Professional Documents
Culture Documents
1.0
INTRODUCTION
Most people are using the internet in their everyday life. People are using the
internet to make business transactions, buy goods and services, used as the
communication tools, get the latest news and also searching for the information.
Internet becomes the tools which are part of the human life. The internet brings
the easiness to its user as it makes thing more efficient. In a more specific term,
the internet is a communication protocol that is some sort of language used by
the computers for certain usage, such as to communicate with each other which
is called TCP/IP. This kind of language makes the computers able to send a good
quality of data to another computer (Stringer, n.d.). In other words, the internet
is really interactive way of communications that will enabled people to
communicate in very instant and in a short time (Bargh & Mckenna, 2004). The
results shown that over 600 million people had the accessed to internet
worldwide in 2002 (Manasian 2003 cited in Bargh & Mckenna 2004). Internet also
had been used as a medium to make ease for searching the information and
data, as a medium of advertising for the businesses, internet banking, ecommerce transaction and also tools of entertainment.
With all this positive impact, there are some negative sides of it such as
pornography, illegal downloads and also data privacy breaching that will affect
the users. It is true that the internet is the tools that enriched with advantages
but the users need to control it before it turns into a troublesome device. Todays
trends, university and colleges start to use the internet as the tools to deliver
their services. For example, KPTM itself is using the internet in their management
process such as online applications, assignments syllabus on the web, online
subject registration, payment and also information storage. These methods are
the new model in delivering the services and also a new development in the
education sector. This paper discussed and focuses directly on students personal
data privacy when they are using the online application on KPTM website.
The source from Symantec Internet Security Threat Report (2011) stated that
Education sector is the top three sectors that are at risk for data breaches as
there is possibility that the information given to the management will be
misused. The education institution has a huge responsibility in controlling the
breaches of data in order to protect the students information and to ensure
there is no violations towards the students by giving away their sensitive
information.
For any Malaysian based website, there should be privacy policies written on
websites to let the users know how much is their safety when surfing the internet
or using the services provided. But, there are certain companies do not apply this
policy in their websites and lead to the misused of data. In New Zealand, there is
a bill called information privacy Principle 3, which it will let the users know when
their information had been taken by the company. The matters will include; the
fact of collection, the purpose of collection, intended recipients of the
information, contact details of the company, is the information authorized and
required by law, the consequences and the peoples rights of access and
correction of information (Chung & Paynter, 2002). Malaysian Government starts
to implement the act into the Malaysian bill to protect the citizens information
privacy. In Malaysia, the PDPA 2010 has been introduced which is Personal Data
Protection Act 2010 and the law is associated with Communications and
Multimedia Act (CMA) 1998as reported in The Star Online (2012) by Datuk Seri
Rais Yatim.PDPA 2010 is being set up to regulate the procedures of personal
2
Project Objectives
The researcher thought on this issue is Are there any privacy violation on
student personal information when they are using the online application? Thus,
the objectives of this research are:
i) To investigate the two specific concerns of privacy which are unauthorized
secondary use of data and invasion of data.
ii) To identify the level of awareness and concerns of KPTM Bangis students
regarding their privacy when using the online application.
1.2
Project Scope
The scope of this research is to investigate the privacy concerns in using the
online application through the KPTMs website. The research has been executed
in KPTM Bangi and the respondents are the students themselves including the
students from Pre-Diploma, Diploma and also Bachelor Degree level. Other than
that, the human resource staff also will be one of the respondents during the
project paper documentation. The total number of valid sampling is 100
respondents.
2.0
LITERATURE REVIEW
time, the privacy issue has formed and it has its own evolution. Table below
shows the evolution of information privacy.
Table 1: Evolution of Information Privacy Concept Following the Evolution of IT
(et.al Smith 2011, adapted from Westin 2003)
Period
Privacy Baseline
1945-1960
First Era of Contemporary
Privacy Development
1961-1979
Second Era
Development
1980-1989
Third
Era
Development
1990-Present
of
of
Privacy
Privacy
Characteristic
Limited information technology developments, high
public trust in government and business sector, and
general comfort with the information collection.
