What You Need to Know about the PDPA

==============================

My Intro: The following article, appeared in The Star newspaper, is about public awareness on the Personal Data Protection Act (PDPA) 2010 (Act 709). The journalist had compiled the report out of few resources, including the PDP Department and myself (through series of interaction). It is indicated at the bottom of the article itself. I reproduce the article in this page for the benefit of more readers.

Cheers! Sonny Zulhuda

==============================

“What You Need to Know about the PDPA”

(Reproduced from The Star Online, published on Sunday, 30/12/2012)

PDPA 2010A freelance journalist from Penang was already coping with the pain from a hemorrhoids surgery when she had to endure another hurtful experience – she discovered that her surgeon had taken photographs of her private parts without her consent when she was under.

When she confronted him, she was told that it was “normal procedure” and a common practice for “medical purposes”. Outraged that her privacy had been violated, she sued the doctor.

This is one of the many cases of personal data breaches and privacy violations in the country. Hence, the enforcement of the Personal Data Protection Act (PDPA) this New Year is much lauded. In fact, it is long awaited – for some, over a decade long.

However, while pictures of one’s private parts may constitute as personal data, the aggrieved patient would not be able to take action under the Act – our PDPA only regulates commercial transactions. (The freelance journalist, however, won RM25,000 in damages in her civil court case.)

Here are some of the facts you need to know about the PDPA: Continue reading

Advertisements

From the 2nd Annual Summit on Personal Data Protection (KL, 12-13 Dec 2012)

By: Sonny Zulhuda

Brochure2 PDP Forum Dec 2012This 2nd Annual Personal Data Protection Summit was held in Royale Chulan of Kuala Lumpur. As admitted by the organiser (the World Asian Summit), this year edition showed much bigger interest. This impressive crowd attendance can only mean one thing: the undeniable importance of the PDP Act 2010.

The Deputy Minister Dato’ Joseph Salang had re-emphasised the Government’s seriousness about implementing the long-awaited legislation, which was already passed since June 2010. In his key-note speech, he again revealed that the Act will be enforced on the 1st January 2013 – echoing similar statement by the Minister of Information, Communications and Culture recently (Read reports on Dato’ Joseph’s announcement here, here and here).

I was invited to speak in the 2-day conference, on “Reality check on the right to privacy in Malaysia — and how is it affected by the mobile technologies and social media.” Continue reading

PDP Act enforcement soon – Are we prepared?

By Sonny Zulhuda

Recent report about the PDP Act 2010 (Act 709) soon to be enforced would naturally receive mixed reaction. Some quarters would be anticipating that news, while others could have heard it like a gong in the middle of the night.

I am glad that I have a privilege to engage with many people from different industries in the past five years, with whom I have shared my views, research and “strategies” on the new law in workshops, trainings and seminars. From the events that I attended or conducted, I find some sectors are more prepared than others in anticipating the coming or implementation of the Malaysian Personal Data Protection Act 2010.

In getting these industries actively moving or preparing, there are few factors that I think are relevant:

  1. Due to existing regulatory framework
  2. Due to their international pressure
  3. Due to individual experiences

Under the first category would appear to be those under certain professional associations, banks and financial institutions. Continue reading

Personal Data Protection Act 2010 will be Enforced from 01.01.2013 — Or so it was said…

By Sonny Zulhuda

That is it. No more waiting or being complacent.

The Minister of Information, Communications and Culture  of Malaysia, Datuk Seri Rais Yatim was reported today (23 Oct 2012) as saying that the crucial Act will be enforced beginning of the year 2013 — that is less than two months from now. The report from The Sun Daily can be viewed here.

Credit: The Sun Daily (c) 2012

Credit: The Sun Daily (c) 2012

And when it is implemented, as prescribed by the Act itself, data users will have three months to prepare to comply with the rules and regulations on personal data that they collect, process or otherwise store. In total, companies as well as individual data users will only have five months to prepare themselves before the Data Protection Commissioner can knock their doors if he wishes to inspect their personal data system and the level of compliance.

Also, it would mean that the consumers, termed as data subjects, would be able to come and check the accuracy of their personal data collected and processed at their bankers, telecommunications providers, or any other services providers that they had contract with.

Who will be implicated? Continue reading

“Mirror mirror on FB Wall… Should you comment of them all?!”

(CASE CHAT ON ONLINE DEFAMATION)

By Sonny Zulhuda

ImageThe online wall that you have on your Facebook or other social networking sites is not like a wall in your private bedroom where you can always at your own freedom stick things from your own photos to class schedules, to your favorite Football Club posters. Those things would remain as your “private’ enjoyment and view.

But things that you, or others, post on your social networking sites wall is not private. There are people who share such wall and are ready to read your posts every time you have something new.

So this is a rather common-sense thing; just be careful, mindful and.. don’t do fool!

Let me just share with you this incident:

“Retiree to pay RM100,000 over FB posts

It was reported by the Star on October 1st, 2011, that a retiree from Penang has been ordered by a High Court here to pay a total of RM100,000 in damages and costs to a private automotive technology training centre where his son had studied over three defamatory postings on Facebook.

Continue reading

Privacy Impact Assessment (PIA) – In the Light of the Data Protection Law in Malaysia

By: Sonny Zulhuda

ImageLast time In May ’12, I was invited by the Federation of Public Listed Companies (FPLC) and the Malaysian Institute of Corporate Governance (MICG) to speak in their National Conference on IT Governance, Data Protection and Cyber Security.

I chose to speak about the importance of the Privacy Impact Assessment (PIA) as an implementing tool for complying with the data management rules and obligations under the law. The exact title of my presentation was “Privacy Impact Assessment for a Better Corporate Governance: The New Legal Landscape in Managing Corporate Data Assets.”

In fact, this was the first time I spoke about it. I just felt that people especially the corporate citizens need to be told in a more practical way on why and how they should comply with the laws on personal data management, i.e. the Personal Data Protection Act 2010 as far as Malaysia is concerned.

The PDPA itself is, of course, silent about this PIA. But that does not mean having or executing a PIA would be useless. PIA is indeed a very helpful organisational tool to ensure compliance with the law on data protection. Malaysian law is not excepted. Continue reading

Incidents on personal data abuse affecting banks

by: Sonny Zulhuda

In my last post I made note about why banks should or must care to protect the personal data with them. In this post I just want to put that note in real perspective, learning from real cases and incidents involving major banks in the world.

First, it was reported that Citigroup breach exposed data on 210,000 customers (here for the full report)

Citigroup admitted Wednesday (June 8th, 2011) that an attack on its website allo

wed hackers to view customers’ names, account numbers and contact information such as email addresses for about 210,000 of its cardholders in North America. Although hackers may have not gained complete information on cardholders, the contact information is enough for scammers to try and elicit more information through targeted attacks. The email addresses, for example, could be used to send “phishing” messages asking for other sensitive information which could potentially give identity thieves enough to start committing fraud.

Second,  you’ll see how Data breaches lead to massive fines for three HSBC firms (here for the report)

Three HSBC firms have been fined more than £3 million by the Financial Services Authority (FSA) for failing to secure customer data. The FSA claimed the three firms sent large amounts of unencrypted data – often on discs sent via the post – and staff were untrained on the issue of identity theft. The FSA said that, in April 2007, HSBC Acutaries lost a floppy disk in the post that contained 1,917 pension numbers and addresses. And, in February 2008, HSBC Life lost an unencrypted disk holding data on 180,000 policy holders – also in the post.

Continue reading

  • October 2019
    M T W T F S S
    « Sep    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,630 other followers