THE PRIVACY CONCERNS OF KPTM BANGIS STUDENTS REGARDING THE

ONLINE APPLICATION IN KPTM WEBSITE

Muhammad Faheem Bin Hassan
bonzer1709@gmail.com
Hasnira binti Md Lazim
Pensyarah Sains Komputer
Jabatan Matematik dan Sains Komputer
hasnira@gapps.kptm.edu.my
Abstract
Information privacy is very important to be preserved as it contains peoples
private and very a sensitive information. Thus, the study will reveal the level of
awareness of students in KPTM Bangi regarding their information privacy when
using the online application on KPTM official website. The sampling of the project
is the students of KPTM Bangi and the sampling ranges from 100 to 150 number
of respondents. The methodology used in this research paper is by distributing
questionnaire, interview and also through journals from previous study. There
are two main objectives of this research. First one, is to investigate two specific
concerns of privacy which are unauthorized secondary use of data and invasion
of data. The second objective is to investigate the level of awareness and
concerns of KPTM Bangis students regarding their privacy when using the online
application. The results of this research will contribute to changes and upgrading
the data security of the KPTM website in the future.
Keyword: Data Privacy, Information Privacy, Personal Data Protection Act
Abstrak
Kerahsiaan maklumat adalah sangat penting untuk dikekalkan kerana ia
mengandungi maklumat peribadi dan sensitif pengguna. Oleh itu , kajian ini akan
mendedahkan tahap kesedaran pelajar dalam KPTM Bangi mengenai privasi
maklumat mereka apabila menggunakan aplikasi dalam talian di laman web
rasmi KPTM. Persampelan untuk projek ini terdiri daripada pelajar-pelajar KPTM
Bangi dan persampelan adalah di antara 100 hingga 150 bilangan responden.
Kaedah yang digunakan dalam kertas penyelidikan ini adalah dengan
pengedaran borang soal selidik, temubual dan melalui jurnal daripada kajian
sebelumnya. Terdapat dua objektif utama kajian ini iaitu yang pertama, adalah
untuk menyiasat dua kebimbangan tentang privasi iaitu penggunaan data yang
tidak dibenarkan dan pencerobohan data. Objektif kedua ialah untuk menyiasat
tahap kesedaran dan kebimbangan pelajar KPTM Bangi ini mengenai privasi
mereka apabila menggunakan permohonan atas talian di laman web KPTM . Hasil
kajian ini akan menyumbang kepada perubahan dan menaik taraf keselamatan
data di dalam laman web KPTM di masa depan.
Kata kunci: Privasi Data, Privasi maklumat, Akta Perlindungan Data Peribadi

1.0

INTRODUCTION
Most people are using the internet in their everyday life. People are using the
internet to make business transactions, buy goods and services, used as the
communication tools, get the latest news and also searching for the information.
Internet becomes the tools which are part of the human life. The internet brings
the easiness to its user as it makes thing more efficient. In a more specific term,
the internet is a communication protocol that is some sort of language used by
the computers for certain usage, such as to communicate with each other which
is called TCP/IP. This kind of language makes the computers able to send a good
quality of data to another computer (Stringer, n.d.). In other words, the internet
is really interactive way of communications that will enabled people to
communicate in very instant and in a short time (Bargh & Mckenna, 2004). The
results shown that over 600 million people had the accessed to internet
worldwide in 2002 (Manasian 2003 cited in Bargh & Mckenna 2004). Internet also
had been used as a medium to make ease for searching the information and
data, as a medium of advertising for the businesses, internet banking, ecommerce transaction and also tools of entertainment.
With all this positive impact, there are some negative sides of it such as
pornography, illegal downloads and also data privacy breaching that will affect
the users. It is true that the internet is the tools that enriched with advantages
but the users need to control it before it turns into a troublesome device. Todays
trends, university and colleges start to use the internet as the tools to deliver
their services. For example, KPTM itself is using the internet in their management
process such as online applications, assignments syllabus on the web, online
subject registration, payment and also information storage. These methods are
the new model in delivering the services and also a new development in the
education sector. This paper discussed and focuses directly on students personal
data privacy when they are using the online application on KPTM website.
The source from Symantec Internet Security Threat Report (2011) stated that
Education sector is the top three sectors that are at risk for data breaches as
there is possibility that the information given to the management will be
misused. The education institution has a huge responsibility in controlling the
breaches of data in order to protect the students information and to ensure
there is no violations towards the students by giving away their sensitive
information.
For any Malaysian based website, there should be privacy policies written on
websites to let the users know how much is their safety when surfing the internet
or using the services provided. But, there are certain companies do not apply this
policy in their websites and lead to the misused of data. In New Zealand, there is
a bill called information privacy Principle 3, which it will let the users know when
their information had been taken by the company. The matters will include; the
fact of collection, the purpose of collection, intended recipients of the
information, contact details of the company, is the information authorized and
required by law, the consequences and the peoples rights of access and
correction of information (Chung & Paynter, 2002). Malaysian Government starts
to implement the act into the Malaysian bill to protect the citizens information
privacy. In Malaysia, the PDPA 2010 has been introduced which is Personal Data
Protection Act 2010 and the law is associated with Communications and
Multimedia Act (CMA) 1998as reported in The Star Online (2012) by Datuk Seri
Rais Yatim.PDPA 2010 is being set up to regulate the procedures of personal
2

