DATA BREACHES EXIT STRATEGY: A COMPARATIVE ANALYSIS OF  DATA PRIVACY LAWS

Nur Adlin Hanisah Shahul Ikram

doi:10.33102/mjsl.vol12no1.458

Authors

Nur Adlin Hanisah Shahul Ikram Ahmad Ibrahim Kulliyyah of Laws (AIKOL), International Islamic University Malaysia, PO Box 10, 50728 Kuala Lumpur, Malaysia

DOI:

https://doi.org/10.33102/mjsl.vol12no1.458

Keywords:

Personal data, data security, data protection impact assessment, data protection officer, data breach notification

Abstract

Data has become highly valuable in the era of digitalisation and is the main target of cybercriminals. Cybercriminals steal data by exploiting system vulnerabilities. The rise of catastrophic data breach incidents affects business operations, reputation and legal standing, leading to business disruptions, financial loss and reputation damage. These incidents have raised data security concerns. The frequent incident is partly due to insufficient security measures in place. This article employs doctrinal research focusing on legal principles based on legislation to analyse Malaysia’s legal framework for protecting personal data in Malaysia and a comparison with other jurisdictions, i.e. the European Union General Data Protection Regulation (GDPR), the Singapore Personal Data Protection Act 2012 and the China Personal Information Protection Law (PIPL). The findings show that Malaysia’s data protection laws fall short of the international norm in some areas. This article suggests that Malaysian policymakers may amend the Personal Data Protection Act 2010 to align with international data protection standards to strengthen data security measures in preventive, detective and responsive data breaches. Consequently, this article provides an analysis of data protection laws in Malaysia and compares them with other advanced jurisdictions. It offers valuable insights into the challenges and opportunities involved in safeguarding personal data, the legal framework, and organisational strategies related to data privacy and security.

Downloads

Download data is not yet available.

References

Data Breach Investigations Report (DBIR). (2023). In Verizon Enterprise Solutions. Retrieved March 26, 2024, from https://www.verizon.com/business/resources/reports/2023-data-breach-investigations-report-dbir.pdf

Agrawal, D., Bernstein, P. A., Bertino, E., Davidson, S. B., Dayal, U., Franklin, M., Gehrke, J., Haas, L. M., Halevy, A., Han, J., Jagadish, H. V., Labrinidis, A., Madden, S., Papakonstantinou, Y., Patel, J. M., Ramakrishnan, R., Ross, K. A., Shahabi, C., Suciu, D., . . . Widom, J. (2011). Challenges and opportunities with Big Data 2011-1. Purdue University. https://docs.lib.purdue.edu/cctech/1/

Ali Alibeigi, & Abu Bakar Munir. (2020). Malaysian Personal Data Protection Act, a mysterious application. University of Bologna Law Review, 5(2), 362-374.

Beebeejaun, A. (2019). Privacy laws in the context of Fintech Industry in Mauritius: A comparative study. International Journal of Law, Humanities & Social Science, 3(3), 23–37.

Chandrasekaran, D. P., Zulkifli, I. H. B. M., Anis, A. M., & Han, Y. S. (2023, February 17). Personal Data Protection Act 2010 under the New Government: Updates to the proposed amendments in 2023. Lexology. https://www.lexology.com/library/detail.aspx?g=a6ddd77f-eb48-463e-aaec-ab9174520113

Encryption - General Data Protection Regulation (GDPR). (n.d.). General Data Protection Regulation (GDPR). Retrieved March 26, 2024, from https://gdpr-info.eu/issues/encryption/

Fam, C. (2022, August 29). Data breaches rising rapidly. The Star. https://www.thestar.com.my/tech/tech-news/2022/08/29/data-breaches-rising-rapidly

Gaidarski, I., & Kutinchev, P. (2019). Using big data for data leak prevention. IEEE.

