By: Sonny Zulhuda
This New Year was marked by concerns about complying with the Personal Data Protection (PDP) Act 2010 for Malaysian data users: Bankers, Telco’s, Insurers, Hospitals, Marketers, Airliners, Property Sellers, and many more.
For data users, this is what you may consider:
1. Get to know about the law and its implication to you;
2. Make self-assessment on your current business processes to what extent it complies (or not) with the law;
3. Plan a massive personal-data compliance programme.
For the first one, the shortcut is to attend forum, workshops or training on Personal Data Protection law. There are now few such training in the market. Identify them and get involved. There are few types of training you can consider, according to your needs:
i. Basic Training
BASIC AWARENESS. This is obtained through a short lecture/seminar. Some conferences that take more than one day may also provide you basic awareness, albeit from different perspectives of the speakers. This kind of program will equip you at most with the details of Personal Data Protection principles that are spelled out by the PDP Act 2010. But you may still be in the dark as to their application to your specific needs.
ii. Intermediate Training
Then you may need to consider a proper “training” that zooms in the PRACTICAL ISSUES. This will take you more details on the technicalities of the law, implementation issues as well as lessons from cases in other jurisdictions. I think this comparative perspective is critical because our PDP Act is still new, not sufficiently equipped with necessary arms of regulations, guidelines or best practices like in other more-established PDP law jurisdictions such as UK and Hong Kong. Therefore lessons from those countries would be important in helping you interpret the law and understand the trends.
iii. Advance Training
Some trainings may take you two days. This will include some PRACTICAL EXERCISES WITH REAL INDUSTRIAL PERSPECTIVES such as workshop on privacy policies, analysing business forms, or even preparing Privacy Impact Assessment (PIA). Other than that, specific sector issues on PDP law may also be looked at, e.g. PDP on Human Resources matters, IT security measures, financial aspects, marketing practices etc. This kind of training does equip you with better and more comprehensive knowledge and skill to prepare compliance.
So, you have choices as to how you want to equip yourself through training. In other post I will discuss about other matters as part of PDP law compliance programmes. Should you have any question, give me your feedback! Cheers.