Recent report about the PDP Act 2010 (Act 709) soon to be enforced would naturally receive mixed reaction. Some quarters would be anticipating that news, while others could have heard it like a gong in the middle of the night.
I am glad that I have a privilege to engage with many people from different industries in the past five years, with whom I have shared my views, research and “strategies” on the new law in workshops, trainings and seminars. From the events that I attended or conducted, I find some sectors are more prepared than others in anticipating the coming or implementation of the Malaysian Personal Data Protection Act 2010.
In getting these industries actively moving or preparing, there are few factors that I think are relevant:
The Minister of Information, Communications and Culture of Malaysia, Datuk Seri Rais Yatim was reported today (23 Oct 2012) as saying that the crucial Act will be enforced beginning of the year 2013 — that is less than two months from now. The report from The Sun Daily can be viewed here.
And when it is implemented, as prescribed by the Act itself, data users will have three months to prepare to comply with the rules and regulations on personal data that they collect, process or otherwise store. In total, companies as well as individual data users will only have five months to prepare themselves before the Data Protection Commissioner can knock their doors if he wishes to inspect their personal data system and the level of compliance.
Also, it would mean that the consumers, termed as data subjects, would be able to come and check the accuracy of their personal data collected and processed at their bankers, telecommunications providers, or any other services providers that they had contract with.
Among the first question people would ask about Personal Data Protection Act (PDPA) 2010 is “whether or not this Act applies to me?” or, if one could answer it in affirmative, “in what why the Act implicates me?”
The PDPA 2010 provides for definition of certain entities that would be in one way or another “implicated.” They are (1) Data User; (2) Data Processore and (3) Data Subject. Thus, the PDPA 2010 operates on these classes of person. It is in this frame you can have your answer whether the Act applies to you, or, in what why it implicates you.
The above is the title of my presentation at IT LAW FORUM organised by KL BAR jointly held with KDU University College on 12 November 2010. I spoke at the panel after Prof. Abu Bakar Munir who was the adviser for the Government of Malaysia on the drafting of PDP Act 2010 (See: the unamended PDP Bill).
While Prof. Abu Bakar talked mainly on the duties and obligation of Data Users as well as Data Protection Principles, I presented the topic from another perspective, i.e. the data subject which refers to the individuals whose personal data become the object of business by data users. That simply means you, me and everyone!.
For the recall of the event in general, you may want to check at the KL BAR blog site here.