Exploring strategies for public awareness on security data breaches of individuals involving personally identifiable information

Date: Thursday, March 8, 2018
Time: 11:00 - 01:15 PM
Room: Flyover Front
Skill Level: Intermediate
Language: English
Duration: 2 hour(s)
Format: Internet Freedom: Present and Future
Presenter: Nany
Other Presenters: Tan Sze Ming
Should we all consider Personal Data Protection Act (PDPA) be a basic right? On 2017, a Malaysian nationwide well-known online forum Lowyat.net has reported through an article that roughly 46.2 million of mobile phone numbers from Malaysian telcos and mobile virtual network operators (MVNO) have been leaked online. The leak includes postpaid and prepaid numbers, customer details, addresses as well as sim card information – including unique IMEI and IMSI numbers. The forum also confirmed that there was an individual who tries to sell the leak data in their forum to make a quick profit. This has impact nationwide consumers security and privacy. In response to Lowyat.net’s article, Malaysian Communications and Multimedia Commission (MCMC) decided to requested the removal of their article. The same article was reposted by another news website Free Malaysia Today (FMT) which also then removed from their website. The information available can be exploited to initiate multiple social engineering attacks against affected users. In this workshop, we would like to explore several areas that involves in Personal Data Protection Act (PDPA) worldwide, particularly in Southeast Asia region such as: best practices about public awareness of data breach, the role of telco companies, governments, and other responsible parties on consumers rights when data breach happens, and will the guilty parties be punished for failing to keep their customers' data private?
Target Audience:
Journalists, Software Developers, Security Trainers, Designers, Usability, Advocacy/Policy Professional, Communications Professionals, Academia, Front Line Activists
Desired Outcome:
A framework about best practices about public awareness of data breach, and steps required to hold guilty parties accountable