Rise of information privacy as an explicit social, political
and legal issue. Early recognition of potential darksides
of the new technologies (Brenton, 1964) formulation
of the Fair Information Practices (FIP) Framework and
establishing
government
regulatory
mechanisms
established such as the Privacy Act 1974.
Rise of computer and network systems ,database
capabilities, federal legislation, design to channel the
new technologies into FIP, including the Privacy
Protection Act 1984. European nations move to national
data protection laws for both the private and public
sectors.
Rise of the Internet, Web 2.0 and the terrorist attack of
9/11/2001 dramatically changed the
landscape of
information exchange. Reported privacy concerns rose
to new highs.
50%
Big Business
50%
Small-medium Business
18%
Small
Business
1-2,500
EMPLOYEES
2,500+
The statistic shows on Figure 3.2 above that the attackers have their own
targeted people in getting the information the consumers information.
Sometimes, people are not realized that their personal space being invade by
this irresponsible party.
2.1
Any proceedings for any offence committed by him or any sentence of any court in
the proceedings.
Those acts are mostly interpreting the same meanings of data protection. The
main purpose of the act is to watch over the crisis of information privacy breach.
The goodness of the implementing the act is helping the public to have a general
knowledge about the privacy breach and guiding the people if they become one
of the victims in the future.
According to the Office of the Information and Data Protection Commissioner,
Malta, there are nine principles of good information handling which are:
Lately, the government has launch the bill of privacy protection and the
institutions involve is Ministry of Science, Technology and Innovation. Through
details investigation, the government has come out with one initiative to solve
the problems of data privacy in conjunction with the establishment of National
Cyber Security Technology Roadmap. There are 22 organizations including
MIMOS that cooperate together in searching for the solutions. Malaysias
commitment in solving ICT problem has become priority as the cyber world is
highly exposed to the cyber threats and attacks. As we know, with cyber world
we are able to achieve anything we needed in just a blink of eyes with only using
a single click. But, to protect the users from the threats, it is highly difficult thing
to handle.
Cyberspace is the place where the people connect with each other in world wide.
There are widely uses of the internet including e-commerce, e-banking, eshopping, communication, entertainment and government and military systems.
There is a report on Securing Malaysia Sovereignty in the Cyber World states that
there are three outlines of strategies to increase the value of e-Sovereignty
which are:
i) Self-prevention To keep maintaining the originality of identity and the sovereignty of the
nation state.
ii) Projection Enhancing the use of ICT to promote image of Malaysia towards enhancing the
reputation and influence.
iii) Protection To upgrades the security of National Information Infrastructure (NII).
The governments initiative in protecting the privacy should be continuously
execute in order to protect the nation and citizens the right of privacy and
enforce the rules of protecting personal information rights.Figure 3.3 below
shows the roadmap planning process that the Ministry of Science, Technology
and Innovation work out to improve the cyber security in Malaysia.
Identify Issues
and Needs
Identify &
Prioritize Key
Technology
Areas
Objective - To identify
- To identify andprioritize key
issues and
technology
needs among
areas of
academics,
focus and
research
R&D
organizations,
policy makers
and industry
- Determine
players
underlying
Process - Validate the Self
technologies and
and the R&D
Reliance
Activities
components
Framework
that address
the issues
- Identify issues
and response
and responses
in each
in each
Critical
Critical
Service
Service
- Assess the
technology
Breakout
potential/risk
Session 1
and rank the
R&D
components within the
Breakout
critical
Session 2
service
From Working
Groups &
Develop
Roadmap
From
Research
Cluster
Execute
Action
Plan
The bill regarding the personal data protection has been established in Malaysia.
The bill perhaps could overcome the problems regarding the data protection. As
stated in the Bill, the Act applies to anyone who processes and any person who
has control over or authorities the processing of any personal data respect of
commercial transactions but this Act shall not apply to the Federal Government
and State Governments and shall not apply to any personal data is intended to
be further processed in Malaysia. The organizations should follow the act stated
in the bill to ensure the information is safely stored and not being revealed to
others. Here are the principles of Personal Data Protection. According to Personal
Data Principles, Part II, Division 1, subsection 1:
g) Access Principle
The data subject must be given the opportunity to access and re-correct their
personal data.
