PETALING JAYA: The Personal Data Protection Department needs to be revamped to placate public fears over how their personal data is stored and protected, say experts.
They said concerns over the newly launched Central Database Hub (Padu) system highlighted the need for the department to be empowered like the Malaysian Communication and Multimedia Commission (MCMC).
ALSO READ: Padu not under third-party vendor
A source familiar with the department told The Star that it needed “teeth” to enforce the Personal Data Protection Act 2010 (PDPA).
This, the source said, would indirectly instil public confidence in government initiatives such as Padu and the national Digital ID.
“The department must boost its enforcement unit because the Digital ID is still at risk should government agencies not be covered in amendments to the PDPA.
“This is because data breaches showed government agencies are the most vulnerable to data hacking or breaches.
“In order for the department to move forward as a strong agency in enforcing the PDPA, it is high time for an advisory board to guide it as provided under the law currently.
ALSO READ: There must be controls in place, urge groups
“Any amendment to the PDPA is useless unless what is in the act is implemented with the advisory board (existing) and Data Protection Officer or DPO (proposed in the amendments),” he added.
The source stressed that lack of enforcement was among the main concerns.
The source also recommended there be a Personal Data Protection Department commissioner who is empowered to hire a pool of new talent.
“They desperately need to hire and groom information technology (IT) and cyber specialists outside of the government.
“We have a lot of talented young people who can be trained to be specialists. This can be done via collaboration with cybersecurity agencies in terms of capacity building and training.
“Personally, the ministry should not interfere with day-to-day operations. Let the Commissioner decide changes according to the law,” the source said.
Universiti Sains Malaysia cybersecurity expert Assoc Prof Dr Selvakumar Manickam also said the Personal Data Protection Department should play the role of vigilant guardian, proactively enforcing laws, regularly auditing security, and advocating for robust technology.
“To effectively strengthen Malaysia’s cybersecurity posture and guarantee comprehensive data protection, it’s crucial to empower the department by granting it statutory body status and consolidating all relevant cybersecurity and privacy functions currently scattered across various agencies.”
On hiring new talent, Selvakumar said the skills gap in cybersecurity was getting wider every day and investments should be made in education, reskilling programmes, and attracting diverse talent.