Tag: pdpa (Page 2 of 2)

PKF Avant Edge PDPA Workshop with Dr Zainal Abidin Sait

On the 25th of February, PKF Avant Edge, along with the MAD Incubator organised our largest Personal Data Protection Act (PDPA) workshop. This was our 8th workshop on PDPA starting from November 2012, and our second one that was done with the MAD Incubator in the MSC Technology Commercialisation Centre in MMU, Cyberjaya. We had almost 200 people registered for this event, in a large part due to our speaker, Dr Zainal Abidin Sait, who is the Deputy of Director General of Personal Data Protection Department under the Ministry Communication & Multimedia. In other words, to many people, PDPA from the horses mouth.

It took some time for us to organise this, in part due to the festival season in January and February, but mainly because Dr Zainal was a very busy man. Even when we took the time to meet him in his Putrajaya office in the KKMM building to confirm the agenda with him, I only had him for 10 minutes or so. It would have been shorter, but I suspect he was polite enough to give us a bit more time seeing that we came all the way to see him over something that could have been done by email. I was, in many aspect, extremely old school in this regard. 10 minutes face to face was worth a 100 emails back and forth.

The main reason I wanted to organise this workshop was to shape it like a Q&A session. Aside from being the speaker for the past 7 workshops we’ve done (all for free–I see it as part of our CSR), I’ve attended many PDPA talks. In most of these cases, they were conducted by mainly legal practitioners. Very experienced ones. And they were very good, and they went through the act very thoroughly, dissecting it with appropriate legal pizazz that the Act deserves. But like me, they weren’t enforcers. Our interpretation is through our own lenses, and try as we might, we carry some bias, and probably some misunderstanding of the Act itself. This was exacerbated by experiences I heard from other clients about the stringent requirements of the Act, set forth by their company lawyers. Again. They are not enforcers, and legal practitioners, bless their soul, would rather err on the side of caution. So what happened, is that some of my clients are so exasperated at the Act, that requires them to get people to sign off consent when they pass Parkson gift vouchers to them. Yikes. Time to get the horse on board.

So I took the first session and went through a few illustrations of data breach for the audience. Basically, I used this illustration from www.informationisbeautiful.net. Aside from that, I demonstrated live a social trawler called Maltego by Paterva. We use this tool a lot in our penetration testing and social engineering services for our clients. This basically trawls the internet looking for publically available information about an individual. Suffice to say, these demonstrations of data mining was to set the context for Dr Zainal to work his magic. I went through the 7 principles quickly, had the coffee break session and then from around 10:30 am to 12:30 noon, Dr Zainal engaged the audience in his very frank dissection of the PDPA.

He only used one page of PDF. He advised us to read the act in Bahasa Malaysia. He broke down a lot of misconceptions of the Act, as well as who and what are in scope and not in scope. In all, his simple, straightforward talk on PDPA was the best I’ve heard. It was down to earth, easy to understand, and invited conversations and engagement with the people. It wasn’t someone holding a hammer over your head, it was a person who genuinely wanted to help. And so understandably, the questions started flowing in. He deftly answered most of them, in others, I only helped in rewording to make it clearer. It is a HUGE difference to have Dr Zainal speak compared to legal or IT practitioners. We are limited to how we see the act. He is not.

We managed to give him a nice speaker’s gift from PKF Avant Edge, a Royal Selangor dish with a thank you note engraved upon it. I hope there will be more sessions that we can arrange with him again. As far as first time speaker goes for us, Dr Zainal was a smashing success. Thank you, Dr.

My Slides can be downloaded here.

Dr Zainal didn’t use any slides, so if you missed his presentation, well…we’ll need to arrange another one!

Our 8th Personal Data Protection Act Workshop on 25th February

We will be conducting our 8th free Personal Data Protection Act (PDPA) workshop on the 25th of February (and possibly our last).

The history of our workshops basically started in late 2012 when a small number of clients wanted to know more about the Personal Data Protection Act. At that time, we were doing a number of ISO27001 consultation, and of course, one of the main domains was compliance to regulation, and PDPA came into the picture. Our first workshop was to the Malaysian Software Testing Board (MSTB) to their upper management. Since then, we have conducted 1 workshop in our premise in Mont Kiara, 1 in Mines Hotel and 3 more in our customer’s premises. Some of these sessions we partnered with legal firms (who charged), but for clients who preferred just awareness we did it for free. The idea was to do it for 3 months from December 2012 to February 2013, since these were low activity period for us. However, once public got wind of it, we were being requested almost every month by different companies, until we had to organise a mass workshop with the MAD incubator to cater to these requests.