information processing within the commercial transactions and the universities

and colleges should closely examine and adapting that ethic to ensure the
students personal information is being well keep without falling into the
irresponsible party.It is a must for every firms and
1.1

Project Objectives

The researcher thought on this issue is Are there any privacy violation on
student personal information when they are using the online application? Thus,
the objectives of this research are:
i) To investigate the two specific concerns of privacy which are unauthorized
secondary use of data and invasion of data.
ii) To identify the level of awareness and concerns of KPTM Bangis students
regarding their privacy when using the online application.
1.2

Project Scope

The scope of this research is to investigate the privacy concerns in using the
online application through the KPTMs website. The research has been executed
in KPTM Bangi and the respondents are the students themselves including the
students from Pre-Diploma, Diploma and also Bachelor Degree level. Other than
that, the human resource staff also will be one of the respondents during the
project paper documentation. The total number of valid sampling is 100
respondents.

2.0

LITERATURE REVIEW

Personal data is very important and it needs to be keep as confidential. Everyone

should possess the right of privacy. Privacy can be interpreted in variety of
meaning. Privacy is a moral right or legal right (Clarke 1999 cited in Belanger
and Crossler 2011). This right of privacy need to be protected as well as it is
everyones right to possess it. This privacy concerns do not only involve with
Malaysian people, but all over the world. In America, it was found that most
citizens are likely concerns to their privacy (Equifax and Harris 1995 cited in
Ferrel et al 2000). As stated by Mason (1986), the increasing of information
usage nowadays leads the people to four basic major concerns which are
privacy, accuracy, property and accessibility (PAPA) (Belanger and Crossler,
2011). The breaching of the privacy will abuse the person who involves with it. It
may harm people through emotional disruption as they put their trust hand over
his personal information to firm or organization but the information easily fall
down to the other hand.
Nowadays, the privacy concerns becomes priority and being consider as
something that need to be prioritized. For example, Malaysia itself faced the
problems of information privacy breaching as the personal information of
themselves has been easily get from institution such as banks. People usually
received a phone calls, email and text messages which offering the services or
products and it is definitely cross the border of privacy. As reported in The Star
Online, LexisNexis online information service told the public as their personal
information will be breach through credit card fraud (Anon 2009). This shows that
information privacy violations can be arise in many ways. Thus, the personal
data privacy must be protected well by the organizations involved. Theres been
a case in 2010, a woman sued the Celcom Company as she claims that the
company was breaching her privacy by recording her phone conversations and
messages and revealed to the third party. In the end, the court rejected the case
as she failed to provide the proved (Mageswari, 2012). For extra information,
Celcom has its own Protection of Consumer Information Policy and it will protect
their customer information.
This shows that information privacy breaching is highly illegal and should be
seen as crime. Another issues reported in The Star Online, Professor Abu Bakar
Munir from University Malaya states, there have been a number of cases where
the banks claims in their policy that the customers information is one of their
property. The bank have right to use, copy, publish and transmit the personal
data freely (Habib, 2012). But, the government has fully launched the law
regarding this privacy issues and they told every organizations including banks,
hospitals, and telecommunication services to get prepared for the law
implementation.
In year 2009, another case in Malaysia, the Malaysian famous newspaper The
Star manage to get a 1000 list of contacts from a advertisement and the cost of
buying those contact name is RM100 for 1000 contacts. The list contain name,
address, type of credit card used and also the address of workplace. (Loh and
Bedi 2009). Those information was obtain from local banks and also
telecommunication company in Malaysia.
The information privacy has become the one of the main issue that has been
discussed by professional to solve the problems face by the public. From time to
4

time, the privacy issue has formed and it has its own evolution. Table below
shows the evolution of information privacy.
Table 1: Evolution of Information Privacy Concept Following the Evolution of IT
(et.al Smith 2011, adapted from Westin 2003)
Period
Privacy Baseline
1945-1960
First Era of Contemporary
Privacy Development
1961-1979

