DATA BREACHES EXIT STRATEGY: A COMPARATIVE ANALYSIS OF DATA PRIVACY LAWS

Abstract

Data has become highly valuable in the era of digitalisation and is the main target of cybercriminals. Cybercriminals steal data by exploiting system vulnerabilities. The rise of catastrophic data breach incidents affects business operations, reputation and legal standing, leading to business disruptions, financial loss and reputation damage. These incidents have raised data security concerns. The frequent incident is partly due to insufficient security measures in place. This article employs doctrinal research focusing on legal principles based on legislation to analyse Malaysia’s legal framework for protecting personal data in Malaysia and a comparison with other jurisdictions, i.e. the European Union General Data Protection Regulation (GDPR), the Singapore Personal Data Protection Act 2012 and the China Personal Information Protection Law (PIPL). The findings show that Malaysia’s data protection laws fall short of the international norm in some areas. This article suggests that Malaysian policymakers may amend the Personal Data Protection Act 2010 to align with international data protection standards to strengthen data security measures in preventive, detective and responsive data breaches. Consequently, this article provides an analysis of data protection laws in Malaysia and compares them with other advanced jurisdictions. It offers valuable insights into the challenges and opportunities involved in safeguarding personal data, the legal framework, and organisational strategies related to data privacy and security.