Six causes contributing to personal data leaks
SHAH ALAM - The Personal Data Protection Department has revealed six causes of information or personal data leakage of Malaysians to third parties.
Its director-general Mazmalek Mohamad said information leaks could occur no matter where, whether within or outside the organisation and could be intentional or unintentional.
He said among the causes of information leakage in an organisation was the attitude of individuals who have particular interests and conspire with professional crimes.
Clearly, leaks could also occur unintentionally due to a lack of knowledge or awareness of the importance of protecting data and the impact of data being accessed by irresponsible parties.
"Besides that, data leakage also occurs due to the failure of an organisation to provide data management standards.
"If an organisation fails to take security control measures to ensure data security, it causes the data to be accessed by third parties arbitrarily," he told Sinar Harian on Sunday.
Commenting further, Mazmalek said for information leaks that occurred outside the organisation, it was due to cyber-attacks caused by the failure of the organisation to ensure that data storage infrastructure and network systems are of a high level of security.
At the same time, he added, personal data could also be leaked inadvertently through the attitude of individuals who liked to share their data on social media or with third parties.
"For example, they share their data through websites that offer free contests or prizes indirectly contributing to the leakage and misuse of personal data.
"Finally, the leakage of personal data can also take place by force. For example, a guarantor for a family member's loan may provide the full address and telephone number of the original borrower when threatened rudely by a debt collection agency,” he explained.
Meanwhile, the department reported that a total of 58 complaints were received regarding personal data leaks from January 2022 to May 27, 2022.
Mazmalek explained that the complaints were received through the department’s strategic partners such as the police, Cybersecurity Malaysia and the Communications and Multimedia Commission as well as complaints through the Personal Data Protection System (SPDP).
According to him, the department has introduced the Data Leakage Notification Form (DBN) to enable data users to make reports on data leakage incidents that arise within 72 hours.
"Currently, data users are not required to report incidents of personal data leakage to the department.
"However, this matter has been listed as one of the proposed amendments to Act 709 which will require data users to report incidents of personal data leakage that occur to the department," he said.