Second Era
Development
1980-1989
Third
Era
Development
1990-Present

of

of

Privacy

Privacy

Characteristic
Limited information technology developments, high
public trust in government and business sector, and
general comfort with the information collection.
Rise of information privacy as an explicit social, political
and legal issue. Early recognition of potential darksides
of the new technologies (Brenton, 1964) formulation
of the Fair Information Practices (FIP) Framework and
establishing
government
regulatory
mechanisms
established such as the Privacy Act 1974.
Rise of computer and network systems ,database
capabilities, federal legislation, design to channel the
new technologies into FIP, including the Privacy
Protection Act 1984. European nations move to national
data protection laws for both the private and public
sectors.
Rise of the Internet, Web 2.0 and the terrorist attack of
9/11/2001 dramatically changed the
landscape of
information exchange. Reported privacy concerns rose
to new highs.

According to Personal Data Protection Department (JPDP), there is total number

of 250,000 data users and it is divided into 12 sectors including health,
communication, insurance, banking, education and last but not least directs
selling. The initiative of personal data protection legislation is the best way to
protect the public from the breaching of data privacy.

50%
Big Business

50%

42% of mailboxes targeted for attack are

high-levels executives, senior managers
and people in R&D

Small-medium Business

18%
Small
Business

1-2,500

EMPLOYEES

2,500+

Figure 1: Symantec Internet Security Threat (Internet Security Threat Report,

Vol.17)

The statistic shows on Figure 3.2 above that the attackers have their own
targeted people in getting the information the consumers information.
Sometimes, people are not realized that their personal space being invade by
this irresponsible party.

2.1

Personal Data in View of Act

Personal data protection act is a regulation where the information of privacy is

being protect and there is a particular department which its authority is to
regulates and be an executioner regarding the information privacy manner. In
this sub topic, there will be a discussion on the interpretation of the personal
data in the view of act of Personal Data Protection which is being practiced by
the particular department in another country besides Malaysia. According to
Data Protection Act 1988, Ireland:
personal data means data relating to a living individual who can
identified either from the data or from the data conjunction with other
information in the possession of the data controller;(HC 1988:14)
Other than that, Singapore Personal Data Protection Act 2012, Part I, mentioned
that;
personal data means data, whether true or not, about an individual who
can identified(a) from that data; or
(b) from that data and other information to which the organization is likely to have
access;(HC 2012:9)
In United Kingdom Data Protection Act 1998, the act defines the personal data
as;
Data which relate to a living individual who can be identified(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to
come into the possession of, the data controller and includes any expression of
opinion about the individual and any indication of the intentions of the data
controller or any other person in the respect of the individual. (Devon County
Council n.d)
Apart from that, the United Kingdom Data Protection Act 1998 also provides a
special act named Sensitive Personal Data which states that information of a
person as very confidential and must not be revealed such as:

The racial or ethnic of the data subject.

The political opinions of the data subject.
His or her religious belief or other beliefs.
Whether he or she is the member of trade union.
His medical matter including physical or mental health.
Sexual life of the data subject.
The commission or alleged commission by him of any offence; or
6

Any proceedings for any offence committed by him or any sentence of any court in
the proceedings.

Those acts are mostly interpreting the same meanings of data protection. The
main purpose of the act is to watch over the crisis of information privacy breach.
The goodness of the implementing the act is helping the public to have a general
knowledge about the privacy breach and guiding the people if they become one
of the victims in the future.
According to the Office of the Information and Data Protection Commissioner,
Malta, there are nine principles of good information handling which are:

The personal data must be processed legitimately and lawfully.

The personal data should be processed with good practice.
The personal data collected must be collect for specific, clearly stated and honestly
purposes.
The personal data must be processed according to the purpose of data collecting.
The data must be processed in acceptable and relevant to the purposes of data
collecting.
The data must not be processed more than necessary of the purposes.
The personal data must be correct and up to date.
All reasonable measures of data that are taken to complete, obstruct or erase, having
respect to the purposes of the data taken to being processed.
The period of keeping the data must not be longer than the necessary time.

