[This article was published in The Star on 1 October 2009]
In a world where personal data has become commoditised, there is need for a governing law on the right to privacy.
A FEW days ago, I received this text message: “Good news! Credit Card Debts, restructuring reduced to 7% p.a. 100% approved! Or cash out, 12 banks available. Direct instalment to bank. Easy payment 24-36 months. More info, call me. Jane”.
I do have friends named Jane, but this Jane was not registered among my phone contacts. Curious, I called Jane, who introduced herself to be from “OTS Company” based in Subang.
She claimed that her company had wide contacts with as many as 12 banks and could “help” get me out of my credit card debt problem by restructuring the debt through an affordable financial package.
I was most puzzled with what Jane said as, firstly, I do not have a credit card debt problem, and my second, and main, problem is how did Jane have my personal information. When questioned, Jane said she did not know the source of her “list of customers” data, which she was given each day; she was just doing her job calling the names on the list.
As such, who then is feeding this company with the personal information, which appears to be supplied on a regular basis? I am quite certain that this scenario is not new to many of us.
Have you ever received calls from telemarketeers to whom you have not provided your name and telephone number? Or received spam email from unknown parties?
Have you ever received calls from telemarketeers to whom you have not provided your name and telephone number? Or received spam email from unknown parties?
Have you ever realised that Internet search engines seem to carry advertisements of products and services similar to those on websites you have visited?
If any of the above is in the affirmative, do you wonder who has your personal data and how much they know about you? Who released your personal data to these people? Where did they obtain the data from?
More importantly, do you know what right you have over your own personal data?
Public awareness of personal data protection laws has increased over the years due to the rampant misuse and misappropriation of personal data. In Malaysia, one of the main reasons is the lack of a governing law.
Public awareness of personal data protection laws has increased over the years due to the rampant misuse and misappropriation of personal data. In Malaysia, one of the main reasons is the lack of a governing law.
Personal data protection is an element of right to privacy. In this digital age, gigabytes of personal data could be collected and transmitted across the globe with just a click.
Information such as your name, address, telephone number, medical record, salary, employment record, marital status, academic performance, body size etc. Your personal data is valuable to organisations.
Information such as your name, address, telephone number, medical record, salary, employment record, marital status, academic performance, body size etc. Your personal data is valuable to organisations.
There is no doubt that personal data ought to be protected. But the real question is whether our personal data has been and is being possessed and processed by these organisations in accordance with data protection principles.
The issue of personal data law is not new in Malaysia. The Government circulated a draft of a personal data protection Bill in 2000 for public consultation. However, the Bill has yet to be tabled in Parliament.
Protection of personal data gained public attention again in 2007 after the incident of CTOS saga, involving Credit Tip Off Service.
The public was concerned over how the credit reporting agency collected, processed, stored and disseminated personal data such as credit standing or credit history of a person. CTOS was at that time widely used by banks and financial institutions as the guide for approving financing.
Subsequent to that incident, the Government revived the effort to enact a personal data protection law to safeguard personal data in line with rights to privacy.
From the international perspective, there are several instruments governing protection of personal data, for example (i) the Council of Europe Convention 1981, (ii) the Organisation for Economic Cooperation and Development Guidelines 1980, and (iii) the European Community Directive 1995.
So far, quite a number of countries have put in place comprehensive laws governing personal data protection, such as Data Protection Act 1998 in the UK, Privacy Act 1988 in Australia, Personal Data (Privacy) Ordinance in Hong Kong, Privacy Act 1982 in Canada, Personal Information Protection Law 2003 in Japan, etc.
Countries such as China, Indonesia and India have started efforts on enacting data protection laws. Evidently, there is a rise in action around the world to promote personal data protection.
Personal data protection laws have great impact on international trade and business, particularly in transborder data transfer and processing.
The enactment of data protection laws is not aimed at stifling business activities, including telemarketing. The public could be interested in receiving marketing calls for various products and services.
The need for a comprehensive law to govern dealings in personal data is not questioned. However, organisations should only be allowed to have access to or to utilise our personal data after we have given our consent for them to do so.
The law should incorporate, among other things, such data protection principles as: manner of collection, purpose of collection, use of data, accuracy of data, duration of retention, access to and correction of data, security, data user’s policy and practices.
Such a law would be a giant leap in Malaysia. The effectiveness of a data protection law depends very much on public awareness of both data users and data subjects.
Malaysia is decades behind those countries which have enacted personal data protection laws.
However, it is better to be late than never, and it is hoped a personal data protection Bill will be tabled and passed in the next sitting of Parliament.
No comments:
Post a Comment