22/01/2026

THURSDAY | JAN 22, 2026

11

COMMENT by Datuk Dr Husin Jazri

Shifting perceptions of phone data M OBILE phone data (MPD) has become a focal point of debate in Malaysia. Public concerns over privacy,

and reinforces compliance with the Personal Data Protection Act (PDPA). Consent, in this context, does not mean individual approval for each anonymised dataset. Instead, it is embedded within the contractual relationship between the public and their service providers. Telecommunications companies, bound by the PDPA, have a responsibility to safeguard subscriber data. Where third parties require access, they should receive only aggregated and anonymised datasets processed by the telcos themselves, ensuring that no personally identifiable information leaves the organisation. Preventing misuse Even anonymised data can be misused if handled carelessly. “Inference”, where anonymised datasets are cross-referenced with other sources, such as CCTV footage, can lead to re-identification. This is why anonymisation must be paired with aggregation. Together, these safeguards can reduce risks and protect against abuse. Those handling MPD should position themselves as guardians of privacy, setting strict standards for anonymisation and aggregation before any data exchange takes place. This ensures that systems are designed to protect citizens, not threaten them. International best practices increasingly emphasise privacy-by design, independent oversight and transparency in data governance. Countries that have embedded these principles into their legal and institutional frameworks have been more successful in building public trust and enabling the responsible use of data for public benefit. Balancing civic benefit with privacy Some argue that anonymised, aggregated MPD does not require consent because it cannot be linked to an individual. While this may be legally defensible, public trust is not built on legal interpretations alone. If people feel excluded from decision-making or perceive selective enforcement of rules, confidence erodes. In Malaysia, the perception that PDPA obligations apply more strictly to private companies than other entities undermines trust. For public

surveillance and consent are valid, especially in a country that has experienced high-profile data leaks. Yet, these concerns risk overshadowing the immense potential of MPD when handled ethically, transparently and within the boundaries of the law. MPD refers to information generated when a mobile phone interacts with a network provider’s infrastructure, from signal strength and transmission duration to general location patterns. When properly anonymised, with personal identifiers removed, and aggregated into larger datasets, MPD cannot be traced to specific individuals. It does not reveal the content of calls, messages or browsing history. In this form, it becomes a powerful tool for the public good. Globally, responsibly managed MPD has supported data-driven governance. During the Covid-19 pandemic, aggregated mobility data was widely used to understand population movement and inform public health responses. In several countries, similar data has been applied to support tourism management, manage seasonal travel patterns and reduce congestion. In Malaysia, MPD can help identify underserved communities, optimise transport routes, guide emergency response and enhance tourism strategies but only if public trust is secured. Trust before technology The central concern for the public is not whether MPD works but how it will be used. Without a clearly stated purpose and open communication, even well-intentioned initiatives can invite suspicion. Transparency must, therefore, be the first principle of MPD governance. Those collecting or processing data should clearly articulate the purpose, scope and safeguards before any collection begins. If the objective is to reduce traffic congestion, improve rural connectivity or strengthen tourism planning, this should be communicated openly, supported by impact reporting and visible accountability. Such openness strengthens public confidence

The central concern for the public is not whether MPD works but how it will be used. Without a clearly stated purpose and open communication, even well-intentioned initiatives can invite suspicion. – SYED AZAHAR SYED OSMAN/THESUN

acceptance, all parties – public or private – must be held to the same standards of transparency, accountability and fairness. Policies introduced for the public good should apply uniformly, without exception. To further strengthen trust, oversight should be managed by an independent data privacy commission instead. Such a body would ensure equal enforcement without fear of bias, political influence or selective application of rules while signalling Malaysia’s commitment to impartial governance and the highest level of data protection. Path forward Strong safeguards must be non negotiable. Anonymisation should be irreversible. Data storage and deletion protocols must be enforced. Independent audits should verify compliance. These are not merely technical measures; they are ethical commitments to use data only for its intended purpose, protect it from misuse and dispose of it responsibly. To unlock MPD’s full potential, Malaysia must: 0 publicly declare the purpose of data collection; 0 ensure telcos handle anonymisation and aggregation;

0 apply equal legal and ethical standards to all parties; and 0 implement independent oversight for compliance. Handled with strong safeguards and transparency, MPD can drive smarter investments, improve public services and strengthen long-term economic resilience while protecting privacy. Malaysia’s strategic location, cultural diversity and digital ambitions offer an opportunity to lead the region in ethical big data use. By applying fairness, openness and consistent governance, mobile phone data can shift from a source of concern to a valuable national asset, supporting better infrastructure, stronger tourism and shared prosperity. DatukDr Husin Jazri has over 30 years of global experience in cybersecurity and data governance. He is an associate professor at the School of Computer Science, Faculty of Innovation and Technology and director of the Global Centre for Cyber Safety at Taylor’s University. He has founded and led major national and international cyber defence initiatives, earning the prestigious Harold Tipton Lifetime Achievement Award by ISC . Comments: letters@thesundaily.com

“Handled with strong safe guards and transparency, MPD can drive smarter investments, improve public services and strengthen long-term economic resilience while protecting privacy.

LETTERS letters@thesundaily.com

Call for reform in motor insurance protections for innocent drivers I WISH to highlight a major gap in Malaysia’s motor insurance

To my knowledge, the only recourse available is to pursue legal action to recover losses. However, such cases are difficult to win due to insurance policy clauses. Moreover, legal costs, lengthy proceedings and uncertainty over the at-fault party’s ability to pay serve as strong deterrents for affected car owners. I hope this letter will prompt greater clarity and lead to meaningful improvements in the relevant regulations. Concerned Malaysian

premiums and comply with the law should not be left vulnerable due to systemic loopholes. I urge BNM to review these practices and consider regulatory reforms to ensure fairness and adequate consumer protection. It is deeply concerning that this situation has persisted for so long, leaving thousands of car owners at a disadvantage, especially given the growing number of motorcycles on the road, including frequent illegal use of highway car lanes due to poor enforcement.

insurance policy. As a result, the innocent party must bear the repair costs or claim under their own insurance and lose their NCD. I respectfully seek Bank Negara Malaysia’s clarification and intervention on these issues. Why are OD-KFK (own damage knock-for knock) protections not extended to motorcycle-related accidents? Can measures be introduced to preserve NCD of faultless drivers and ensure protection for victims when the at fault party is unlicensed? Responsible motorists who pay

Even when the motorcyclist is clearly at fault, the financial burden falls on the car owner. The situation is further compounded when the motorcyclist sustains bodily injuries, as such claims are commonly directed to the car owner’s policy, again leading to the loss of NCD despite the car owner bearing no fault. Similarly, in accidents involving unlicensed drivers, insurers often reject claims entirely, leaving innocent parties without recourse even when the vehicle driven by the unlicensed individual is covered by a valid

framework that unfairly penalises car owners who are not at fault in accidents involving motorcycles or unlicensed drivers. Currently, when a motorcycle causes damage, car owners are unable to claim repair costs from the motorcyclist’s insurer due to the low sum insured. This leaves car owners with little choice but to pay out of pocket or claim under their own policy, resulting in the loss of no-claim discount (NCD).