Dubai data protection law expected to be in force by July 2012

The Data Protection Commissioner of the Dubai International Financial Centre Authority (DIFCA) launched – on 15 December 2011 – Consultation Paper No 3 sought public comment on DIFCA’s proposals to amend the Data Protection Law, DIFC Law No 1 of 2007 and the Data Protection Regulations. The consultation closed on 14 January 2012.

It is expected the amended Law will come into effect by June or July of 2012, The newly amended Law embodies international best practice standards, and it is consistent with EU Directives and OECD guidelines, and is designed to balance the legitimate needs of businesses and organizations to process personal data while upholding individuals’ rights to privacy. It should be noted that the Law and the newly amended Law apply only to individuals and organizations established in the Dubai International Financial Centre (DIFC)’.

The proposed amendments will require a data controller to notify the Commissioner of any changes to the particulars of a licensee as soon as possible and in any event within a period of 14 days from the date upon which the entry becomes inaccurate or incomplete. A maximum fine of US$ 25,000 could also be introduced for failing to register with the Commissioner’s Office.

The proposed amendments will also grant powers to the Commissioner to delegate functions and powers to the officers and employees of the DIFCA and powers to the DIFCA Board of Directors to pass regulations exempting certain data controllers.

It is believed that the changes are not so significant on their face, but the combination of amendments to make the rules more practical and more specific enforcement powers suggest some examples may be made of non-compliant DIFCA licensees to encourage better compliance.

Source: As published by DataGuidance http://www.dataguidance.com/.

Malaysia set to implement Personal Data Protection Act that has a bite

The Ministry of Information, Communications and Culture (MICC) in Malaysia has set up a Data Protection Department to oversee the implementation of the Malaysian Personal Data Protection Act (PDPA) of 2010.

The PDPA – which is expected to come into force early this year – will introduce seven data protection principles – including the notice and choice principle, the disclosure principle and the data integrity principle – all aimed at protecting individuals’ personal data from misuse.

‘There is a question as to whether the Department’s role is merely temporary in ensuring the smooth transitional arrangement towards a more appropriate establishment i.e., the Data Protection Commissioner’ and it is believed that at this juncture, MICC has not officially issued a statement in relation to the enforcement date.

Nonetheless, if the latter takes place, Malaysian stakeholders and any legal entities which have a presence in Malaysia will have three months to comply with the PDPA. Bearing in mind that even if the Commissioner has been appointed, the nature of independence is arguably questionable as he or she reports directly to the Minister of MICC, instead of having the level or degree of independence to enforce the PDPA obligations. My advice to businesses is to start strategising and executing.

The PDPA would apply to data users established in Malaysia, or who use equipment based in Malaysia to process personal data. The amount of the fines and the length of imprisonment would depend on the type of violation, with maximum fines set at 500,000 Malaysian Ringgit (approx. $160,000 USD).

Source: As published by DataGuidance http://www.dataguidance.com/.