Malaysia set to implement Personal Data Protection Act that has a bite
The Ministry of Information, Communications and Culture (MICC) in Malaysia has set up a Data Protection Department to oversee the implementation of the Malaysian Personal Data Protection Act (PDPA) of 2010.
The PDPA – which is expected to come into force early this year – will introduce seven data protection principles – including the notice and choice principle, the disclosure principle and the data integrity principle – all aimed at protecting individuals’ personal data from misuse.
‘There is a question as to whether the Department’s role is merely temporary in ensuring the smooth transitional arrangement towards a more appropriate establishment i.e., the Data Protection Commissioner’ and it is believed that at this juncture, MICC has not officially issued a statement in relation to the enforcement date.
Nonetheless, if the latter takes place, Malaysian stakeholders and any legal entities which have a presence in Malaysia will have three months to comply with the PDPA. Bearing in mind that even if the Commissioner has been appointed, the nature of independence is arguably questionable as he or she reports directly to the Minister of MICC, instead of having the level or degree of independence to enforce the PDPA obligations. My advice to businesses is to start strategising and executing.
The PDPA would apply to data users established in Malaysia, or who use equipment based in Malaysia to process personal data. The amount of the fines and the length of imprisonment would depend on the type of violation, with maximum fines set at 500,000 Malaysian Ringgit (approx. $160,000 USD).
Source: As published by DataGuidance http://www.dataguidance.com/.