KUALA LUMPUR: For a mere 10 sen, your personal data are being sold to unauthorised bodies. A list of 1,000 entries containing names, handphone numbers, type of credit card owned and issuing banks, and place of work costs only RM100.
If you regularly receive unsolicited sales calls, messages or e-mails, then in all likelihood, your data have been collected and sold to third parties.
With such baseline information in the hands of the unscrupulous, more particulars could easily be gathered and your identity stolen – for transactions and the purchase of goods or services without your knowledge.
A list obtained by Sunday Star linked individuals to credit cards although banks regard the leaking of information as a very serious offence.
Those caught for this offence could be subjected to punishment under Section 97 of the Banking and Financial Institutions Act.
Association of Banks in Malaysia executive director Chuah Mei Lin said that member banks treated customer information with the greatest of confidentiality and would not sell or use information indiscriminately outside the confines of the banker-customer relationship.
“Banks will also not hesitate to take disciplinary action and to report employees who breach laws, regulations and policies,” said Chuah.
The fact is any database is vulnerable – from loyalty cards and telecommunications companies to housing developers to members-only clubs – and there will be a demand for it as it represents a list of potential customers.
An entry from a database of an exclusive club comprising Datuks and Tan Sris, for example, could fetch RM3 each and resold for RM4.
National Consumer Complaints Centre chief executive Muhammad Shaani Abdullah said this was a dangerous development.
“What are the authorities doing about this? If someone makes a higher offer, what is there to prevent other vital information such as credit card numbers from being obtained?” he said.
Currently, telecommunications companies are not allowed to give out personal data of their clients to any third party under the General Code of Practice for the Commission and Multimedia Industry Malaysia and provisions of Communications and Multimedia Act.
Celcom said it adhered to its Protection of Consumer Information Policy to safeguard its customers’ personal data.
“In the event of any leakage of customers’ information and upon receiving an official complaint, a thorough investigation will be conducted.
“We will not hesitate to initiate legal action if we uncover evidence of such wrongdoing,” said its CEO Datuk Seri Shazalli Ramly.
What is clear is that piecemeal law must be replaced by comprehensive data protection legislation in Malaysia.
A Data Protection Act and a Privacy Act have to be enacted as well as an amendment to the Constitution enshrining the right to privacy