Latest news with #PersonalDataProtectionAct
The Sun
a day ago
- Business
- The Sun
RM1.2 billion cyber-related losses recorded last year
PETALING JAYA: Malaysia recorded about RM1.2 billion in cyber-related losses last year, underscoring an urgent need for a more coordinated approach to national cybersecurity readiness, said National Tech Association of Malaysia secretary-general Anthony Raja Devadoss. He said the losses, which involved both commercial and consumer sectors, were driven by a surge in cyber scams and increasingly sophisticated attacks powered by artificial intelligence. He added that scam calls alone rose by 82%. Anthony said while Malaysia has made regulatory progress with the Personal Data Protection Act (PDPA) and the proposed National Cyber Security Bill, the country continues to struggle with uneven awareness and inconsistent implementation, particularly among SMEs. 'Framework-wise, Malaysia is moving in the right direction. But we tend to announce regulations first and expect compliance the next day. That's a major concern. 'We need scalable cybersecurity practices, not just firewalls. Small firms must have access to certified talent, and if they can't afford to hire directly, government-supported partnerships should be made available.' He suggested establishing a gov-tech alliance, a government-industry initiative focused on modernising public sector digital infrastructure, improving cybersecurity standards and ensuring that local councils and agencies adopt the latest technologies, in line with national security priorities. 'Cybersecurity is not exclusive. The impact cuts across every sector. Whether you're in finance, telco or healthcare, the consequences of a breach are widespread – reputational and financial.' He said cybersecurity must be treated as a cultural shift, not just a technical challenge. 'We're not just talking about software but also awareness, behaviour and trust. That starts at home, not just in the workplace.' He said Malaysians often underestimate personal responsibility in digital safety, and high levels of social trust have led to risky habits such as unsecured device use as well as sharing of sensitive information within households. 'The trust bank is so high here. We leave our devices unlocked, we give out our passwords,' he told theSun. 'So, when we talk about needing to enhance our tech, human errors and complacency need to be looked into as well.' BAC Education Group founder and managing director Raja Singham echoed similar concerns, particularly about the compliance burden placed on smaller businesses under current regulations. He said the 20,000 data-subject threshold for compliance under PDPA effectively pulls in almost every organisation, from supermarkets to educational institutions. 'Even a mid-sized college like BAC holds well over 20,000 data records. Everyone gets caught.' Raja said SMEs, which make up over 90% of Malaysian businesses, are often left scrambling to comply with new mandates without adequate time or support. 'We roll things out very quickly and then threaten penalties. However, most SMEs don't have the manpower, training or budget to respond immediately.' He added that the shortage of skilled professionals, such as privacy officers and cybersecurity leads, has left many firms unable to comply meaningfully. 'These are now mandatory roles. But for many businesses, they're seen as added expenses, and no one knows whom to hire or how to train them.' On recent leaks involving government websites, Raja attributed the problem to outdated infrastructure.