These will be our second collaboration with MAD incubator and now as we look forward to implementation rather than awareness, we can truly say the one year plus of workshops have given us a lot to learn on PDPA, even as we were lead speakers during the workshops. We will be having the deputy commissioner this time around, and we will for once take a secondary speaker and moderator role to the workshop.

We opened registration and in two days, we were maxed out. In fact, our premise is oversubscribed and we had to turn down a few more requests. Hopefully we will be able to help address these concerned parties in the future. Otherwise, just write in to avantedge@pkfmalaysia.com and we will sort out your questions as best as we can.

Registering for Personal Data Protection Act (PDPA) Malaysia

A lot of our clients have questioned us on how to register for PDPA, which seems to be the biggest concern at the moment.

Firstly, find out if you are in the list of company class to be registered:

Client Notification for PDPA – PKF Avant Edge

Then once determined, follow the flow chart as below

Registration Flow Chart

Ta – da! It’s pretty straight forward. But do make sure to do so before the 15th of February!

 

 

Quit Calling Me or I will PDPA you!

This might be what, in the near future, we- the hapless victims of thousands of unsolicited phone calls and emails and SMSes- can say to the perpetrators who haunt our dreams with midnight messages and ghostly voicemails.

Here’s the fact:

1) In my SMS inbox, I have three dozen messages from entities I don’t know over the last week. Half of them from politicians wishing me a good year of the Snake. Others from banks. Others from Astro. And I just had one telling me there’s an MACC stand up comedy coming up. What. The.

2) I have received some ridiculously timed phone calls. One came a few days back when Unifi was facing a nationwide outage, and which had all the TM support coming back from their homes to fix it, given that they had a one year downtime policy, with the commitment to give updates to customers every 500 hours of downtime. Yes, I am being sarcastic. Unifi is a good intention and we appreciate it, but there’s still a lot of holes to plug for that service. While halfway through one of the worst Unifi outage in the history of their short existence, I received a chirpy call from a woman identifying herself as a representative of TM. I immediately thank the gods for such superb, initiative from TM: to call me to apologise and to have my Unifi fixed immediately, without me lodging a call (since it was not possible due to Unifi support line also being down). Instead the chirpy woman started to ask me if I wanted to upgrade my Unifi package to better ones. I asked her if she was aware there has been a major outage and the entire world was tweeting #unifi and trending to #garbage. She happily responded she had no idea. I wish we could do an audit on Unifi support based on ISO20000 or ITIL. I bet we could add some value there.

3) How many emails have we received from companies we have unwittingly gave our information to? I am not talking about those health hormones, Nigeria scams, appendage enlargement junk email. I am talking about unsolicited marketing material from restaurants we have visited, companies we have met along the way etc. Admittedly we have also done such things (updating our customers)…but I have received piles and piles of emails and trilobytes of documents. It’s time for this madness to end.

So, Personal Data Protection Act? We’re not going to go through the 7 principles here. Many other websites have articulated it well enough. The question here is, if I have a company and we collect data as part of our CORE business, are we screwed?

No, you’re not. But you have some work to do.

You see, the PDPA is not telling you NOT to collect personal data. It’s governing the way you do it. It’s setting up rules, like putting a referee in a previously free for all football game. The good news is that, the rules are not extremely rigid or specific. So there’s what we unprofessionally call, wriggle room. Most consulting companies have fancy terms for this, but at PKF, we are what we term a coffee-shop jargon company. We don’t like to throw in big terms that can use an easy word to describe.

There are numerous ways to comply to PDPA, which we will touch on later. We provide IT and legal assistance for PDPA compliance. But the first thing you can do for yourself is this: do you have any policies and procedures governing your business processes? If the answer is no, then  there’s where you will generally need to begin. A documented approach on collecting, sharing and storing data is essential for compliance. If you already have, well, you’re on your way to compliance already even before you begin.

Let the new era of Data Protection begin!

Newer posts »

© 2024 PKF AvantEdge

Up ↑