Embed Size (px)
Citation preview
Impact of ICT on Privacy and Personal Data Protection in Two Malaysian
Academic Libraries
NURUL AZURAH MOHD RONI
Hamdan Tahir Library
Universiti Sains Malaysia
MOHD KAMAL MOHD NAPIAH
Hamzah Sendut Library
Universiti Sains Malaysia
BASRI HASSAN
Kulliyyah of ICT
International Islamic University Malaysia
We lead
• To investigate policies, preparedness & awareness of two Malaysian Academic Libraries; International Islamic University Malaysia (IIUM) & Universiti Putra Malaysia (UPM) on the issues of privacy and data protection
• To discover library users’ perceptions with regard to the collection and use of their personal data
• To examine the policies and practices adopted by libraries in relation to users’ privacy
Objectives of the Study
We lead
Overview
• The digital form of information resources & services in the library keep growing
• Library keep data in digital form: easy to retrieve & organize
• The advent of digital technology has posed some threats especially
in term of personal data
privacy• What is the THREAT?
We lead
Overview
“Great deal of information is already being gathered about each of us, by private companies as well as government agencies, and we often have no idea how it is used or whether it is accurate”
Bill Gates , 1996
We lead
Buying and selling personal
data is widespread worldwide
We lead
Familiar with this?
We lead
Selling millions email addresses for RM20
We lead
• Gazetted on 10th June 2010• Personal Data is a data relates directly or
indirectly to data subject• Data User is a person who either alone or
jointly or in common with other person processes or authorizes the processing of any personal data or has control over personal data
Malaysian Personal Data Protection Act
We lead
Exemptions of the act
1. Federal & States Government
2. Non-commercial transactions
3. Personal, family & household affairs
4. Credit Reference Agencies
5. Data processed outside Malaysia
6. Partial exemptions: prevention or detection of crime/for preparing statistics or research/ for journalistic, literary or artistic purpose/ for physical or mental health of data subject/apprehension or prosecution of offenders
We lead
Data Protection Principles
1. Data cannot be processed without consent of data subject
2. Data user shall inform the data subject that his data is being processed, while data subject has the right to request access
3. Data cannot be disclosed to others without consent of data subject
4. Data cannot be kept longer than it is necessary for the fulfillment of the purpose
We leadData Protection Principles
5. Data user shall take reasonable steps to ensure that the data is accurate, not misleading & kept up-to-date
6. Data subject shall be given access & be able to correct the personal data
7. Data user shall take practical steps to protect the data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction
We lead
Library Scenario
Disclosure
Selling Data Misuse
Alteration Unauthorized Access
Transfer Data without Protection
We lead
Do your library has a guideline?
• It is important to have a privacy policy/professional code of ethics and conducts as a guideline
Code of Ethics, ALA (1995):
“ We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted”.
Library
We leadThe Study
• Methods of the study: interview & questionnaires• The total number of the sample was 170
respondents. Out of this, 160 respondents were surveyed through questionnaires, and 10 respondents (library personnel) were interviewed. They were from the Department of Technical Application Services and Collection Development Division in the IIUM library, and the System and Information Technology Division and Circulation and Promotion Division in the UPM library.
Findings
Library personnel aware and observe the privacy & data protection policies in the library even though there were no official written statements
Findings
Library personnel realized that privacy & data protection policies still pending in term of implementation at their parent organization (university) as well as in the libraries
Findings Library users were aware
about their privacy & personal data protection
Library users realized that their privacy & data protection were threatened
We lead
What’s next
• Study the implementation of data protection guideline/policy among Malaysian Libraries
• Bigger respondents for more data• More libraries for comparison• For those having such policy, sharing is caring?• Malaysian Libraries Personal Data Privacy
Policy? PERPUN?PPM?PNM?
We lead
• Data Protection is all about respect & common sense
• It is about striking a balance between the need of organization to process data and the privacy of the individual
Prof Abu Bakar Munir, University of Malaya
We lead
