Data Protection legislation will become the norm

It’s encouraging that Malaysia has passed a Privacy and Data Protection Act. It is even more encouraging that the government is taking practical steps – working with public and private sectors – to translate the legislation into practical data security. This new Malaysian law seems to have many of the attributes of the EU and UK data protection and privacy legislation and recognises that individual data must be properly protected and maintained.

Coming on the heels of India’s more comprehensive Information Technology (IT) Rules 2011, which also contains stringent requirements around privacy and data protection, it is evident that developing economies are increasingly recognising the need for governments to take a clear, regulatory lead in terms of creating appropriate frameworks for protecting personal data.

I would expect to see ISO 27001 – the international standard for data security – become ever more widely deployed as governments recognise the importance of information security management. India, of course, has already set out a requirement for organisations to undergo an annual audit to ISO27001.

It’s a pity that the United States – the world’s biggest digital economy – still lacks a single, federal law that protects individual data (other than on a sectoral basis, such as HIPAA or GLBA). Still, I guess we have to hope that, where the developed economy leads, the mature US economy will follow!