The Sun
3 days ago
- Politics
- The Sun
Metadata directive sparks concern on public consent
PETALING JAYA : The Malaysian Bar has voiced concern over the legal framework and safeguards surrounding the mobile phone data programme, warning that the directive issued to network operators to hand over metadata to the government may raise questions about consent, accountability and oversight. In a statement yesterday, Malaysian Bar president Mohamad Ezri Abdul Wahab said the Bar acknowledged the federal government's efforts to improve transparency in the programme and noted the ongoing legislative reforms aimed at strengthening data protection. However, he stressed that the measures are insufficient to address the growing public unease over the scope and nature of data being collected by the Malaysian Communications and Multimedia Commission (MCMC) and Statistics Department. 'The concerns are whether such collection, in the absence of opt-out options or prior public consultation, is consistent with democratic and constitutional principles.' The programme, approved by the Cabinet in April 2023 as part of Projek Data Raya Nasional, directs mobile network operators to disclose phone data, including mobile call records from the first quarter of 2025. The Bar said the directive, issued in April this year, may have also included a warning that non-compliance could result in penalties under the Communications and Multimedia Act (CMA), including a fine of up to RM20,000 or imprisonment. Meanwhile, the MCMC has insisted that data collected is anonymised and aggregated, but the Bar argues that it falls outside the scope of the Personal Data Protection Act. 'Anonymisation is not infallible. In the absence of a clear opt-out mechanism, and with the possibility of auxiliary data being available, re-identification risks cannot be dismissed.' The Bar acknowledged MCMC's explanation that data collection is legal under Section 73 of the CMA, and supported by sections of the Data Sharing Act 2025. However, the Bar argued that legality does not automatically equate to legitimacy in the eyes of the public. The concerns are compounded by recent history. The Bar cited high-profile cases in the last three years that had shaken public confidence in the government's ability to protect personal data 'In 2022, it was alleged that personal data from the National Registration Department, which belongs to 22.5 million Malaysians, were extracted and sold online. 'In 2024, another leak reportedly involved 17 million MyKad records being circulated on the dark web, and more recently, cyberattacks targeting Socso and Prasarana Malaysia Berhad allegedly exposed sensitive internal information. 'The pattern of repeated leaks, perceived opaque investigations and the absence of visible enforcement has entrenched public distrust. The programme, launched without prior public consultation, only deepens those fears.' The Bar stated recommendations to address such trust deficit, one of them being to seek full disclosure and transparency of data-sharing to the public. 'MCMC and the network operators should publicly disclose the specific standards, methodologies and safeguards applied to ensure effective anonymisation and aggregation of mobile phone data.'
The Star
13-06-2025
- Politics
- The Star
No to collecting mobile phone data
Raising concern: Dr Wee (centre) together with MCA publicity bureau chairman Chan Quin Er (right) and Institute of Strategic Analysis Policy Research director Woon King Chai holding the 'Position Paper on Mobile Phone Data Collection by the MCMC' during a press conference at Wisma MCA. — IZZRAFIQ ALIAS/The Star Dr Wee: Cancel move as it could lead to abuse and erosion of public trust KUALA LUMPUR: The government's move to collect mobile phone data must be called off as it could lead to abuse and the erosion of public trust, says MCA president Datuk Seri Dr Wee Ka Siong. He said there was no justification for authorities to demand such detailed data, which could still be exploited despite assurances that the data would be anonymised. 'Anyone with IT knowledge can misuse private data. Why should I share mine?' he told reporters at the MCA headquarters yesterday. 'I don't want to share my personal data with any government, current, future or past.' Dr Wee raised concerns over the effectiveness of anonymisation, noting that with advanced technologies, sensitive personal information could still be revealed. In response, he said MCA had proposed seven measures to safeguard public interest and uphold privacy rights. 'We are here to fight abuse,' he said, reaffirming the party's stance on transparency and accountability. The proposals include ensuring anonymisation protocols are independently audited, implementing consent mechanisms and mandating public consultation. Dr Wee also called for reforms to the Personal Data Protection Act to cover government agencies, the enforcement of data deletion timelines, an end to digital intimidation, and the establishment of an independent oversight mechanism. It was reported that the government had instructed telecommunication companies to hand over phone call records and Internet usage logs for the first three months of this year under its 'Mobile Phone Data' project. The Malaysian Communications and Multimedia Commission (MCMC) said the data, which reportedly includes IP call records and geolocation coordinates, would be anonymised and used to support policymaking in the ICT and tourism sectors. The commission stressed that no individual user could be identified through the data collected. However, Dr Wee remains unconvinced. 'The government says it's for statistics. But when you read the fine print, location histories, device identification, call logs, Internet access patterns, it becomes crystal clear that this isn't just data collection. 'It's surveillance,' he said. Dr Wee added that MCA is deeply concerned about the erosion of public trust and questioned the true purpose behind the data collection. 'They tried to explain the logic of it, but you know the explanation doesn't hold water. 'Why does the government need to know who I'm calling?' he said. He also cited instances in which dissenting voices had been subjected to action by the authorities. Instead of demanding intrusive data, Dr Wee said, MCMC should focus on more pressing issues such as tackling online scams and improving 5G network coverage.
