Bersatu To Mcmc How Would You Process Anonymised Data From Telcos

---

 



Bersatu today questioned the MCMC over how it would process anonymised data collected from telecommunications operators.
This follows the regulator’s assurances that mobile phone data gathered from telcos would be anonymised and utilised exclusively for generating official statistics to inform tourism, as well as information and communication technology (ICT) policy decisions.
In a statement today, Bersatu's communications and new media chief, Na’im Brundage, also questioned what privacy protection protocols would be employed, and what form of oversight and auditing would be implemented to prevent data misuse.
“Any data collection process must be carried out with clear consent from data owners, accompanied by comprehensive public consultation, as well as strict monitoring and auditing by independent bodies.
“Even more concerning, the public only learned of this through international media reports without any prior notification or public consultation from the government or MCMC.
“Bersatu Youth urges that this mass collection of citizens’ data by MCMC be stopped immediately,” the party wing’s executive council member said.
No personally identifiable information - MCMC
The MCMC yesterday assured that no personally identifiable data is being shared for the collection of mobile phone data.
This statement came on the heels of a South China Morning Post report that the commission had ordered telecommunications companies to submit their mobile users’ call and internet usage logs for the first three months of this year.
The MCMC said the data being collected is anonymised and emphasised that “no personally identifiable information is accessed, processed, or disclosed”.
It said telcos are given the option to process the data within their own secure environment and submit the required anonymised and aggregated output to the MCMC, or submit anonymised data to the MCMC for processing if they don’t have the ability to process the data in-house.
“In both cases, no individual subscriber can be identified through the data collected,” it said.
ADSMCMC said in the tourism sector, the data is being used to generate indicators such as the number of visitors and domestic tourism trips.
In the ICT sector, the data is being used to produce granular statistics such as the number of active mobile broadband subscriptions and penetration rates at the state, district, parliamentary constituency, state constituency, local authority, and other levels.
The move followed two years of stakeholder engagement with all mobile network operators, which also involved representatives from the Statistics Department, the Communications Ministry, the Tourism, Art, and Culture Ministry, and the International Telecommunications Union.
“This initiative aligns with international best practices. It mirrors similar projects already implemented in countries such as Indonesia and Brazil, where anonymised telecommunications data is used to enhance national statistics while fully safeguarding user privacy,” it said.
According to the SCMP report, the MCMC had asked for data such as call records, IP call records, location, latitude, and longitude.
It reportedly warned telcos in an April letter that failure to comply is an offence under the MCMC Act 1998 and punishable with a fine up to RM20,000 or six months imprisonment.
2017 data breach
In 2017, Malaysia’s largest known data breach came to light when an anonymous internet user attempted to sell the data on an online forum.
A large portion of the data - amounting to about 126.7 million records including names, MyKad number, address, phone number, and phone brand, model, and serial number - came from telcos.
A Malaysiakini investigation revealed that the leaked telecommunications data likely stemmed from a database that operators had compiled and submitted to the MCMC’s Public Cellular Blocking Service (PCBS), a system designed to prevent stolen mobile phones from being used on networks.
The MCMC ended its contract with Nuemera (M) Sdn Bhd, which operated PCBS, following the breach. However, police cleared the company and its staff of wrongdoing. - Mkini

---