S. 130 Personal Data Protection Act 2010

Pay just RM150 for details of 200,000 people, RM350 for 10 million

I was interviewed by Free Malaysia Today on the issue of the unlawful sale of personal data in Malaysia which is an offence under the Personal Data Protection Act 2010 (PDPA), in particular, s. 130 of the PDPA.

A lawyer told FMT that the sale of personal data is not surprising.

Foong Cheng Leong, who chairs the Kuala Lumpur Bar’s information technology committee, said while the sale of data is common, it is no longer done as openly as before due to PDPA which came into force in 2013.

But he said enforcement has been poor.

Despite media reports on data breaches such as the leakage of millions of mobile phone numbers two years ago, no action has been taken, Foong said.

In 2017, mobile phone numbers, identification card numbers, home addresses, IMEI and SIM card data of 46.2 million customers of at least 12 Malaysian mobile phone operators were leaked online.

“We do not know why there has been no prosecution. Perhaps due to the difficulty of conducting a data leakage investigation, data may be held by numerous data processors and rogue employees may have accessed them without permission,” said Foong.

 Scroll to top