Anyone or any organization who is found commiting the offence will be
fined up to but not exceeding three hundred thousand ringgit and shall be
10
locked up not exceeding more than two years or both. According to the
principle, only the government and authorities are freely to access the
citizens information in case if there any investigation that needs the
government to view the personal information. But, the access of data
should be free from any misused and do not let anyone who do not have
the authorization to access it. Personal Data Protection Act 2010 (PDPA)
Bill should be implemented to all organizations including government and
private sector. The organization should be considered to look closer into
this privacy matter. Everyone needs their own privacy and have the rights
to be protected from the privacy attacks. The focus of this paper is about
students privacy and their data protection and isthere any student aware
about their information privacy. The puzzle needs to be solved to clearly
understand the situations.
3.0
METHODOLOGY
In this paper, the exploratory studies were chosen to execute the research. In the
exploratory studies, may be accomplished through qualitative or quantitative
research but in this research paper, quantitative research was used in collecting
the data and findings. To have a deep understanding in designing the research,
Figure 4.1 below illustration the research design.
Proposal Approved
Sampling Design
Hundred respondents in KPTM Bangi
Instrument Development
In completing the research, there are several methods in gathering the data
which are distribution of questionnaire, conduct an interview and also referring to
previous journals and research papers.
3.1.1 Questionnaire
The questionnaires are being contributes to the sampling which is the
students in KPTM Bangi and total number of sampling for this research is
11
one hundred and fifty but only one hundred questionnaires that has been
select as it is accurate and reliable to be analyse. The framework of
questionnaire is divided into three parts which is Part A (the profile of
respondents), Part B (questions about privacy in KPTM website) and Part C
(respondent perception on general issues in privacy). The method used to
produce the result is by using Microsoft Excel.
3.1.2 Interview
The second method is by collecting the primary data from the respondent.
(KPTM Headquarters Staff). The method of the interview is by structured
interviews where the questions are based on the set of questions that
were prepared and the interview session was been done with staff of KPTM
Bangi.
4.0
FINDINGS
From the method above, the researcher collect the data and the findings are as
follows:
2%
Yes
No
98%
12
Figure 5: Level of usage of the online application to apply for the courses in KPTM
The pie chart above figure out the number of respondents who use the online
application in KPTM website to apply for the courses in KPTM. 95% of them used
the online application while there are only 5% from them are not using it. There
are high number of respondents who use the online application because it is a
requirement for the applicants to use the online application for anybody who
wants to apply for the courses in KPTM. There is a small portion of 5% who do not
use the online application because probably they are register through walk in
registration at any KPTM branches.
Level of Trust on Privacy
26%
Yes
74%
No
Figure 6: Level of Trust on Privacy when using online application in KPTM Website
74% of repondents says they have trust on the online application when using it.
In contrast, only 26% says that they do not have trust on the online application.
There is a high percentage of people who concerns about their privacy compare
to says who do not trust on it. What we can assume here is that people
nowadays including students starts to realize about the privacy and their level of
awareness on privacy is high. From 26% who says no, 80.8% of respondents says
the reason they do not have trust on online application is that there will be a
misused of information while 19.2% do not trust on online application because of
privacy breach. To conclude, both answers are lead to negative issue that shows
the reason why people do not trust on online application.
The questionaire also asked about the safety of data stored when using the
online application. From 100 respondents, 73% says yes to the question where
they have confidence that their information that has been given to the college
13
are safely stored without being misused. On the contrary, only 27% of them feels
that their information will not be safely stored by the college. To summarize, the
proportion of respondents who have trust is much higher than the respondents
who do not have trust on the application. The results can be state as positive as
the percentage of trust is much higher than not. It shows that the respondents
believe in the application eventhough the respondents possess high level of
concerns which is about 98%. Further in the questionaire, when asked about
what is the respondents expectation whether the information given during filling
the online application form is being sell to the other party. There are 72% of
respondents says no to the question and they believe that their information are
not being sell to the other party. While only 28% feels that their information will
not be safely keep and will be sell to the other party for college own profit.
Lastly, the questions 13 to 18 in the questionaire where it is discussed about the
respondent perception on general issues in privacy which include:
Importance of taking serious on violation of privacy
Bad consequences
Insurance coverage
The findings show that high percentage of respondent states, they are strongly
agree that:
People should take this privacy matter seriously.
