fomca logoMarch 5, 2021 11:48 AM
PETALING JAYA: A consumer group has called for stricter enforcement of data protection laws to send a message to companies that weak data security will not be tolerated.

This comes after Malaysia Airlines informed members on Monday that its Enrich frequent flyer programme had suffered a data breach through a third-party information technology service provider at some point between March 2010 and June 2019.

The information included members’ names, birthdays, gender, contact information and other details.

The carrier did not disclose how many people were impacted, but said the breach did not affect the airline’s core infrastructure and systems.

In a statement, Federation of Malaysian Consumers Associations (Fomca) secretary-general Paul Selvaraj said the silence from the Department of Personal Data Protection, tasked with implementing the Personal Data Protection Act 2010, had been “deafening” on this and other data security matters.

“Are these companies being held responsible for data breaches or are they allowed to go free without consequences?

“If companies breaching data security are allowed to escape any consequences for their lax data security, it would only signal to other companies that there are no consequences and thus, there will be no effort to strengthen data privacy and security measures,” he said.

Selvaraj said consumers will continue to suffer unless the law is better enforced, as widespread digital use has resulted in more consumer data being collected than ever before, with some apps like MySejahtera and Selangkah becoming essential services.

Data that is not secure could end up in the wrong hands for commercial or criminal purposes, which is of major concern to consumers, he said.

“Many of us have received calls from commercial organisations to market their products, or even from scammers threatening us over some ‘crime’ we are supposed to have committed and how they can resolve the issue with some payment.

“Whether for the marketing of products or services, or contacting us with a criminal intent, the first question that comes into mind is, ‘How did they get our phone number?’

“Sometimes, they even know some personal details,” he said.

Selvaraj said that in a case involving British Airways in 2018, where a data breach involved more than 420,000 customers, UK regulators had fined the company £20 million (RM113 million).

In this instance, he said, the decision sent a message to companies collecting data that they must take the protection of consumers’ information seriously “or face financial and reputational consequences”.