Lately, the government has launch the bill of privacy protection and the
institutions involve is Ministry of Science, Technology and Innovation. Through
details investigation, the government has come out with one initiative to solve
the problems of data privacy in conjunction with the establishment of National
Cyber Security Technology Roadmap. There are 22 organizations including
MIMOS that cooperate together in searching for the solutions. Malaysias
commitment in solving ICT problem has become priority as the cyber world is
highly exposed to the cyber threats and attacks. As we know, with cyber world
we are able to achieve anything we needed in just a blink of eyes with only using
a single click. But, to protect the users from the threats, it is highly difficult thing
to handle.
Cyberspace is the place where the people connect with each other in world wide.
There are widely uses of the internet including e-commerce, e-banking, eshopping, communication, entertainment and government and military systems.
There is a report on Securing Malaysia Sovereignty in the Cyber World states that
there are three outlines of strategies to increase the value of e-Sovereignty
which are:
i) Self-prevention To keep maintaining the originality of identity and the sovereignty of the
nation state.
ii) Projection Enhancing the use of ICT to promote image of Malaysia towards enhancing the
reputation and influence.
iii) Protection To upgrades the security of National Information Infrastructure (NII).
The governments initiative in protecting the privacy should be continuously
execute in order to protect the nation and citizens the right of privacy and
enforce the rules of protecting personal information rights.Figure 3.3 below

shows the roadmap planning process that the Ministry of Science, Technology
and Innovation work out to improve the cyber security in Malaysia.

Roadmap Planning and Development

Roadmap Implementation

Identify Issues
and Needs

Identify &
Prioritize Key
Technology
Areas

Objective - To identify
- To identify andprioritize key
issues and
technology
needs among
areas of
academics,
focus and
research
R&D
organizations,
policy makers
and industry
- Determine
players
underlying
Process - Validate the Self
technologies and
and the R&D
Reliance
Activities
components
Framework
that address
the issues
- Identify issues
and response
and responses
in each
in each
Critical
Critical
Service
Service
- Assess the
technology
Breakout
potential/risk
Session 1
and rank the
R&D
components within the
Breakout
critical
Session 2
service

From Working
Groups &
Develop
Roadmap

From
Research
Cluster

Execute
Action
Plan

To integrate - To collaborate ideas- To integrate

and competencies
roadmap
roadmap
in clusters among
action plan
action plan
researchers,
depicting time
depicting
technologist,
frame and
time frame
policy makers and
deliverables
and
industry experts
deliverables
- Arrange meetings to
discuss potential - Develop project
Form Working
project
Group for
plan and
collaboration
each critical
agree on roles
based on the
service where
and
endorsed roadmap
interested
responsibiliti
members can - Develop project
es for each
proposal for
sign up
collaborator
approval and
Agree on the
- Regular review
funding by GoM ;
goals, impact,
of project
or seek funding
technology
status and
from collaborators
areas, possible
deliverables
projects, time- Sign collaboration - Set up project
agreement
frame and
website for
action plan
communicati
Each group to
on and
develop their
collaboration
respective
with
section of the
members
roadmap

Figure 2: The Roadmap Planning Process (MOSTI, 2011)

2.2

Personal Data Protection Act 2010 (PDPA 2010)

The bill regarding the personal data protection has been established in Malaysia.
The bill perhaps could overcome the problems regarding the data protection. As
stated in the Bill, the Act applies to anyone who processes and any person who
has control over or authorities the processing of any personal data respect of
commercial transactions but this Act shall not apply to the Federal Government
and State Governments and shall not apply to any personal data is intended to
be further processed in Malaysia. The organizations should follow the act stated
in the bill to ensure the information is safely stored and not being revealed to
others. Here are the principles of Personal Data Protection. According to Personal
Data Principles, Part II, Division 1, subsection 1:

(1) The processing of personal data by a data user shall be in

compliance with the following Personal Data Protection Principles,
namely(a) The General Principle;
(b) The Notice and Choice Principle;
(c) The Disclosure Principle;
(d) The Security Principle;
(e) The Retention Principle;
(f) The Data Integrity Principle; and
(g) The Access Principle,
As set out in sections 6, 7, 8, 9, 10, 11 and 12.
(2) Subject to sections 45, 46, a data user who contravenes subsection (1)
commits and offence and shall, on conviction, be liable to a fine not
exceeding three hundred thousand ringgit or to imprisonment for a
term not exceeding two years or both.
2.2.1 Data Protection Principles
a) General Principle
The permission of data subject (person who give the personal
information) is the basic element. The data subject, he or she must
give the permission to the data user (person who process the personal
information) to process his or her personal data.
b) Notice and Choice Principle
Before the data user processed the personal information of data subject, the
data subject must be given the notice to the data subject. The purpose is to
inform the data subject about the processes do by the data user. Apart from that,
the data subject must be given the authority to put a limitation in extent his or her
personal data.
c) Disclosure Principle
The personal data should not be revealed to the other party without permission
from the data subject.
d) Security Principle
To ensure the personal data is secured, the data user must protect the
data during the data processing to avoid from misused, destroyed or
accidentally accessed.
e) Retention Principle
The personal data must not be keep longer than regulated time.
f)

