Refer to Malaysia Technology News.
The Personal Data Protection Act 2010 (PDPA) was passed by Parliament in May 2010.
The act is however not applicable to the following 5 scenarios:
It is applicable to the following 7 activities which relate personal data:
There are a total of 7 principles to take note in the event of exemptions (when personal data protection is to be breached):
For example, in the event of crime prevention, the following principles must be upheld (at least):
And depending on the 5 scenarios stated earlier, when we say exemption, it consists of:
Also, take note that in the event of potential personal data breach, data subject has the following 6 rights:
In corporate sense, a director, CEO, COO, manager, secretary; or other similar officer of the body corporate or was purporting to act in any such capacity or was in any manner or to any extent responsible for the management of any of the affairs of the body corporate or was assisting in such management - may be charged severally or jointly in the same proceeding with the body corporate; and
If the body corporate is found to have committed the offence, he shall be deemed to have committed the offences unless, having regard to the nature of his functions in that capacity and to all circumstances, he proves:
- that the offences was committed without his knowledge, consent or connivance;and
- that the had taken all reasonable precautions and exercised due diligence to prevent the commission of the offence. (s.133)
Enforcement mechanism can consist of one or a combination of the followings:
The Personal Data Protection Act 2010 (PDPA) was passed by Parliament in May 2010.
The act is however not applicable to the following 5 scenarios:
- Federal & states governments
- Credit reference agencies
- Data processed outside Malaysia
- Personal and family
- Non-commercial transactions
It is applicable to the following 7 activities which relate personal data:
- Collecting
- Recording
- Holding
- Storing
- Organising
- Publishing on the Internet
- Making available
There are a total of 7 principles to take note in the event of exemptions (when personal data protection is to be breached):
- General principle
- Notice and choice principle
- Disclosure principle
- Security principle
- Retention principle
- Data integrity principle
- Access principle
For example, in the event of crime prevention, the following principles must be upheld (at least):
- General principle
- Notice & choice principle
- Disclosure principle
- Access principle.
And depending on the 5 scenarios stated earlier, when we say exemption, it consists of:
- Crime prevention/detection - partial exemption
- Offenders apprehension/prosecution - partial exemption
- Tax/duty assessment/collection - partial exemption
- Physical/mental health - partial exemption
- Statistic/research - partial exemption
- Court order/judgment - partial exemption
- Regulatory functions - partial exemption
- Journalistic/literary/artistic - partial exemption
- Personal and family - full exception
Also, take note that in the event of potential personal data breach, data subject has the following 6 rights:
- Right to be informed
- Right to access
- Right to correct
- Right to withdraw consent
- Right to prevent processing likely to cause distress
- Right to prevent processing for direct marketing purposes
In corporate sense, a director, CEO, COO, manager, secretary; or other similar officer of the body corporate or was purporting to act in any such capacity or was in any manner or to any extent responsible for the management of any of the affairs of the body corporate or was assisting in such management - may be charged severally or jointly in the same proceeding with the body corporate; and
If the body corporate is found to have committed the offence, he shall be deemed to have committed the offences unless, having regard to the nature of his functions in that capacity and to all circumstances, he proves:
- that the offences was committed without his knowledge, consent or connivance;and
- that the had taken all reasonable precautions and exercised due diligence to prevent the commission of the offence. (s.133)
Enforcement mechanism can consist of one or a combination of the followings:
- Data protection commissioner
- Advisory committee
- Appeal tribunal
- Codes of practice
- Enforcement notice
- Prosecution
- Revocation of registration
Comments