The Minister of Information, Communications and Culture of Malaysia, Datuk Seri Rais Yatim was reported today (23 Oct 2012) as saying that the crucial Act will be enforced beginning of the year 2013 — that is less than two months from now. The report from The Sun Daily can be viewed here.
And when it is implemented, as prescribed by the Act itself, data users will have three months to prepare to comply with the rules and regulations on personal data that they collect, process or otherwise store. In total, companies as well as individual data users will only have five months to prepare themselves before the Data Protection Commissioner can knock their doors if he wishes to inspect their personal data system and the level of compliance.
Also, it would mean that the consumers, termed as data subjects, would be able to come and check the accuracy of their personal data collected and processed at their bankers, telecommunications providers, or any other services providers that they had contract with.
Major legal issues on data privacy in Malaysia were resolved with the introduction of the Personal Data Protection Act (PDPA) 2010. Being the main legal framework for protecting data privacy of individuals, PDPA regulates the processing of personal data in commercial transactions and to provide for matters connected therewith.
Under section 4, “personal data” refers to any “data that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject.”
Meanwhile, “commercial transactions” mean “any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance.”
The enactment of the PDPA is arguably a milestone for the development of e-commerce and e-government in Malaysia, considering that a massive and increasingly valuable amount of personal information are being stored, processed and exploited. However, there is a cause for concern here that the Parliament has expressly excluded the application of PDPA to the Federal Government and State Governments in section 3. Commentators opined that this exclusion would have a far-reaching implication in terms of the development of data protection law in Malaysia. Nevertheless, it is argued that this law can still help protect the security of e-government in Malaysia in one way or another.