KUALA LUMPUR, Dec 12 ― Companies have the responsibility of informing the public of any data breaches, the Malaysian Bar said today.
President George Varughese said it was in the principle of good governance for companies and even the authorities to inform anyone who has been a victim of any stolen data.
“Companies and authorities, holding personal data, are to act transparently in instances of breaches.
“Informing the individuals whose data had been breached, and the authorities, would be in line with good corporate governance,” he said in a statement today.
Varughese added that Putrajaya should look at the “introduction of legal provisions to implement such disclosures” on top of the current The Personal Data Protection Act 2010.
“The awareness of the rights of individuals under the Act is still lacking despite the efforts by the Department of Personal Data Protection to educate the public.
“The public is at present still parting with their data where there has not been due compliance with the Act,” he said.
Lowyat.net reported in October that approximately 46.2 million cellular service accounts of Malaysian telcos and mobile virtual network operators (MVNO) had been compromised and leaked online.
Police Chief Tan Sri Mohd Fuzi Harun said his force and the Malaysian Communications and Multimedia Commission (MCMC) were investigating the matter.
He also said the leak’s were done using several overseas Internet Protocol (IP) addresses including in Oman, Netherlands and Hong Kong.