Data Privacy

Compoundable Offences under the Personal Data Protection Act 2010

Certain offences under the Personal Data Protection Act 2010 (PDPA) are compoundable as of 15 March 2016.

Under the Personal Data Protection (Compounding of Offences) Regulations 2016, the following offences are compoundable by making payment to the Commissioner of Personal Data Protection Malaysia:-

Offences under the PDPA

(1) Breach of any of the Personal Data Protection Principles (s. 5(2))
(2) Processing of personal data without the required registration under PDPA (this is only applicable to certain class of users) (s. 16(4))
(3) Processing of personal data after registration under the PDPA is revoked by the Personal Data Protection Commissioner (s. 18(4))
(4) Failure to surrender certificate of registration after revocation (s. 19(2))
(5) Failure to make a note on an expression of opinion which is considered as inaccurate, incomplete, misleading or not up-to-date by a person who made a data correction request and using that expression of opinion without the note being drawn to the attention of and being available for inspection by that person (s. 37(4))
(6) Failure to cease processing of personal data upon receipt of withdrawal of consent to process personal data (s. 38(4))
(7) Processing of sensitive personal data without explicit consent (s. 40(3))
(8) Failure to comply with an enforcement notice (s. 108(8))

Offences under the Personal Data Protection Regulations 2013

(1) Failure to obtain consent from a data subject in relation to the processing of personal data in any form that such consent can be recorded and maintained properly by the data user (Reg 3(1))
(2) Failure to develop and implement a security policy or that the security policy implemented does not comply with the security standards set by the Commissioner. Failure to ensure that the security standard in the processing of personal data be complied with by any data processor (Reg 6)
(3) Failure to comply with the retention standards set out by the Commissioner (Reg 7)
(4) Failure to comply with the data integrity standards set out by the Commissioner (Reg 8)

Offences under the Personal Data Protection (Registration of Data User) Regulations 2013

(1) Failure to renew the data user certificate of registration and continues to process personal data after expiry of the certificate of registration (Reg. 5)
(2) Failure to notify the Commissioner in writing of any change to the particulars in the certificate of registration (Reg 6(5))
(3) Failure to display the certificate of registration and any amendment to the certificate, if any, at a conspicuous place at the principal place of business and a certified copy of the certificate for each branch, where applicable. (Reg 8(3))

BFM Podcast: WEB OF EXPLOITATION

I was interviewed BFM Radio on the issue of sexual grooming and sex offenders registry and the podcast was published on 8 June 2016.


Your browser does not support native audio, but you can download this MP3 to listen on your device.

The rise of pedophilia and other sex offences recently have put in the spotlight predatory behaviour both on and offline. Today we look at how the lack of proper regulation is one source of the challenge. We also explore ways to combat online sexual predators.

This report is by Wan Irdina.

BFM Podcast: WHAT HAPPENS WHEN YOUR SEX TAPE IS PUBLISHED?

I was interviewed by BFM Radio to talk about invasion of privacy in Malaysia and the podcast was published on 27 April 2016.



On March 21th, a six-person jury awarded Hulk Hogan, the stage name of retired professional wrestler Terry Bollea, $140 million in civil damages for a sex tape that gossip website Gawker published in 2012. In doing so, the jury believed that Hulk Hogan’s privacy was violated as the tape was made and distributed without his permission. How far can public interest encroach into privacy rights? Lawyer Foong Cheng Leong explains how such a case would play out in a Malaysian court.

BFM Podcast: APPLE VERSUS THE FBI

I was interviewed by BFM Radio to talk about US Government’s request to compel Apple Inc to assist in the access of a suspected terrorist’s iPhone on 24 February 2016.


On February 16, Apple published a message on its website, outlining to its customers that they would not be complying with a request from the U.S. government. The request was for Apple to unlock the iPhone encryption of Syed Rizwan Farook, one of two perpetrators of a mass shooting in San Bernardino last year. Explaining what’s at stake in the current debate between Apple and the U.S. Government is Foong Cheng Leong, chairman of the KL Bar Information Technology Committee, and a member of the Bar Council Intellectual Property Committee.

Your browser does not support native audio, but you can download this MP3 to listen on your device.

Personal Data Protection Commissioner publishes the Personal Data Protection Standard 2015

On 23 December 2015, the Personal Data Protection Commissioner (“Commissioner”) published the Personal Data Protection Standard 2015 after consulting members of the public. The Standard sets out the minimum standards to process personal data and it is applicable to anyone who processes or has control or authorises the processing of any personal data relating to commercial transactions. Broadly, it sets out the security standards (electronic and non-electronic processing), retention standards and integrity standards.