The Star
13-06-2025
- Politics
- The Star
Dr Wee questions probe against MCA youth leader over mobile data criticism
KUALA LUMPUR: Datuk Seri Dr Wee Ka Siong has questioned the authorities for probing one of the party's youth leaders over the recent controversial private mobile data collection. The MCA president said that Wong Siew Mun, who is Pahang MCA Youth chief, was contacted by police for posting a series of videos criticising the latest move by the Malaysian Communication and Multimedia Commission (MCMC) on social media. 'However, since she's still in the hospital, she will meet police once discharged,' he told reporters at the MCA headquarters on Friday (June 13). Dr Wee said that he was saddened by the action on Wong. 'I said it first, I quoted news reports, and now you are after a little girl?' he said. He added that Wong was not the first individual who commented on the issue, as she was only quoting news reported by the media. 'Are you calling others who spoke over this matter too?' he added. Dr Wee's comments came following the government's order demanding telcos in Malaysia to hand over detailed records of phone calls and Internet logs for the first three months of this year for the government's 'Mobile Phone Data' project. Earlier, he said that the move could undermine users' data privacy and urged for it to be called off. Dr Wee also outlined several proposals to better protect sensitive mobile data. The suggestions included a legal reform on the Personal Data Protection Act (PDPA) by including government agencies, transparent anonymisation protocols, implementation of consent mechanisms, and making public consultation mandatory.
The Star
13-06-2025
- Politics
- The Star
Dr Wee lists seven proposals to tackle potential abuse in Mobile Phone Data initiative
KUALA LUMPUR: The government's Mobile Phone Data collection exercise is fraught with the potential for abuse, says MCA president Datuk Seri Dr Wee Ka Siong. He said the party stands firmly for data accountability and the people's privacy rights. 'MCA is not against technology... we are here to fight abuse,' he told reporters at party headquarters here on Friday (June 13). He said the party had seven proposals for the government to address the possible pitfalls of the exercise. ALSO READ: MCMC call data request from telcos to improve network, not invade privacy, says Fahmi They include transparent anonymisation protocols and the independent audit of such protocols, the implementation of consent mechanisms, and making public consultation mandatory. He also called for the reform of the Personal Data Protection Act (PDPA) 2010 to cover government agencies. In addition, data deletion timelines must be enforced, an independent oversight mechanism has to be established, and digital intimidation should be stopped, he added. It was reported that the government had ordered telcos in Malaysia to hand over detailed records of phone calls and internet logs for the first three months of this year, supposedly for the government's 'Mobile Phone Data' project. ALSO READ: MCMC: Only eight data types required from telcos in Mobile Phone Data collection initiative The records must include information about call logs, IP call records, location, latitude and longitude. The Malaysian Communications and Multimedia Commission (MCMC) has since explained that this move is to support evidence-based policymaking in two key sectors, namely information and communications technology (ICT) and tourism. MCMC also stressed that the data will be anonymised before submission and that no individual subscriber can be identified. However, Dr Wee questioned the need for the government to collect such data, warning that risks of misuse and abuse are present despite MCMC's assurances. As such, he urged that the move be called off. ALSO READ: 'Our data is not a plaything' 'The government says it's for statistics, but when you read the fine print, (it includes) location histories, device identification, call logs and internet access patterns. "It becomes crystal clear that this is not just data, it's surveillance,' he said. He added that MCA is committed to addressing the serious erosion of public trust that could follow this exercise. 'What is the purpose of collecting this data? They tried to explain the logic of it, but you know the explanation cannot hold water. 'Why does the government need to know who the person I'm calling is?' he added. ALSO READ: MCMC: User privacy not affected by govt collection of mobile phone data He said there had been instances where dissenting voices had been subjected to the actions of the authorities, citing the experiences by social media political commentator 'Lim Sian See' and MCA Youth leader Wong Siew Mun. Dr Wee said Lim's Facebook page was taken down without any official explanation, while Wong voiced out concerns about the data collection exercise by MCMC and was called up by the police. He also said MCMC should instead focus on more pressing issues such as cybersecurity and the scourge of online scams, as well as 5G network coverage in the country.
