It is now revealed that closed circuit television (CCTV) footage is covered under the Malaysian Personal Data Protection Act (PDPA). If this is true, then we are in a very grey area when it comes to social media.
If all footage handled by security both private and government is considered CCTV footage, then the videos of pickpockets, thieves, and even the silly, silly actions of Malaysians leaked on Facebook, Twitter and Instagram is considered illegal.
However, perhaps there needs to be some clarification – what constitutes a CCTV?
Would a hidden camera in a restaurant be considered a CCTV? How about the system in place at residential apartments? Or the ATMs?
We really need to reconsider what we are talking about here. Would it be that Malaysians being recorded on all sides by CCTVs owned by the government, government linked agencies, the private sector and even SMEs, are all deemed illegal?
One opinion is that this is not applicable if warnings are in place that people are being recorded. If this is true, then restaurants, ATMs and even public spaces need to work on their warning labels and messages.
That being said, we need to talk about the PDPA and the constant breaches we have seen throughout – lists of contacts are being sold not just to the private sector, but have also made its way to the hand of scammers who now are so bold, they’ve used the Malaysian Anti Corruption Commission (MACC) as a cover.
With all this considered, government needs to tighten the security around data, and the private sector needs to be held even further accountable for leaks. Without any of these done, what we will see is continued leaks in data, more Malaysians falling for scams, and more people suddenly being covered by the MCA with a sob story.
The first steps, would be to start a data privacy board to assess the security of private data for all those who handle it. This would include banks, telcos, non-government organisations on data protection, and even Malaysia’s cyber security agency. They would come up with a framework of where the line is drawn.
This board will also investigate and hold hearings from the public when data privacy is breached, and by whom, and who should be held responsible.
If arrests are made, the board must investigate the leakage in files and find the perpetrators to be taken to court, as well as hold the source company accountable. For far too long, we have left the private sector holding the public’s data with no responsibility or accountability.
The following steps is to hold anyone, individually or companies, to the high standards of data privacy – leakages happen because those managing data believe it should be sold for profit. Remove the viability of that profit with high fines, and high penalties, and it will stop eventually.
And finally comes education – the Malaysian people need to be educated to not fall for scams. Failure to do so, will lead to further entanglement with such underground industries.
In the end, we need to reconsider the importance and high standards of handling private data throughout the country. For far too long, the Malaysian public and government have been too blasé in guaranteeing data privacy. While ministers and lawmakers are keen to make it a central thrust, thus far nothing has been done.