When a data breach occurs and sensitive or confidential protected data is accessed or disclosed without authorization, every Malaysian who are affected have the right to know and in a timely manner. The right to be informed is the most basic right.
Our rationale, calling for this to be included is, it will put Malaysians on immediate alert to monitor for potential identity theft and helps them to quickly change online account information and prevent outside access to the account. It could also possibly instill a greater sense of security for every individual Malaysian.
Under the current PDPA, data subjects are given the following rights but not the rights to know whenever a breach occurred:
The right to be told whether their data is processed by an organization
The right to access personal data
The right to rectify personal data
The right to withdraw consent to process personal data
The right to prevent processing likely to cause damage or distress (distress)
The right to prevent processing for purposes of direct marketing
A time frame to be imposed on organizations requiring them to alert customers to a breach within five days of discovering it. Alerts should be provided through written notice and electronic notice.
With online databases and private account information being hacked so frequently now, consumers are more vulnerable to exposure and harm.