Quit Calling Me or I will PDPA you!

This might be what, in the near future, we- the hapless victims of thousands of unsolicited phone calls and emails and SMSes- can say to the perpetrators who haunt our dreams with midnight messages and ghostly voicemails.

Here’s the fact:

1) In my SMS inbox, I have three dozen messages from entities I don’t know over the last week. Half of them from politicians wishing me a good year of the Snake. Others from banks. Others from Astro. And I just had one telling me there’s an MACC stand up comedy coming up. What. The.

2) I have received some ridiculously timed phone calls. One came a few days back when Unifi was facing a nationwide outage, and which had all the TM support coming back from their homes to fix it, given that they had a one year downtime policy, with the commitment to give updates to customers every 500 hours of downtime. Yes, I am being sarcastic. Unifi is a good intention and we appreciate it, but there’s still a lot of holes to plug for that service. While halfway through one of the worst Unifi outage in the history of their short existence, I received a chirpy call from a woman identifying herself as a representative of TM. I immediately thank the gods for such superb, initiative from TM: to call me to apologise and to have my Unifi fixed immediately, without me lodging a call (since it was not possible due to Unifi support line also being down). Instead the chirpy woman started to ask me if I wanted to upgrade my Unifi package to better ones. I asked her if she was aware there has been a major outage and the entire world was tweeting #unifi and trending to #garbage. She happily responded she had no idea. I wish we could do an audit on Unifi support based on ISO20000 or ITIL. I bet we could add some value there.

3) How many emails have we received from companies we have unwittingly gave our information to? I am not talking about those health hormones, Nigeria scams, appendage enlargement junk email. I am talking about unsolicited marketing material from restaurants we have visited, companies we have met along the way etc. Admittedly we have also done such things (updating our customers)…but I have received piles and piles of emails and trilobytes of documents. It’s time for this madness to end.

So, Personal Data Protection Act? We’re not going to go through the 7 principles here. Many other websites have articulated it well enough. The question here is, if I have a company and we collect data as part of our CORE business, are we screwed?

No, you’re not. But you have some work to do.

You see, the PDPA is not telling you NOT to collect personal data. It’s governing the way you do it. It’s setting up rules, like putting a referee in a previously free for all football game. The good news is that, the rules are not extremely rigid or specific. So there’s what we unprofessionally call, wriggle room. Most consulting companies have fancy terms for this, but at PKF, we are what we term a coffee-shop jargon company. We don’t like to throw in big terms that can use an easy word to describe.

There are numerous ways to comply to PDPA, which we will touch on later. We provide IT and legal assistance for PDPA compliance. But the first thing you can do for yourself is this: do you have any policies and procedures governing your business processes? If the answer is no, then ┬áthere’s where you will generally need to begin. A documented approach on collecting, sharing and storing data is essential for compliance. If you already have, well, you’re on your way to compliance already even before you begin.

Let the new era of Data Protection begin!

Leave a Reply