers, full name, email addresses, passwords, and home addresses.
Separately, the Communications Ministry said that AirAsia had detected unauthorised access on its servers on 12 November 2022 where it was hit by a Daixin ransomware, putting the personal information of five million passengers at risk.
October 2022
An estimated 2.6 million Carousell users from Malaysia and Singapore allegedly fell victim to a data breach where users’ account creation dates, usernames, full names, email addresses, phone numbers and more were publicly posted online by the hackers.
September 2022
Hackers claimed that they had breached the civil servant e-payslip system and extracted almost two million pay slips and tax forms in PDF format.
Malindo Air (now Batik Air) saw 45 million customers’ email addresses, dates of birth, addresses, passport numbers and phone numbers allegedly revealed online by hackers who claimed to have gained access to the database in 2019.
And there is much more.
The Concerns
While personal data breaches appear to be rampant, meaning that your personal data is easily accessible by hackers and individuals who unethically (and illegally) access and use this data, there seems to be little being done to trace perpetrators, and more importantly, to make them accountable for such breaches.
What this also means is that we are at risk, all the time, to misuse of our personal data.
Newer and more robust data protection laws and stronger industry self-regulation are needed to ensure your privacy is maintained by limiting access, storage, and transmission of personal data domestically and across borders. Moreover, it is essential to ensure that all the involved entities respect individuals' privacy rights.
Conclusion
The current provisions of the Personal Data Protection Act 2010 are insufficient to address legal issues related to protecting personal data as the Act specifically focuses on commercial transactions.
The Malaysian Federal Constitution does not specifically provide for the right to privacy, meaning that there is no express legal protection available to individuals whose right to privacy has been / is being infringed.
The Malaysian government, industry leaders and civil service organisations must collaborate to formulate more robust laws and enforcement structures to ensure data privacy for companies, individuals, and across borders. It is crucial to have clear legal ownership guidelines, responsibility parameters, and regulations around personal data as legal issues relating to the misuse of personal data are becoming increasingly prevalent.
In a world where your personal data has become an asset, safeguarding the right to privacy is not only crucial for protecting your autonomy and dignity but also for fostering trust, innovation, and a balanced digital society. By respecting and upholding the right to privacy and the protection of personal data, we can collectively strive towards a more secure and privacy-conscious environment where individuals' personal data is treated with the utmost care and respect it deserves.
Disclaimer
The content of this article is for general information and educational purposes only and is not intended to be and will not constitute any legal or professional advice to any person / public or private entity.