People will be physically and emotionally affected if their data are being
violated by the irresponsible person.
Interview Result
The interview has been carried out at KPTM Bangi. The person that has been
interviewed was Assistant Director of Student Record Admission Unit. The results
are as follows:
1) Right after the new applicant submit their application through online application, it will be
processed and the college will issue the offer letter to the successful applicants. All the
14
personal record of the applicant will be stored using the computer system and also by
student personal files. Those files will be stored in the student records room.
2) The college has provided the privacy policy that guaranteed the safety of personal
information given to the college.
3) According to Personal Data Protection 2010 (PDPA 2010), KPTM itself has to follow the
rules endorsed by the government. The college management provide the privacy policy
on teh website.
4) There are no outsiders or any organization that come and asked for the students
information. In case there is any request of it, they need to provide a concrete motive
and also an official letter and submit to the Student Record Admission Unit. Then, it will
be bringing to the Director of KPTM to be evaluated and approval. However, until now
there is no situation like that seems to be occurrence in KPTM.
5) There is no possibility for any leakage of information as only staffs in charge of the
record unit are given the privileges to access the students record and it is legal as it is
an official duty to manage the students record. If there is any leakage of information, it
will be detected by staff ID number as they need to key in their ID number before
accessing the system.
The result seems to be positive as the management of KPTM follow the standard
of regulation to protect their students personal information.
5.0
RECOMMENDATION
The results has been identified clearly based on the findings that can be refer at
data analysis in chapter 5 of the research. It has been identified that KPTM has
followed the rules of protecting the students personal information and has its
own privacy policy regarding this matter. The level of students awareness also
has been discovered through the answers from questionnaires distributed to the
respondents. Here are several recommendations that may help the management
of KPTM and also the students itself to strengthen the protection of information
privacy and also to educate the students on the mportant of information safety
and how to protect it.
First of all, put a limitation on the amount of data collected to minimize the data
losses. The reason why the researcher proposing this because when less
information that collected from the students, the possibility of losing the
sensitive personal information is decreasing.
Next, ensure that education institution implement and execute the personal data
security practices. The more the organization practice the policy, the higher of
awareness that the organization will get to realized the importance of protecting
the personal information.
Thirdly, to train the employees in the organization regarding the policy of
personal information protection. The organization must train their employees on
the important of shielding up the students information privacy.
Next, the government also should play the role in making sure that the
information privacy is being protected. Besides endorsing the Personal Data
Protection Act 2010, maybe they can educate the public on how to protect their
15
information. For example, the student may ask for the copy of policy or any
written document that states the law on right of accessing the students
information by the college or the third-party. This may avoid the other party from
taking the information at will and to ensure there are no privacy breaching.
Lastly, the adoption of FERPA law (Family Educational Rights and Privacy Act).
The education institution may adopt FERPA law to ensure that the students
information is safe. Besides depending on our PDPA 2010 that protects the
personal information of public, perhaps the organization could adopt the FERPA
law that created particularly for education institution. Here are some of the
example of that law which are:
- The students have right to block any other access from outside school system but
with some exemption.
6.0
Lately, the information privacy has become a priority issue that has been
discussed all over the world including Malaysia. The government has regard this
issue as an important matter that should be solved to ensure the privacy of its
resident. There are many cases occur all over the world that related to the
information privacy breaching and the number of cases in Malaysia also is
increasing. We may look at the cases such as Celcom Axiata, a woman has sued
the company as she claims that her information privacy has been breached by
the company but unfortunately it failed to disclose the concrete evidence.
