THE creator of an online tool to help the public find out if their data have been leaked on the Internet has not breached the Personal Data Protection Act (PDPA), The Star reports, quoting a lawyer.

The Bar Council’s cyber law and information technology committee co-chairman, Foong Cheng Leong, told the paper that the sayakenahack.com website was just a platform for people to check if they were affected, and not to download the data.

“If the website allows people to download the personal data of others, then it will be a violation of PDPA.”

Foong said the website, created by tech blogger Keith Rozario, had not violated the law and it the onus would be on the Malaysian Communications and Multimedia Commission (MCMC) to prove if he had committed an offence.

MCMC has blocked the website on grounds of unlawful collection of personal data.

Rozario has defended the site, saying it was the “public’s right to know” if they had been affected by the leak, adding that the site was secure and communications by users verifying if their personal data had been leaked would be encrypted.

Rozario said the leaked data was available online to hackers and those with the skills to find the information.

He said sayakenahack.com was a public service to help people without the same IT skills to find out if they had become victims of the breach.

The breach, involving the data of 46.2 million mobile phone subscribers, was first revealed in an article published on online forum Lowyat.net last month. It removed the article on orders from MCMC.

Telcos like Digi and Maxis have so far issued statements to advise customers to be on guard against scam emails and phone calls and to be wary about sharing and validating their personal information. – November 18, 2017.