7 June 2023

Reasons Why Data Privacy is Everyone’s Business

By Irene Chang Hui Chung and Evelyn Gan

In today’s globalised world, Information and Communication Technology (ICT) services are growing rapidly. 

These services offer convenient and fast access to personal data, which is increasingly valuable because it provides a competitive advantage in commercial activities. As a result, important topics related to personal data include data privacy and security.

Personal Data Protection Act (PDPA) 2010

In Malaysia, the Personal Data Protection Act (PDPA) was introduced in 2010 and implemented on November 15, 2013. PDPA regulates the processing of personal data in commercial transactions and applies to all parties involved.

the public must always be cautious before disclosing or agreeing to the use of their personal data.

According to the Act, individuals whose data is processed by an organisation are called data subjects. 

Data subjects have rights granted by the Act, such as being informed about the processing of their data, accessing and correcting their personal data, withdrawing consent, preventing processing that may cause harm or distress, and stopping processing for direct marketing purposes. 

These rights are based on the seven Personal Data Protection Principles outlined in the PDP Act. 

Personal Data in the Age of Globalisation

Toda’s individuals, particularly Millenials, not only use online platforms extensively but also play important roles in technology-related fields. Their attitudes towards data privacy are crucial as they will shape future policies and best practices for protecting data privacy.

Personal data breaches often occur due to user ignorance and careless behaviour, such as sharing passwords or opening suspicious emails. Many employees are unaware of the consequences that personal data breaches can have on themselves and their organisations. 

How Personal Data May be Used

As individuals, we need to ensure that personal data collected by data users is only used for the intended purposes.

For example, a student applying for a scholarship should have their personal data used solely for that purpose. If the university wishes to use the data for other purposes, it must obtain the student’s consent. The same applies when an employee provides personal detail to Human Resources for staff benefits. The data should be processed in accordance with the PDPA and only disclosed to third parties for specific proposed or with consent, or to fulfil legal obligations. 

Unfortunately, there have been cases of personal data misuse, where parties use individuals’ data for purposes not specified during collection One common issue is the sharing of email lists between parent companies and their subsidiaries for marketing purposes.

However, sharing personal data within or outside a group of companies is not allowed without specific consent from each data subject. To address these misuse issues, the public must always be cautious before disclosing or agreeing to the use of their personal data.

The opinions expressed in this article are the author’s own and do not reflect the view of Swinburne University of Technology Sarawak Campus. Irene Chang Hui Chung and Evelyn Gan are with the Policy, Planning and Quality Unit at Swinburne University of Technology Sarawak Campus. They are contactable at ihcchang@swinburne.edu.my and evgan@swinburne.edu.my.