Besides that, there is an advertisement in the newspaper states that they have a
list of people personal information and it is on sale. This shows that selling the
personal data has become a profitable business. The selling of personal data is
the easiest way to get profit. Many business firms out there do want other people
personal information as they may use it to promote their products through email,
messages and phone call. The space of privacy will be affected because of this
illegal This is the right time for the government to endorsed the law that protect
the personal data. Personal Data Protection Act 2010 is the best way to
decrease the number of this illegal activity. As a human being, we need our own
spaces and no one is allowed to ruin it. The act states that anyone who convict
the crime of selling the personal data will be fine to RM300,000 and
imprisonment for not exceeding 2 years or both. Perhaps this solution will solve
the crime of personal information trading
The result from the research finding shows that KPTM has its own privacy policy
regarding this matter and follow the rules and regulations on protecting their
students personal data. The results was gathered by interviewing the person
who in charge in students record unit and the research also managed to get the
result in level of awareness and concerns of KPTM Bangis students regarding this
matter of information privacy. The questions regarding the privacy issues in
KPTM has been answered through the questionnaire distributed to the students
and also the interviewed session held with the staff of KPTM Bangi. This
achievement will be worked out in the future in order to develop better
protection of students information.
In the future, a further studies of this research can be execute to have deeper
understanding and future upgrading and changes. Perhaps more research study
16
and development can be carry out to make improvement for all colleges and
universities all over Malaysia including KPTM. For example, the research on the
privacy protection of students, how to review the effectiveness of education
institution in protecting the students information and other issues that related to
the information privacy.
REFERENCES
Anon (2009) Lexis Nexis Warns 32,000 People About Data Breach. The Star
Online
[online]
2
May.
Available
from
<http://biz.thestar.com.my/news/story.asp?
file=/2009/s/2/business/20090502122749&see=business [9 April 2013]
Azmi, Ida Madiha (2002) E-commerce and Privacy Issues: An Analysis of the
Personal Data Protection Bill. BILETA Annual Conference, 1-2
Bargh, John. A, McKenna, Katelyn Y.A (2004) The Internet and Social Life.
Annu.Rev.Psychol, 573-577
Belanger, F., Crossler, Rober E. (2011) Privacy in the Digital Age: A Review of
Information
Privacy
Research
in
Information
Systems.
MIS Quaterly Vol.35 (4), 1017
Brown, M., Muchira, R. (2004) Investigating the Relationship Between Internet
Privacy Concerns and Online Purchase Behavior. Journal of Electronic
Commerce Research (1), 62-65
Boschini, A., Muren, A., Persson, M. (2011) Men Among Men Do Not Take Norm
Enforcement Seriously [online] The Journal of Socio-Economics.Vol.40 (5),
523-529.
Stockholm
University.<http://www.sciencedirect.com/science/article/pii/S105352571100
0321> [24 July 2013]
Clarke, J., Beebe, N., Williams, K., Shepherd, L. (2009) Security and Privacy
Governance: Criteria for Systems Design. Journal of Information Privacy and
Security (5:4), 3-30. cited in Belanger, F., Crossler, Rober E. (2011) Privacy in the
Digital Age: A Review of Information Privacy Research in Information Systems.
MIS Quaterly Vol.35 (4), 1018
Chung, W., Paynter, J. (2002) Privacy Issues on the Internet.
35th Hawaii International Conference System Sciences, 1-4
CNNMoney (2011) Your Phone Company is Selling Your Personal Data [online]
available
from
<http://money.cnn.com/2011/11/01/technology/verizon_att_sprint_tmobile_pr
ivacy/index.htm> [15 May 2013]
Datuk Seri Dr.Rais Yatim (2012) Protectin Your Personal Data. The Star Online
[online] 12 February. available from <http://thestar.com.my/news/story.asp?
file=/2012/2/12/nation/10716006&sec=nation> [12 March 2013]
Devon County Council (n.d) What is Personal Data [online] available from
<http://www.devon.gov.uk/personaldata> [17 April 2013]
Equifax, Harris (1994) Equifax-Harris Consumer Privacy Survey. Equifax
Corporate Marketing Department. cited in Ferrell, E., Phelps, J., Nowak, G.
(2000) Privacy Concerns and Consumer Willingness to Provide Personal
Information.
Spring Vol.19 (1), 27
Hassan, Kamal Halili (2011) Personal Data Protection in the Business of Higher
Education: Malaysian Law International Conference on Sociality and
Economics Development, 53-57
Habib, Shahaanaz (2011) Personal Data Still Open to Abuse. The Star Online
[online] 16 October. Available from <http://thestar.com.my/new/story.asp?
file=/2011/10/16/nation/9707673&see=nation [12 March 2013]
17
18