Data Integrity Principle

The personal data must be precise, complete, deceptive and always up-to-date.

g) Access Principle
The data subject must be given the opportunity to access and re-correct their
personal data.
Anyone or any organization who is found commiting the offence will be
fined up to but not exceeding three hundred thousand ringgit and shall be
10

locked up not exceeding more than two years or both. According to the
principle, only the government and authorities are freely to access the
citizens information in case if there any investigation that needs the
government to view the personal information. But, the access of data
should be free from any misused and do not let anyone who do not have
the authorization to access it. Personal Data Protection Act 2010 (PDPA)
Bill should be implemented to all organizations including government and
private sector. The organization should be considered to look closer into
this privacy matter. Everyone needs their own privacy and have the rights
to be protected from the privacy attacks. The focus of this paper is about
students privacy and their data protection and isthere any student aware
about their information privacy. The puzzle needs to be solved to clearly
understand the situations.
3.0

METHODOLOGY

In this paper, the exploratory studies were chosen to execute the research. In the
exploratory studies, may be accomplished through qualitative or quantitative
research but in this research paper, quantitative research was used in collecting
the data and findings. To have a deep understanding in designing the research,
Figure 4.1 below illustration the research design.

Proposal Approved

Data Collection Design

Questionnaire
Interview
Field notes

Sampling Design
Hundred respondents in KPTM Bangi

Instrument Development

Data Collection & Preparation

Analyzing data collected
Produce graph and explanations

Figure 3: The Research Design Process (Business Research Method, 11 th Edition)

3.1

Data Collection Method and Instrument

In completing the research, there are several methods in gathering the data
which are distribution of questionnaire, conduct an interview and also referring to
previous journals and research papers.
3.1.1 Questionnaire
The questionnaires are being contributes to the sampling which is the
students in KPTM Bangi and total number of sampling for this research is
11

one hundred and fifty but only one hundred questionnaires that has been
select as it is accurate and reliable to be analyse. The framework of
questionnaire is divided into three parts which is Part A (the profile of
respondents), Part B (questions about privacy in KPTM website) and Part C
(respondent perception on general issues in privacy). The method used to
produce the result is by using Microsoft Excel.
3.1.2 Interview
The second method is by collecting the primary data from the respondent.
(KPTM Headquarters Staff). The method of the interview is by structured
interviews where the questions are based on the set of questions that
were prepared and the interview session was been done with staff of KPTM
Bangi.
4.0

FINDINGS

From the method above, the researcher collect the data and the findings are as
follows:

The level of concern

2%
Yes
No

98%

Figure 4: The level of concern about information privacy

The pie chart above show the percentage of respondents opinion about the
concerns in information privacy. 98% of the respondents states that they are
concerns about their information privacy while there is only 2% of them says that
they are not concerns about it. From 98 % that are concern in information
privacy, 41.8 percent are male respondents and 58.2 percent are female
respondents. It shows that male are not exactly care about this issue compare to
female. Different view from female respondents feedback, they are more
concerns regarding their information privacy issue. Overall, It can be assume
that in KPTM Bangi,the students and staff are more careful and aware about their
informationprivacy.

12

Level of usage (KPTM website)

5%
Yes
No
95%

Figure 5: Level of usage of the online application to apply for the courses in KPTM
The pie chart above figure out the number of respondents who use the online
application in KPTM website to apply for the courses in KPTM. 95% of them used
the online application while there are only 5% from them are not using it. There
are high number of respondents who use the online application because it is a
requirement for the applicants to use the online application for anybody who
wants to apply for the courses in KPTM. There is a small portion of 5% who do not
use the online application because probably they are register through walk in
registration at any KPTM branches.
Level of Trust on Privacy

