Why should I care about privacy?
Your privacy is extremely important. In fact, our Courts have even recognised that right to privacy is a constitutional law. You should care about your privacy to prevent unauthorised use of your personal information, identity theft, fraud, spam, financial loss as well as insult on your modesty. All persons, whether laymen, public figures and celebrities have a reasonable expectation of privacy.
What is misuse of personal information?
It simply means a breach of an individual’s personal information or an invasion of his privacy right through unauthorised use or disclosure of his personal information or private life, which causes distress to him.
What remedies can I get for breach of privacy?
You can claim damages for losses suffered and an injunction to prevent further dissemination or publication of your personal information.
As for breach of personal data protection law, you can also lodge a complaint with the personal data protection authority for them to take criminal legal action against the infringer.
What are the rules to comply with the personal data protection law?
Under the Personal Data Protection Act 2010, if you are a data user (i.e. someone who processes personal data), you are required to comply with all the following principles:
- General Principle
- Notice and Choice Principle
- Disclosure Principle
- Security Principle
- Retention Principle
- Data Integrity Principle
- Access Principle
What are your rights under the personal data protection law?
As a data subject (i.e. someone whose personal data is processed by a data user), you have the following rights:
- Right to be told whether your personal data is processed by an organisation
- Right to access your personal data
- Right to rectify your personal data
- Right to withdraw consent to processing of your personal data
- Right to prevent processing of your personal data likely to cause damage or distress
- Right to prevent processing for purposes of direct marketing
What is technology law?
We live in a digital world where technology and Internet form part of our life. Technology law basically refers to different statutes and rules that apply to computer and Internet topics, such as hacking, identity theft, false information, confidential information, trade secrets, electronic and digital signatures, personal data protection, communication and multimedia, electronic commerce, etc. These laws exist to protect you in your digital life.
What should I do if I suspect I am a victim of an identity theft?
The first thing you should do is immediately limit the thief’s access to your personal accounts, change the password of your bank accounts and cancel your credit cards and ATM cards. You then need to alert the relevant government authorities and seek an advice from a lawyer.
What is cybersecurity?
Cybersecurity is the collection of technologies, processes and best practices that give protection of networks, services and devices and the data on them from theft, damage or unauthorised use.
What is a cyber attack?
Cyber attack refers to an offensive action (such as authorised access, unapproved changes and malicious destruction) intended to undermine the functions of physical infrastructure (e.g., power grids, nuclear reactors) as well as computational infrastructure (e.g., computers, networks). Examples of cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.
Do we have a cybersecurity law?
In Malaysia, we do not have a stand-alone cybersecurity law. We rely on Personal Data Protection Act 2010 to protect our personal data; Computer Crimes Act 1997 to protect unauthorised access to computer material; Penal Code to protect us from fraud; Communications and Multimedia Act 1998 to protect us from anyone who uses application services with the intent to annoy, abuse, threaten or harass at any number or electronic address and use of hardware, software or tools to commit cybercrime. Certain sectors such as banks, capital market service providers as well as critical national information infrastructure have rules and guidelines that spell out minimum baseline obligations on cybersecurity. However, these technology laws do not provide a regulatory framework for the routine and proactive protection of critical national information infrastructure. A stand-alone Cybersecurity Act will enhance the powers to complement the existing technology laws.