I was asked by The Malay Mail to comment on the data breaches at Government agencies and what we should do regarding these breaches especially when the Federal and State Governments are exempted from the Personal Data Protection Act 2010 (“PDPA“). I said-
Another lawyer, Foong Cheng Leong, pointed out that those responsible for previous leaks and breaches in the government have yet to be identified, meaning it was possible they were still put in charge of such systems.
“There are very little details about it. We have not heard of anything being held personally responsible for the data leakage.
“Perhaps there should be new laws or regulations to make those who are responsible for taking care of our data be responsible for what has happened. A public inquiry or even a Royal Commission Inquiry should be done for the past data leakages,” he said when contacted.
Foong suggested that a provision also be included to allow users affected by data leaks by the government to seek compensation.
It is noted that the Government is planning to amend the PDPA to include private action for data subjects to claim, among others, damages for breach of the PDPA.