Data privacy is becoming an increasingly important consideration for businesses in Malaysia, and the government will need to play its part to develop relevant safeguards - this was the verdict of a panel of experts at a recent DatacenterDynamics event in Johor Bahru.
“Data stored in a country where a company is located is not necessarily more secure; on-premises infrastructure that is not maintained securely is not necessarily more secure,” said Jeff Bullwinkel, the associate general counsel of Microsoft in the Asia Pacific and Japan.
The importance of data
Bullwinkel shared this observation at a panel discussion on the thorny topic of data sovereignty and cross-border transactions at DCD>Malaysia. Held at the Hilton’s DoubleTree Hotel on Thursday, the event saw 150 senior data center professionals and investors gather to discuss the future of Malaysia’s digital economy.
To underscore the crucial role of data today, Michael Mudd, managing partner of Asia Policy Partners, pointed to the Japanese earthquake of 2011 and how thousands of affected companies never got back into business – since crucial data about their customers, accounting records and enterprise resources was irrecoverably lost in the natural disaster.
For all the unprecedented reach and opportunities that cloud technologies offer, there is no question that the location and sovereignty of data represents a complex minefield to the unwary. Malaysia Digital Economy Corporation (MDEC) is among the organizations seeking to address this complexity.
On legal considerations
As a developmental agency, MDEC is in a position to play a “double role” by addressing lawful requests for data, and balancing the need for access with the privacy concerns of cloud providers and businesses, explained Wan Murdani Mohamad, the director of Enabling Ecosystem at the MDEC.
“As a country, you must make sure that you have controls for flow of physical goods in and out of the country. We need to [implement similar] and efficient mechanisms in the digital space,” he added.
There are currently “more than 30 laws” in Malaysia that regulate requisition of data, and MDEC is working to ensure privacy is protected but the benchmark is not set too high, so lawful requests can be made, Wan Murdani said.
“In Malaysia, our courts are closed on the weekend. What if there is [an urgent] data request comes in on Friday night?” he asked. Yet there is also a need to ensure that businesses are confident that they are adequately protected: “We deal a lot with the investors, and we recognize that this is an issue that must be addressed.”
“We want to bring in investments; we want to give [businesses] the best level of comfort to protect customer data. We must work closely with people like Jeff [Bullwinkel] to make sure we can carry the kind of best practices and implement that in our law enforcement,” he said.
“MDEC is committed to make sure that we play our role. With the right data governance to ensure that they work hand in hand.”