For more information, please refer to the Personal Data Protection Standard 2015 (in Malay language only). The English language will be released by the Commissioner in due course.

Malaysian Personal Data Protection Commissioner publishes draft Codes of Practice

The Malaysian Personal Data Protection Commissioner has published the draft Codes of Practice for the banking and finance industry and also for the communications sector. Members of the public are invited to provide their feedback before 22 September 2015 by sending their comments to:-

KERTAS KONSULTANSI AWAM (KTA) BIL. 2/2015 / KERTAS KONSULTANSI AWAM (KTA) BIL. 3/2015 (Delete the necessary)
Aras 6, Kompleks KKMM, Lot 4G9,
Jabatan Perlindungan Data Peribadi
Kementerian Komunikasi dan Multimedia Malaysia
Persiaran Perdana, Presint 4,
Pusat Pentadbiran Kerajaan Persekutuan,
62100 Putrajaya.

or email or fax to kmohan@pdp.gov.my and 603-89117959 respectively.

Public Consultation Paper No. 1/2015: PROPOSED STANDARD PERSONAL DATA PROTECTION  

On 1 July 2015, the Personal Data Protection Commissioner published the Public Consultation Paper No. 1/2015. This consultation paper is intended to solicit feedback from the data users and data subjects relating to their understanding of the personal data protection.

In order to make the Standard for Personal Data Protection a reliable reference document, the Commissioner will merged three standards namely the Safety Standard, Storage Standard and Data Integrity Standard into one document.
  
According to the Commissioner, this step is in accordance with the requirements of the Personal Data Protection Regulations 2013 and the Personal Data Protection Act 2010. The feedback received through this public consultation paper will be analyzed and the results of this analysis will be used in the preparation of the final draft standard. The final draft will be presented to the 11 classes of data users before being registered by the Commissioner.

The feedback can be downloaded here (in Malay) and here (in English)

Source: www.pdp.gov.my

List of Data User Forums in Malaysia

The Personal Data Protection Commissioner has appointed the following associations as data user forum for the following sectors:-

1. Institut Akauntan Malaysia for the accounting and audit sectors;
2. Persatuan Jualan Langsung Malaysia for the direct selling sector;
3. Persatuan Bank-bank Dalam Malaysia for the banking and financial sectors;
4. Institut Jurutera Malaysia for the engineering services sector;
5. Institut Insurans Hayat Malaysia for the insurance sector;
6. Pertubuhan Akitek Malaysia for the architecture sector;
7. Maxis Berhad for the telecommunications sector;
8. Persatuan Hotel Malaysia for the travel and hospitality sector.
9. Majlis Peguam, Persatuan Undang-Undang Sabah and Persatuan Peguambela Sarawak for the legal sector.

Last updated: 1 April 2015

Source: Personal Data Protection Department Registration Unit.

Meeting with the Personal Data Protection Department, Putrajaya (26 Nov 2014)

Article and photos contributed by Sarah Yong Li Hsien, Officer, Ad Hoc Committee on Personal Data Protection
Wednesday, 17 December 2014 09:43am

On 26 Nov 2014, the Bar Council Ad Hoc Committee on Personal Data Protection (“Committee”) visited the Personal Data Protection Department (“PDPD”) at the Ministry of Communication and Multimedia in Putrajaya. The delegation, led by Co-Chairpersons, Suaran Singh and Foong Cheng Leong, consisted of 11 persons, including committee officers, Sarah Yong Li Hsien and Anneliz Reina George.

Mazmalek b Mohamad, the newly-appointed Director General of PDPD and his Deputy, Dr Zainal Abidin b Sait were on hand to welcome the Committee. The purpose of the meeting was to introduce the Committee, and discuss various matters relating to the Personal Data Protection Act 2010 (“PDPA”).

The meeting started at 9:30 am and some of the matters discussed were whether the Malaysian Bar will be appointed as the data user forum for lawyers, and about the drafting of the code of practice for lawyers. The Committee informed PDPD that it has been working on the code and it may be ready by early next year.

PDPD informed the Committee that it is not necessary to obtain consent to process personal data of existing customers collected prior to the enforcement of the PDPA, and the privacy notice issued in accordance with the Notice and Choice Principle does not need to be sent via AR registered post, pursuant to section 136 of the PDPA.

It was also revealed during the discussion that investigations have been conducted on parties alleged to have breached the PDPA. However, none have been charged under the PDPA yet. Other technical and practical issues were also raised during the meeting.

The Committee will organise another meeting at a later date to discuss issues such as the data user forum and the issue of consent.

[Source]

1 2 3 8  Scroll to top