26%

Yes
74%

No

Figure 6: Level of Trust on Privacy when using online application in KPTM Website
74% of repondents says they have trust on the online application when using it.
In contrast, only 26% says that they do not have trust on the online application.
There is a high percentage of people who concerns about their privacy compare
to says who do not trust on it. What we can assume here is that people
nowadays including students starts to realize about the privacy and their level of
awareness on privacy is high. From 26% who says no, 80.8% of respondents says
the reason they do not have trust on online application is that there will be a
misused of information while 19.2% do not trust on online application because of
privacy breach. To conclude, both answers are lead to negative issue that shows
the reason why people do not trust on online application.
The questionaire also asked about the safety of data stored when using the
online application. From 100 respondents, 73% says yes to the question where
they have confidence that their information that has been given to the college
13

are safely stored without being misused. On the contrary, only 27% of them feels
that their information will not be safely stored by the college. To summarize, the
proportion of respondents who have trust is much higher than the respondents
who do not have trust on the application. The results can be state as positive as
the percentage of trust is much higher than not. It shows that the respondents
believe in the application eventhough the respondents possess high level of
concerns which is about 98%. Further in the questionaire, when asked about
what is the respondents expectation whether the information given during filling
the online application form is being sell to the other party. There are 72% of
respondents says no to the question and they believe that their information are
not being sell to the other party. While only 28% feels that their information will
not be safely keep and will be sell to the other party for college own profit.
Lastly, the questions 13 to 18 in the questionaire where it is discussed about the
respondent perception on general issues in privacy which include:
Importance of taking serious on violation of privacy

Physical and emotional effect

Importance of protecting data

Bad consequences

Follow the obligation

Insurance coverage

The findings show that high percentage of respondent states, they are strongly
agree that:
People should take this privacy matter seriously.

People will be physically and emotionally affected if their data are being
violated by the irresponsible person.

The data of students should be completely protected by the education

institution all over Malaysia.

There will be very bad outcomes if the sensitive information being

violated.

All the education institution in Malaysia must follow the rules of

protecting their students information.

Students should get compensation such as insurance cover if there is any

leakage of information.
4.1

Interview Result

The interview has been carried out at KPTM Bangi. The person that has been
interviewed was Assistant Director of Student Record Admission Unit. The results
are as follows:
1) Right after the new applicant submit their application through online application, it will be
processed and the college will issue the offer letter to the successful applicants. All the
14

personal record of the applicant will be stored using the computer system and also by
student personal files. Those files will be stored in the student records room.
2) The college has provided the privacy policy that guaranteed the safety of personal
information given to the college.
3) According to Personal Data Protection 2010 (PDPA 2010), KPTM itself has to follow the
rules endorsed by the government. The college management provide the privacy policy
on teh website.
4) There are no outsiders or any organization that come and asked for the students
information. In case there is any request of it, they need to provide a concrete motive
and also an official letter and submit to the Student Record Admission Unit. Then, it will
be bringing to the Director of KPTM to be evaluated and approval. However, until now
there is no situation like that seems to be occurrence in KPTM.
5) There is no possibility for any leakage of information as only staffs in charge of the
record unit are given the privileges to access the students record and it is legal as it is
an official duty to manage the students record. If there is any leakage of information, it
will be detected by staff ID number as they need to key in their ID number before
accessing the system.
The result seems to be positive as the management of KPTM follow the standard
of regulation to protect their students personal information.
5.0

RECOMMENDATION

The results has been identified clearly based on the findings that can be refer at
data analysis in chapter 5 of the research. It has been identified that KPTM has
followed the rules of protecting the students personal information and has its
own privacy policy regarding this matter. The level of students awareness also
has been discovered through the answers from questionnaires distributed to the
respondents. Here are several recommendations that may help the management
of KPTM and also the students itself to strengthen the protection of information
privacy and also to educate the students on the mportant of information safety
and how to protect it.
First of all, put a limitation on the amount of data collected to minimize the data
losses. The reason why the researcher proposing this because when less
information that collected from the students, the possibility of losing the
sensitive personal information is decreasing.
Next, ensure that education institution implement and execute the personal data
security practices. The more the organization practice the policy, the higher of
awareness that the organization will get to realized the importance of protecting
the personal information.
Thirdly, to train the employees in the organization regarding the policy of
personal information protection. The organization must train their employees on
the important of shielding up the students information privacy.
Next, the government also should play the role in making sure that the
information privacy is being protected. Besides endorsing the Personal Data
Protection Act 2010, maybe they can educate the public on how to protect their
15

information. For example, the student may ask for the copy of policy or any
written document that states the law on right of accessing the students
information by the college or the third-party. This may avoid the other party from
taking the information at will and to ensure there are no privacy breaching.
Lastly, the adoption of FERPA law (Family Educational Rights and Privacy Act).
The education institution may adopt FERPA law to ensure that the students
information is safe. Besides depending on our PDPA 2010 that protects the
personal information of public, perhaps the organization could adopt the FERPA
law that created particularly for education institution. Here are some of the
example of that law which are:
- The students have right to block any other access from outside school system but
with some exemption.
6.0

The right to exclude the disclosure of students directory information.

