- Advertisement -

Time to rethink the culture of collecting and sharing personal data

Much of the information collected by companies is not even necessary for the running of its business, but many customers give it up without a second thought.

Mohideen Abdul Kader
3 minute read

The latest personal data breach situation involving Malaysian Airlines Bhd is frustrating but not surprising. Like many people out there, the Consumers’ Association of Penang (CAP) is of the opinion that the Personal Data Protection Act 2010 (PDPA 2010) should be amended to include stricter regulations, and that the authorities should crack down on service providers that flout the law.

In the event of a breach, the regulatory body concerned must make the company/institution accountable and answerable in a public manner. A mere statement or announcement that there has been a data breach is not enough. The public, especially the victims whose data has been exposed, must be given a detailed explanation of how this took place, who the culprit is (where available) and the extent of the breach.

We would also like to focus on the culture of collecting and sharing personal data in Malaysia. There are two points we would like to address.

One is that companies tend to over-collect their customers’ personal data. They ask for information that is not even necessary to the functioning of their services. An article in the news addressing this issue stated that service providers should not collect what they do not need to render their services and they must provide reasons for why the information is necessary. However, we have known for a while now that information equals wealth in this day and age. The more of your information a company has, the better it is for them.

A possible way to combat this is for the PDPA 2010 to be amended so that it spells out exactly what information a service provider of a specific industry can collect from its customers, process and store.

The second factor we must address is the culture of freely sharing our personal data. Many of us do not think of the possible consequences when we give out our full name as per IC, IC number, phone number, home address and email address to whoever for whatever reason.

For instance, when a customer is offered a chance to enter a giveaway at a petrol station because they have spent above a certain amount there. By right, reaching the spending threshold should already be enough for the petrol station to give you a chance to enter the giveaway. All they really need is your name and phone number so that they can contact you if you win. If it is a giveaway only for Malaysian citizens, then you should be able to flash your IC to the cashier who can make a note of it on your application. Yet they insist on collecting all this information and we just give it to them without question.

Do you remember all those forms you had to fill up all throughout your schooling years and how even the simplest forms would require you to fill up your personal information even though the school already has it? This repetitive action of mindlessly jotting down our personal information on paper throughout our childhood and teen years could be why this culture of oversharing personal data without question is so prevalent in our society.

In brief, we ask that the authorities amend the PDPA 2010 to limit the kind of information that service providers can collect based on their industry, and we caution people to be more mindful of the personal data they give and to whom they give it to.

Mohideen Abdul Kader is president of the Consumers Association of Penang.

The views expressed in this article are those of the author(s) and do not necessarily reflect the position of MalaysiaNow.