ICO. (n.d.). UK GDPR data breach reporting (DPA 2018). Information Commissioner’s Office. Retrieved March 26, 2024, from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

General Data Protection Regulation (the Regulation (EU) 2016/679)

Jochen M. Schmittmann, & Chua Han Teng. (2020, January 23). Malaysia: Selected issues. IMF. Retrieved March 26, 2024, from https://www.imf.org/en/Publications/CR/Issues/2020/02/27/Malaysia-Selected-Issues-49106

Kaur, D. (2022, August 16). iPay88 breach: Is Malaysia losing the data privacy protection game? Tech Wire Asia. Retrieved March 26, 2024, from https://techwireasia.com/2022/08/ipay88-breach-is-malaysia-losing-the-data-privacy-protection-game/

Loheswar, R. (2022, December 31). Major data breaches in Malaysia in the past 24 months. Malay Mail. Retrieved March 26, 2024, from https://www.malaymail.com/news/malaysia/2022/12/31/major-data-breaches-in-malaysia-in-the-past-24-months/47722

Md Toriqul Islam., Abu Bakar Munir., & Mohammad Ershadul Karim. (2021). Revisiting the right to privacy in the digital age: A quest to strengthen the Malaysian data protection regime. Journal of Malaysian and Comparative Law (JMCL), 48(1), 49-80.

NIST. (n.d.). Data security. Retrieved March 26, 2024, from https://www.nccoe.nist.gov/data-security

Olejarz, J. (2015, July 27). Why cybersecurity is so difficult to get right. Harvard Business Review. Retrieved March 26, 2024, from https://hbr.org/2015/07/why-cybersecurity-is-so-difficult-to-get-right

Personal Data Protection Act 2010 (Act 709)

Personal Data Protection Act 2012 (2020 Ed.) (Singapore)

Personal Data Protection Commission Singapore. (2021, September 14). Guide to data protection impact assessments. PDPC. Retrieved March 26, 2024, from https://www.pdpc.gov.sg/help-and-resources/2017/11/guide-to-data-protection-impact-assessments

Personal Data Protection Commission Singapore. (n.d.). Guide on managing and notifying data breaches under the PDPA. PDPC. Retrieved March 26, 2024, from https://www.pdpc.gov.sg/help-and-resources/2021/01/data-breach-management-guide

Personal Data Protection Regulations 2013 (P.U. (A) 335)

Personal Information Protection Law (China)

PricewaterhouseCoopers. (2022). PwC’s global economic crime and fraud survey 2022. PwC. Retrieved March 26, 2024, from https://www.pwc.com/gx/en/services/forensics/economic-crime-survey.html

PricewaterhouseCoopers. (n.d.). PwC’s global economic crime survey 2016 (Malaysia report). PwC. Retrieved March 26, 2024, from https://www.pwc.com/my/en/publications/gecs-2016-my-report.html#:~:text=Economic%20crime%20from%20the%20board,fraud%20among%20businesses%20in%20Malaysia

Public Consultation Paper No. 01 / 2020. (2020).

Solove, D. J., & Citron, D. K. (2017). Risk and anxiety: A theory of data breach harms. Texas Law Review, 96, 737. https://scholarship.law.bu.edu/faculty_scholarship/616

Sonny Zulhuda. (2010). Information security in Malaysia: A legal framework for the protection of information assets [PhD dissertation, International Islamic University Malaysia (IIUM)].

Supramani, S. (2023, February 5). Why are data breaches and leaks still happening? The Star. Retrieved March 26, 2024, from https://www.thestar.com.my/news/focus/2023/02/05/why-are-data-breaches-and-leaks-still-happening

The Economist. (2017, May 6). The world’s most valuable resource is no longer oil, but data. The Economist. Retrieved March 26, 2024, from https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data

The Office of Chief Statistician Malaysia, Department of Statistics Malaysia. (2022, July 29). Current population estimates, Malaysia, 2022. Ministry of Economy Department of Statistic Malaysia. Retrieved March 26, 2024, from https://www.dosm.gov.my/portal-main/release-content/current-population-estimates-malaysia-2022

Thomas Zhang. (2022, May 18). PIPL vs GDPR - Key differences and implications for compliance in China. China Briefing. https://www.china-briefing.com/news/pipl-vs-gdpr-key-differences-and-implications-for-compliance-in-china/