CONCLUSION

Lately, the information privacy has become a priority issue that has been
discussed all over the world including Malaysia. The government has regard this
issue as an important matter that should be solved to ensure the privacy of its
resident. There are many cases occur all over the world that related to the
information privacy breaching and the number of cases in Malaysia also is
increasing. We may look at the cases such as Celcom Axiata, a woman has sued
the company as she claims that her information privacy has been breached by
the company but unfortunately it failed to disclose the concrete evidence.
Besides that, there is an advertisement in the newspaper states that they have a
list of people personal information and it is on sale. This shows that selling the
personal data has become a profitable business. The selling of personal data is
the easiest way to get profit. Many business firms out there do want other people
personal information as they may use it to promote their products through email,
messages and phone call. The space of privacy will be affected because of this
illegal This is the right time for the government to endorsed the law that protect
the personal data. Personal Data Protection Act 2010 is the best way to
decrease the number of this illegal activity. As a human being, we need our own
spaces and no one is allowed to ruin it. The act states that anyone who convict
the crime of selling the personal data will be fine to RM300,000 and
imprisonment for not exceeding 2 years or both. Perhaps this solution will solve
the crime of personal information trading
The result from the research finding shows that KPTM has its own privacy policy
regarding this matter and follow the rules and regulations on protecting their
students personal data. The results was gathered by interviewing the person
who in charge in students record unit and the research also managed to get the
result in level of awareness and concerns of KPTM Bangis students regarding this
matter of information privacy. The questions regarding the privacy issues in
KPTM has been answered through the questionnaire distributed to the students
and also the interviewed session held with the staff of KPTM Bangi. This
achievement will be worked out in the future in order to develop better
protection of students information.
In the future, a further studies of this research can be execute to have deeper
understanding and future upgrading and changes. Perhaps more research study
16

and development can be carry out to make improvement for all colleges and
universities all over Malaysia including KPTM. For example, the research on the
privacy protection of students, how to review the effectiveness of education
institution in protecting the students information and other issues that related to
the information privacy.
REFERENCES
Anon (2009) Lexis Nexis Warns 32,000 People About Data Breach. The Star
Online
[online]
2
May.
Available
from
<http://biz.thestar.com.my/news/story.asp?
file=/2009/s/2/business/20090502122749&see=business [9 April 2013]
Azmi, Ida Madiha (2002) E-commerce and Privacy Issues: An Analysis of the
Personal Data Protection Bill. BILETA Annual Conference, 1-2
Bargh, John. A, McKenna, Katelyn Y.A (2004) The Internet and Social Life.
Annu.Rev.Psychol, 573-577
Belanger, F., Crossler, Rober E. (2011) Privacy in the Digital Age: A Review of
Information
Privacy
Research
in
Information
Systems.
MIS Quaterly Vol.35 (4), 1017
Brown, M., Muchira, R. (2004) Investigating the Relationship Between Internet
Privacy Concerns and Online Purchase Behavior. Journal of Electronic
Commerce Research (1), 62-65
Boschini, A., Muren, A., Persson, M. (2011) Men Among Men Do Not Take Norm
Enforcement Seriously [online] The Journal of Socio-Economics.Vol.40 (5),
523-529.
Stockholm
University.<http://www.sciencedirect.com/science/article/pii/S105352571100
0321> [24 July 2013]
Clarke, J., Beebe, N., Williams, K., Shepherd, L. (2009) Security and Privacy
Governance: Criteria for Systems Design. Journal of Information Privacy and
Security (5:4), 3-30. cited in Belanger, F., Crossler, Rober E. (2011) Privacy in the
Digital Age: A Review of Information Privacy Research in Information Systems.
MIS Quaterly Vol.35 (4), 1018
Chung, W., Paynter, J. (2002) Privacy Issues on the Internet.
35th Hawaii International Conference System Sciences, 1-4
CNNMoney (2011) Your Phone Company is Selling Your Personal Data [online]
available
from
<http://money.cnn.com/2011/11/01/technology/verizon_att_sprint_tmobile_pr
ivacy/index.htm> [15 May 2013]
Datuk Seri Dr.Rais Yatim (2012) Protectin Your Personal Data. The Star Online
[online] 12 February. available from <http://thestar.com.my/news/story.asp?
file=/2012/2/12/nation/10716006&sec=nation> [12 March 2013]
Devon County Council (n.d) What is Personal Data [online] available from
<http://www.devon.gov.uk/personaldata> [17 April 2013]
Equifax, Harris (1994) Equifax-Harris Consumer Privacy Survey. Equifax
Corporate Marketing Department. cited in Ferrell, E., Phelps, J., Nowak, G.
(2000) Privacy Concerns and Consumer Willingness to Provide Personal
Information.
Spring Vol.19 (1), 27
Hassan, Kamal Halili (2011) Personal Data Protection in the Business of Higher
Education: Malaysian Law International Conference on Sociality and
Economics Development, 53-57
Habib, Shahaanaz (2011) Personal Data Still Open to Abuse. The Star Online
[online] 16 October. Available from <http://thestar.com.my/new/story.asp?
file=/2011/10/16/nation/9707673&see=nation [12 March 2013]
17

