Malaysia Full Disk Encryption: SMEs Are Told To Protect Client Data.

According to, small and medium sized enterprises (SMEs) in Malaysia have reason to seriously start exploring the use of laptop encryption solutions like AlertBoot.

SMEs specifically have been warned about keeping safe the information they collect from clients.  Malaysia has become the first ASEAN (Association of Southeast Asian Nations) member to pass data protection legislation.  The law went into effect on November 15, 2013 (less than 90 days ago), and companies have until February 15 to register with the Personal Data Protection Department (PDPD) as “data users”.

Penalties for Offenses

Companies who commit an offense can be fined up to RM500,000 (approximately US$150,000) or face three years in jail.

What kinds of offenses are included?  The article at doesn’t list them, but notes that sharing customer information with third parties, without the customers’ consent, would be a breach of the data protection act.  

I found it interesting that the article included the following quote:

“Many SMEs in Malaysia have the wrong perception that they will be spared from cyber attacks, assuming that it would only happen to big corporations,” Tan said.

It was further revealed that 31% of companies targeted by hackers were SMEs with fewer than 250 employees.

The above implication is that being attacked by hackers could also be categorized as a breach of the data protection act, leading to fines or jail time by the PDPD, as harsh as that may sound.  One assumes, however, that the PDPD has prosecutorial discretion over which SMEs to penalize, depending on the type of breach.

For example, as global trends over the past couple of months have shown, stopping hackers is hard (one may say it’s impossible.  Not that this means one shouldn’t be trying – if you’re not trying, you deserve to be penalized).  However, if a company exposes customer data because they lost a computer that was not protected with laptop encryption software, then that’s not the fault of hackers, is it?

In that particular case, the person that ought to be penalized, crucified, pilloried, and savaged is the SME that allowed such a data breach to take place.  After all, hackers had nothing to do with it.

Related Articles and Sites:

Comments (0)

Let us know what you think