PETALING JAYA: A pioneer in the cybersecurity industry has warned that the public’s personal data is floating in cyberspace, especially the social media. But little thought is given to what happens when such data is misused and breached by third parties.

Datuk Husin Jazri, founder of eSecurity and Privacy Channel, a company that specialises in providing e-security and privacy news, said the Personal Data Protection Act 2010 (PDPA) which came into force nine years ago, is weak and lacks enforcement.

He said PDPA needs improvements to protect Malaysians as it is outdated and almost invisible compared with the European General Data Protection Act, which protects the personal data of its citizens in ways that are more effective.

“It is best to revamp the PDPA to make data privacy a fundamental right of Malaysians. This should be a shared responsibility between the government and citizens.

“Data security and privacy is fundamental to healthy digital living, so every one of us should be made aware of the risks of data abuse and manipulation.”

Husin said currently, our data is as safe as the weakest link within the data ecosystem.

It is collected through various digital platforms, including social media, and is used for the business advantage of services providers.

“The data that is collected is everywhere in the cloud and not necessarily stored in Malaysia either.

“Sometimes, it is replicated without authorisation, and legal pursuit is difficult due to cross border laws being applied differently by various countries,” he said.

He urged Malaysians to think carefully when providing personal and important data to any online services company, as the uploaded data can be used by unintended parties.

“More importantly we need to understand and be able to use encryption technology to the maximum, so personal data is protected at the data layer itself. This ensures the encryption key is kept safe under your custody,” he told theSun.

Husin said the majority of users will not read the long legal terms and conditions from online services companies and just click “I accept”.

This is because there are no other options available if one wishes to use their services.

“I am included in that majority of users. If those terms are not accepted, they will deny you using their applications or services. Popular apps such as Facebook and Instagram are good examples of this,” he said.

Provisions in the PDPA, Husin said, serve to protect the rights of data owners, but the processes can be complex and frustrating.

Senior lawyer Haniff Khatri said PDPA applies only to commercial data, which is defined as personal data used by banks, the telecommunications industry, and corporations

However, this does not mean the public cannot take legal action if their non-commercial data, such as information held by the government or its agencies has been leaked.

“The public can take legal action under our civil laws of tort and law of trusts against anyone that breaches data privacy, be they commercial or non-commercial entities.

“They can sue in the personal capacity under common law principles, subject to proof of wrongdoing and damage that had been caused.” he said.”

Former Communications and Multimedia minister Gobind Singh Deo had previously said his ministry was in the midst of updating the PDPA in line with current developments, but nothing has been done since then.