House of Commons (1988) Ireland Parliament. Data Protection Act, (Ireland

Parliament. House of Commons)
House of Commons (2010) Parliament of Malaysia. Laws of Malaysia, Personal
Data Protection Act 2010. (Malaysia Parliament. House of Commons; Act 709)
House of Commons (n.d) United States of America Parliament. Cyber Intelligence
Sharing and Protection Act: A bill to provide for sharing of certain cyber
threat intelligence and cyber threat information between the intelligence
community and cyber security entities and for the purposes (United States of
America Parliament. House of Commons)
House of Commons (2012) Parliament of Singapore. An Act to govern the
collection, use and disclosure of personal data by organizations and to
establish the Data Protection Commision and Data Protection Fund to provide
for their administration and for matters connected therewith and to make
related amendments to the Info Communications and Development Authority
of Singapore Act (Singapore Parliament. House of Commons;2012)
Loh, J., Bedi, Rashvinjeet S. (2009) Beware, Your Data on Sale. The Star Online
[online]
available
from
http://thestar.com.my/new/story.asp?
file=/2009/5/3/focus/3818877&sec=focus>[30 April 2013]
Mageswari, M. (2012) High Court Dismisses Breach of Privacy Claims Against
Celcom
Axiata
The
Star
Online
[online]
available
from
http://thestar.com.my/news/story.asp?
file=/2012/3/17/courts/10933096&sec=courts [9 April 2013]
Manasian, D. (2003) Digital Dilemmas: A Survey of the Internet Society.
Economist, 1-26. cited in Bargh, John. A, McKenna, Katelyn Y.A (2004) The
Internet and Social Life. Annu.Rev.Psychol, 573-574
Marchewka, Jack. T (2013) Information Technology Project Management. 4th
Edition.
Ministry of Science, Technology and Innovation (2011) Technology Roadmap for
Cyberspace Security Malaysia. Malaysia:MOSTI
Smith, Jeff. H, Dinev, T., Xu, H. (2011) Information Privacy Research: An
Interdisciplinary Review. MIS Quaterly (4), 990-991
Stone, E. F.,Gardner, D. G., Geutal, H. G., McClure, S. (1983) A Field Experiment
Comparing Information Privacy Values, Beliefs and Attitudes Across Several
Types of Organizations. Journal of Psychology. cited in Milberg, Sandra J.,
Jeff, Smith H., Burke, Sandra J. (1996) Information Privacy Measuring
Individuals Concerns About Organizational Practices. MIS Quaterly, Vol. 20
(2), 167-171
Stringer, G. (2005) The Internet: MIT2114/2214. Creative Media and Information
Technology.
Symantec Corporation World Headquarters (2011) Internet Security Threat
Report, Volume 17. U.S: Symantec Corporation
The Online Privacy Blog (2012) Abine on CNN: Why Big Company Buy and Sell
Your
Data
[online]
available
from
<http://www.abine.com/blog/2012/abine-on-cnn-why-big-company--buy-andsell-your-data/> [15 May 2013]
Zimmerman, Rachel K. (2001) The Way the cookies Crumble: Internet Privacy
and Data Protection in the Twenty-First Century (4:439), 441

18