Legal, policy framework needed

LETTERS: The onslaught of Covid-19 has forced most workers to work from home (WFH).

The Department of Statistics Malaysia reported that 44 per cent of workers were told to WFH and that 67.8 per cent of companies have no revenue during lockdowns, while 53.4 per cent of companies can survive for one to two months if they provide full-time or half-pay leave to employees.

When the sudden shift came globally, most organisations and individuals were ill-prepared for WFH. Employees ended up using their own devices for work-related activities.

The measures are understandable due to the unprecedented health crisis, which immobilises physical movement and group physical interaction which are natural in an office environment.

Unfortunately, WFH environment that leverages on an open platform, video conferencing, document sharing, collaboration tools connected on wireless communication and personal devices opens up to a myriad of cyberthreat and attacks.

Whilst the government and online banking transactions have long been built on a secure system and many organisations heavily invested in security systems, it is not the same with home environment.

The nonchalant use and sharing of corporate, commercial and personal data in a WFH environment further increases the risk of leakage of data.

It is no exaggeration that in this pandemic, cybersecurity issues are as real and severe as the Covid-19 threat to the world population.

The interconnectedness of networks requires new levels of security and oversight. Data security and management will be the ultimate endgame in the “new normal” post-Covid-19.

With remote working expected to be more mainstream, many organisations that are not considered as part of the critical infrastructure may be put in the ecosystem.

It is hoped that any new policy provides a clearer elucidation on the designation of critical computer systems, as well as reporting duty, audit, breach notification and offences.

The constant cyberattacks and large-scale data breaches targeting government information systems across the world warrant coordinated cybersecurity research and management, including incentive systems and capacity building.

Lessons can be drawn from the Australian Security Legislation Amendment (Critical Infrastructure) Bill 2020, which provides additional obligations such as written notice, threat response, cybertraining, resilience training and access to information system.

The United States has also outlined obligations on devices connected to Internet of Things owned by the Federal Government as set out in the Internet of Things Cybersecurity Improvement Act of 2020.

Therefore, for us, current cyberlaws such as the Computer Crimes Act 1997, Communication and Multimedia Act 1998, Telemedicine Act 1997, Digital Signature Act 1997 and the Personal Data Act 2010 require refinements, if not an overhaul.

The pandemic has unearthed the gaps and cracks in the legal system, which requires “booster” provisions just like how vaccine works on immune system in this pandemic.

The government’s launch of the National Security Policy 2021-2025 is timely. In this pandemic, it is critical to have a robust, trusted and resilient legal and policy backbone.

PROFESSOR DR IDA MADIEHA ABDUL GHANI AZMI, DR MAHYUDDIN DAUD, ASSOCIATE PROFESSOR DR SONNY ZULHUDA, FAIZ AMIRUL NAQIB RAMLI

Civil Law Department, Ahmad Ibrahim Kulliyyah of Laws, International Islamic University Malaysia

Source: https://www.nst.com.my/opinion/letters/2021/07/710482/legal-policy-framework-needed

Skip to content