PDP Law Compliance for Educational Institution

By: Sonny Zulhuda

Educational institutions -universities, colleges, schools, etc.- are among those who are regulated by the Personal Data Protection Act (PDPA) 2010. The data subjects include: students (obviously the main object here), staffs or employees, vendors, alumni, sponsors, as well as those applicants who have yet join the universities/schools.

The amount of personal data are potentially bulky: personal details, medical records, financial and scholarship records, academic records, student societies records, disciplinary records and even post-study information about the students. Given this situation, people who deal with students’ data in the educational institutions would need to ensure their handling of personal data is in line with the demands of the Act.

In introducing the subject matter to the community in the University, I will be speaking in this following workshop, together with my friend Noriswadi Ismail from Quotient Consulting Sdn Bhd and PDP Academy LLP, and Dr. Federico Feretti from Brunel Law School, London, UK.

Banner PDP Workshop AIKOL 28052014 (4)

Advertisements

Personal Data Protection a Key Concern for Human Resources (HR) Professional

By: Sonny Zulhuda

More personally identifiable information (PII) is being captured in the commercial activities across sectors and industries. The workplace today has become a battleground for protecting employees’ valuable personal data that includes their personal records, financial status, medical information as well as the professional data relating to their jobs.

Image

As a result, it is not too much to say that managing human resource HR) data has now become a critical success factor for organisations both internally and externally. Internally, because an effective and sustainable personal data management supports the works of everyone in the organization who relies on those data. Externally, because personal data has now become a crucial issue closely linked with managing trust and competitiveness while trying to grab the best human capital in the industry.

Given this, a Human Resource (HR) manager plays a central role to ensure that personal data of the employees and anyone around them would remain as assets and not turn out as liabilities for the commercial organizations. And for Malaysian employers, dealing with personal data of their employees, customers as well as their service providers has transformed from largely a business and operational issue to a legal and compliance concern.

With the enforcement of the Personal Data Protection (PDP) Act 2010 (Act 709), the operational landscape for human resource management has tremendously changed. The Act tasks the employers with a series of obligations relating to the collection, use, disclosure and retention of the personal data in their control, including data of employees, job applicants, former workers, outsourced service providers, vendors and customers.

Even though measures from industrial laws and guidelines are abundant and in place, employers are still in the dark about the multi-dimensional effect of the PDP Act 2010 on the employment relationship. Many practical issues arose in the workplace and throughout the employment lifecycle. These questions would likely arise:

  • Who are implicated by the PDP Act 2010?
  • What are the seven data protection principles in the Act and how do I (as an HR manager) implement them in my scope of work? Continue reading

Do-Not-Call Registry (DNCR) to Protect Personal Data?

By: Sonny Zulhuda

In March, I featured in The Sunday Star (9/3/2014) reporting on the need to establish a “Do not call registry” to protect people’s personal information. The main issue discussed was to scrutinize an initiative to have a DNCR and its operational and legal challenges. The full report can be traced here.

Image

 

The question that was posed to me was: (1) How good is the idea of DNCR for Malaysian consumers? AND (2) Do you foresee any issues that might arise when they  implement this?

Here are my comments:

  • The PDPA 2010, unlike Singapore’s law, does neither provide nor mandate specifically about Do Not Call (DNC) registry.
  • Nevertheless, DNC registry is an advanced step towards protecting individuals personal data, therefore it is highly commendable. It does require a carefully-structured procedure and rules. Continue reading
  • May 2014
    M T W T F S S
    « Feb   Aug »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,582 other followers