On the 25th of February, PKF Avant Edge, along with the MAD Incubator organised our largest Personal Data Protection Act (PDPA) workshop. This was our 8th workshop on PDPA starting from November 2012, and our second one that was done with the MAD Incubator in the MSC Technology Commercialisation Centre in MMU, Cyberjaya. We had almost 200 people registered for this event, in a large part due to our speaker, Dr Zainal Abidin Sait, who is the Deputy of Director General of Personal Data Protection Department under the Ministry Communication & Multimedia. In other words, to many people, PDPA from the horses mouth.

It took some time for us to organise this, in part due to the festival season in January and February, but mainly because Dr Zainal was a very busy man. Even when we took the time to meet him in his Putrajaya office in the KKMM building to confirm the agenda with him, I only had him for 10 minutes or so. It would have been shorter, but I suspect he was polite enough to give us a bit more time seeing that we came all the way to see him over something that could have been done by email. I was, in many aspect, extremely old school in this regard. 10 minutes face to face was worth a 100 emails back and forth.

The main reason I wanted to organise this workshop was to shape it like a Q&A session. Aside from being the speaker for the past 7 workshops we’ve done (all for free–I see it as part of our CSR), I’ve attended many PDPA talks. In most of these cases, they were conducted by mainly legal practitioners. Very experienced ones. And they were very good, and they went through the act very thoroughly, dissecting it with appropriate legal pizazz that the Act deserves. But like me, they weren’t enforcers. Our interpretation is through our own lenses, and try as we might, we carry some bias, and probably some misunderstanding of the Act itself. This was exacerbated by experiences I heard from other clients about the stringent requirements of the Act, set forth by their company lawyers. Again. They are not enforcers, and legal practitioners, bless their soul, would rather err on the side of caution. So what happened, is that some of my clients are so exasperated at the Act, that requires them to get people to sign off consent when they pass Parkson gift vouchers to them. Yikes. Time to get the horse on board.

So I took the first session and went through a few illustrations of data breach for the audience. Basically, I used this illustration from www.informationisbeautiful.net. Aside from that, I demonstrated live a social trawler called Maltego by Paterva. We use this tool a lot in our penetration testing and social engineering services for our clients. This basically trawls the internet looking for publically available information about an individual. Suffice to say, these demonstrations of data mining was to set the context for Dr Zainal to work his magic. I went through the 7 principles quickly, had the coffee break session and then from around 10:30 am to 12:30 noon, Dr Zainal engaged the audience in his very frank dissection of the PDPA.

He only used one page of PDF. He advised us to read the act in Bahasa Malaysia. He broke down a lot of misconceptions of the Act, as well as who and what are in scope and not in scope. In all, his simple, straightforward talk on PDPA was the best I’ve heard. It was down to earth, easy to understand, and invited conversations and engagement with the people. It wasn’t someone holding a hammer over your head, it was a person who genuinely wanted to help. And so understandably, the questions started flowing in. He deftly answered most of them, in others, I only helped in rewording to make it clearer. It is a HUGE difference to have Dr Zainal speak compared to legal or IT practitioners. We are limited to how we see the act. He is not.

We managed to give him a nice speaker’s gift from PKF Avant Edge, a Royal Selangor dish with a thank you note engraved upon it. I hope there will be more sessions that we can arrange with him again. As far as first time speaker goes for us, Dr Zainal was a smashing success. Thank you, Dr.

My Slides can be downloaded here.

Dr Zainal didn’t use any slides, so if you missed his presentation, well…we’ll need to arrange another one!