Malaysiakini and its editor-in-chief are being cited for contempt of court over several readers’ comments on an article. We reach out to Foong Cheng Leong to find out what the law says about holding media portals accountable over comments made by readers.
Produced by: Tasha Fusil Presented by: Lee Chwi Lynn
According to the Advisory, businesses are only permitted to record minimal information – name, contact number, as well as dates and times of visit – for the purpose of contract tracing. The recordal can be made manually or digitally. It cannot be used for other purposes such as marketing.
The information must be processed for six (6) months after the expiry of the Conditional Movement Control Order (to be announced by the Government of Malaysia). It must be destroyed or disposed permanently thereafter.
Appendix A of the Advisory provides a sample notice for businesses to adopt in their data collection forms. The notice states that the collection of the details is required under the Prevention and Control of Infectious Diseases Act 1988. Although the Act does not specifically provide for the collection of personal data, s. 31 of the Act gives power to the Minister to make regulations. Reg. 13 of the Prevention and Control of Infectious Diseases (Measures within the Infected Local Areas) (No. 6) Regulations 2020 provides that an authorised officer may request for any information relating to the prevention and control of infectious disease from any person or body of persons. The act of requiring the collection of personal data may be granted by the implied powers under s. 40 of the Interpretation Act 1948 and 1967.
Any business who fails to comply with the Advisory and is found guilty under the Personal Data Protection Act 2010 may be subject to a fine of not more than RM300,000 or jail of not more than two years, or to both. However, it is noted that Advisory has no force in law under the Personal Data Protection Act 2010.
Prior to the publication of the Advisory, I was asked by The Star to comment on the introduction of an advisory to regulate the processing of personal data by business premises.
Bar Council Information Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong said this included keeping the data secure, not disclosing it to third parties without consent, and within the purpose of which the data is collected.
Processing personal data in ways that were not compliant with the PDPA could lead to a fine of not more than RM300,000 or jailtime of not more than two years, or both.
However, there is a lack of awareness on personal data protection among Malaysians, said Fong.
“I don’t think many people are fully aware of their rights as stated in the PDPA. The custodians who are collecting or holding people’s personal information also have to be aware of their responsibilities and liabilities, ” he said.
Experts welcomed the decision to introduce an advisory to help protect contact tracing info given by visitors to various establishments.
“It’s good to have a standard approach for businesses that process personal data. It also removes any uncertainty, ” said Foong Cheng Leong, the Bar Council Information Technology and Cyber Laws Committee deputy chairman.
He hoped that the advisory would introduce standard operating procedures that are suitable for both small medium enterprises (SMEs) and large businesses.
“It should not be too onerous on businesses especially for small outfits with fewer employees, ” he said, suggesting that the government encourage larger businesses like shopping malls to use a designated online platform to register visitors, as it could help to prevent the misuse of personal data.
“The data should only be maintained by a specific department with the sole purpose of aiding the Health Ministry with contact tracing.”
Foong Cheng Leong is an Advocate and Solicitor of the High Court of Malaya and also a registered Malaysian trade mark, industrial designs and patent agent.
He had served the Malaysian Bar and Kuala Lumpur Bar in the following capacities:-
1. Kuala Lumpur Bar Committee (2013 to 2020)
2. Chairperson of the Kuala Lumpur Information Technology (2012 to 2020)
3. Co-Chairperson of the Bar Council Ad-Hoc Committee on Personal Data Protection (2013 to 2016)
4. Co-Chairperson of the Bar Council Intellectual Property Committee (2019 to present)
5. Co-Chairperson of the Bar Council Information Technology and Cyberlaws Committee (2015 to 2017)
He is also the author of the following books-
1. Compendium of Malaysian Intellectual Property Cases consisting of the following two volumes
a. Vol 1- Trade Marks