This document summarizes a study investigating the policies, preparedness, and awareness of privacy and data protection at two Malaysian academic libraries - the International Islamic University Malaysia (IIUM) and Universiti Putra Malaysia (UPM). The study found that while library personnel were aware of privacy and data protection issues, official written policies were still pending. Library users recognized that their privacy and personal data could be threatened. The study recommends further examining implementation of data protection guidelines across Malaysian libraries and establishing a shared privacy policy to protect library user data.
1. Impact of ICT on Privacy and Personal
Data Protection in Two Malaysian
Academic Libraries
NURUL AZURAH MOHD RONI
Hamdan Tahir Library
Universiti Sains Malaysia
azurah@kk.usm.my
MOHD KAMAL MOHD NAPIAH
Hamzah Sendut Library
Universiti Sains Malaysia
mohdkamal@usm.my
BASRI HASSAN
Kulliyyah of ICT
International Islamic University Malaysia
basrihassan@iiu.edu.my
2. We lead
• To investigate policies, preparedness & awareness of
two Malaysian Academic Libraries; International
Islamic University Malaysia (IIUM) & Universiti Putra
Malaysia (UPM) on the issues of privacy and data
protection
• To discover library users’ perceptions with regard to
the collection and use of their personal data
• To examine the policies and practices adopted by
libraries in relation to users’ privacy
Objectives of the Study
3. We lead
Overview
• The digital form of information resources &
services in the library keep growing
• Library keep data in digital form: easy to
retrieve & organize
• The advent of digital technology has posed
some threats especially
in term of personal data
privacy
• What is the THREAT?
4. We lead
Overview
“Great deal of information is already being
gathered about each of us, by private
companies as well as government agencies,
and we often have no idea how it is used or
whether it is accurate”
Bill Gates , 1996
8. We lead
• Gazetted on 10th
June 2010
• Personal Data is a data relates directly or
indirectly to data subject
• Data User is a person who either alone or
jointly or in common with other person
processes or authorizes the processing of any
personal data or has control over personal
data
Malaysian Personal Data Protection Act
9. We lead
Exemptions of the act
1. Federal & States Government
2. Non-commercial transactions
3. Personal, family & household affairs
4. Credit Reference Agencies
5. Data processed outside Malaysia
6. Partial exemptions: prevention or detection of
crime/for preparing statistics or research/ for
journalistic, literary or artistic purpose/ for physical
or mental health of data subject/apprehension or
prosecution of offenders
10. We lead
Data Protection Principles
1. Data cannot be processed without consent of data
subject
2. Data user shall inform the data subject that his data
is being processed, while data subject has the right
to request access
3. Data cannot be disclosed to others without consent
of data subject
4. Data cannot be kept longer than it is necessary for
the fulfillment of the purpose
11. We lead
Data Protection Principles
5. Data user shall take reasonable steps to ensure that
the data is accurate, not misleading & kept up-to-
date
6. Data subject shall be given access & be able to
correct the personal data
7. Data user shall take practical steps to protect the
data from any loss, misuse, modification,
unauthorized or accidental access or disclosure,
alteration or destruction
13. We lead
Do your library has a guideline?
• It is important to have a privacy
policy/professional code of ethics and
conducts as a guideline
Code of Ethics, ALA (1995):
“ We protect each library user’s right to
privacy and confidentiality with respect to
information sought or received and resources
consulted, borrowed, acquired, or
transmitted”.
15. We lead
The Study
• Methods of the study: interview & questionnaires
• The total number of the sample was 170
respondents. Out of this, 160 respondents were
surveyed through questionnaires, and 10
respondents (library personnel) were interviewed.
They were from the Department of Technical Application
Services and Collection Development Division in the IIUM
library, and the System and Information Technology Division
and Circulation and Promotion Division in the UPM library.
16. Findings
Library personnel aware and observe
the privacy & data protection policies in
the library even though there were no
official written statements
17. Findings
Library personnel realized that privacy
& data protection policies still pending
in term of implementation at their
parent organization (university) as well
as in the libraries
18. Findings
Library users were aware
about their privacy &
personal data protection
Library users realized that their
privacy & data protection were
threatened
19. We lead
What’s next
• Study the implementation of data protection
guideline/policy among Malaysian Libraries
• Bigger respondents for more data
• More libraries for comparison
• For those having such policy, sharing is caring?
• Malaysian Libraries Personal Data Privacy
Policy? PERPUN?PPM?PNM?
20. We lead
• Data Protection is all about respect & common
sense
• It is about striking a balance between the need
of organization to process data and the
privacy of the individual
Prof Abu Bakar Munir, University of Malaya