PDP Act Compliance Program – Where to Start?

By: Sonny Zulhuda

success manThis New Year was marked by concerns about complying with the Personal Data Protection (PDP) Act 2010 for Malaysian data users: Bankers, Telco’s, Insurers, Hospitals, Marketers, Airliners, Property Sellers, and many more.

For data users, this is what you may consider:

1. Get to know about the law and its implication to you;

2. Make self-assessment on your current business processes to what extent it complies (or not) with the law;

3. Plan a massive personal-data compliance programme.

For the first one, the shortcut is to attend forum, workshops or training on Personal Data Protection law. There are now few such training in the market. Identify them and get involved. There are few types of training you can consider, according to your needs:

Continue reading

Advertisements

From the 2nd Annual Summit on Personal Data Protection (KL, 12-13 Dec 2012)

By: Sonny Zulhuda

Brochure2 PDP Forum Dec 2012This 2nd Annual Personal Data Protection Summit was held in Royale Chulan of Kuala Lumpur. As admitted by the organiser (the World Asian Summit), this year edition showed much bigger interest. This impressive crowd attendance can only mean one thing: the undeniable importance of the PDP Act 2010.

The Deputy Minister Dato’ Joseph Salang had re-emphasised the Government’s seriousness about implementing the long-awaited legislation, which was already passed since June 2010. In his key-note speech, he again revealed that the Act will be enforced on the 1st January 2013 – echoing similar statement by the Minister of Information, Communications and Culture recently (Read reports on Dato’ Joseph’s announcement here, here and here).

I was invited to speak in the 2-day conference, on “Reality check on the right to privacy in Malaysia — and how is it affected by the mobile technologies and social media.” Continue reading

PDP Act enforcement soon – Are we prepared?

By Sonny Zulhuda

Recent report about the PDP Act 2010 (Act 709) soon to be enforced would naturally receive mixed reaction. Some quarters would be anticipating that news, while others could have heard it like a gong in the middle of the night.

I am glad that I have a privilege to engage with many people from different industries in the past five years, with whom I have shared my views, research and “strategies” on the new law in workshops, trainings and seminars. From the events that I attended or conducted, I find some sectors are more prepared than others in anticipating the coming or implementation of the Malaysian Personal Data Protection Act 2010.

In getting these industries actively moving or preparing, there are few factors that I think are relevant:

  1. Due to existing regulatory framework
  2. Due to their international pressure
  3. Due to individual experiences

Under the first category would appear to be those under certain professional associations, banks and financial institutions. Continue reading

Personal Data Protection Act 2010 will be Enforced from 01.01.2013 — Or so it was said…

By Sonny Zulhuda

That is it. No more waiting or being complacent.

The Minister of Information, Communications and Culture  of Malaysia, Datuk Seri Rais Yatim was reported today (23 Oct 2012) as saying that the crucial Act will be enforced beginning of the year 2013 — that is less than two months from now. The report from The Sun Daily can be viewed here.

Credit: The Sun Daily (c) 2012

Credit: The Sun Daily (c) 2012

And when it is implemented, as prescribed by the Act itself, data users will have three months to prepare to comply with the rules and regulations on personal data that they collect, process or otherwise store. In total, companies as well as individual data users will only have five months to prepare themselves before the Data Protection Commissioner can knock their doors if he wishes to inspect their personal data system and the level of compliance.

Also, it would mean that the consumers, termed as data subjects, would be able to come and check the accuracy of their personal data collected and processed at their bankers, telecommunications providers, or any other services providers that they had contract with.

Who will be implicated? Continue reading

Personal Data Protection in the Malaysian E-Government: Has the PDP Act 2010 got any place?

By: Sonny Zulhuda

ImageMajor legal issues on data privacy in Malaysia were resolved with the introduction of the Personal Data Protection Act (PDPA) 2010. Being the main legal framework for protecting data privacy of individuals, PDPA regulates the processing of personal data in commercial transactions and to provide for matters connected therewith.

Under section 4, “personal data” refers to any “data that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject.”

Meanwhile, “commercial transactions” mean “any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance.”

The enactment of the PDPA is arguably a milestone for the development of e-commerce and e-government in Malaysia, considering that a massive and increasingly valuable amount of personal information are being stored, processed and exploited. However, there is a cause for concern here that the Parliament has expressly excluded the application of PDPA to the Federal Government and State Governments in section 3. Commentators opined that this exclusion would have a far-reaching implication in terms of the development of data protection law in Malaysia. Nevertheless, it is argued that this law can still help protect the security of e-government in Malaysia in one way or another.

Continue reading

  • October 2019
    M T W T F S S
    « Sep    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,630 other followers