Possible Solution to Prevent Future Personal Data Breach
proposal aims to achieve a single standard that allows consumer goods and services providers to address all the life-cycle issues of privacy by design so that through its use and proven compliance consumers can make goods purchases and use services with greater confidence that privacy protection has been designed into the products.
The recent reports on the hack of a dozen Malaysian telcom providers and jobseeking websites and stolen information from CIMB found that the personal information of nearly every single citizen was affected by the leak or theft. Media report cited that the online technology site lowyat.net said the hackers have the home addresses, identity card numbers, SIM card information and private details of almost the entire Malaysian population of 32 million. Many Malaysians have several mobile numbers. In addition, 81,309 records from the Malaysian Medical Council, the Malaysian Medical Association and the Malaysian Dental Association were also exposed, the tech site said. The records contained personal information such as residential addresses along with IC and mobile phone numbers.
MCMC must impose strict requirements on all businesses seeking personal information of consumer and members of the general public. Consumers must be vigilant and protect their personal information especially the identification card number and details. Laws must prohibit requesting of IC no. by private businesses even for security purposes at business premises and gated and guarded community entrances for example. As some technology expert cited the Malaysian IC technology has not really caught up with latest personal security technology.
A new work item proposal by the International Organization on Standardization (ISO) “Consumer protection: Privacy by design for consumer goods and services”, could provide regulators and businesses guidance on building privacy into their business and operation model and their products and services. The scope of the new standard being proposed is as follows:
“Specification of the design process to provide consumer goods and services that meet consumers’ domestic processing privacy needs as well as the personal privacy requirements of data protection.
In order to protect consumer privacy the functional scope includes security in order to prevent un-authorised access to data as fundamental to consumer privacy, and consumer privacy control with respect to access to a person’s data and their authorised use for specific purposes.
The new work item proposal aims to achieve a single standard that allows consumer goods and services providers to address all the life-cycle issues of privacy by design so that through its use and proven compliance consumers can make goods purchases and use services with greater confidence that privacy protection has been designed into the products.
A solution involving several standards to cover a number of phases of product design and update/withdrawal is seen as leading to consumer confusion should only one of several standards be taken up by providers. The digital world is faster in design change, lower cost for design update and so a more integrated process is needed round the continuous improvement cycle of ISO 9001. Product providers will benefit from an improved trust position in the market compared to the product providers who do not use and comply with the standard”.
The voting for the new proposal ends December 7, 2017. It is in the urgent interest of those hacked and those affected by the hacks to get involved in the development of this international standard. A copy of the proposal can be downloaded here. Unfortunately the link for the new work item proposal does not appear on the Department of Standards Malaysia website but appears other ISO members website such as the New Zealand Standards Body’s and Japanese Industrial Standards Committee’s websites. Those in Malaysia interested in being involved in the development of the standards or seeking more information can contact the Department of Standards Malaysia. Other relevant standards include the risk management system ISO 31000 and business continuity management ISO 22301.
MCMC must impose strict requirements on all businesses seeking personal information of consumer and members of the general public. Consumers must be vigilant and protect their personal information especially the identification card number and details. Laws must prohibit requesting of IC no. by private businesses even for security purposes at business premises and gated and guarded community entrances for example. As some technology expert cited the Malaysian IC technology has not really caught up with latest personal security technology.
A new work item proposal by the International Organization on Standardization (ISO) “Consumer protection: Privacy by design for consumer goods and services”, could provide regulators and businesses guidance on building privacy into their business and operation model and their products and services. The scope of the new standard being proposed is as follows:
“Specification of the design process to provide consumer goods and services that meet consumers’ domestic processing privacy needs as well as the personal privacy requirements of data protection.
In order to protect consumer privacy the functional scope includes security in order to prevent un-authorised access to data as fundamental to consumer privacy, and consumer privacy control with respect to access to a person’s data and their authorised use for specific purposes.
The new work item proposal aims to achieve a single standard that allows consumer goods and services providers to address all the life-cycle issues of privacy by design so that through its use and proven compliance consumers can make goods purchases and use services with greater confidence that privacy protection has been designed into the products.
A solution involving several standards to cover a number of phases of product design and update/withdrawal is seen as leading to consumer confusion should only one of several standards be taken up by providers. The digital world is faster in design change, lower cost for design update and so a more integrated process is needed round the continuous improvement cycle of ISO 9001. Product providers will benefit from an improved trust position in the market compared to the product providers who do not use and comply with the standard”.
The voting for the new proposal ends December 7, 2017. It is in the urgent interest of those hacked and those affected by the hacks to get involved in the development of this international standard. A copy of the proposal can be downloaded here. Unfortunately the link for the new work item proposal does not appear on the Department of Standards Malaysia website but appears other ISO members website such as the New Zealand Standards Body’s and Japanese Industrial Standards Committee’s websites. Those in Malaysia interested in being involved in the development of the standards or seeking more information can contact the Department of Standards Malaysia. Other relevant standards include the risk management system ISO 31000 and business continuity management ISO 22301.
Comments