PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law,...
-
Upload
theodore-dickerson -
Category
Documents
-
view
215 -
download
1
Transcript of PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law,...
![Page 1: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/1.jpg)
PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW
Professor Abu Bakar MunirFaculty of Law, University of Malaya
&Associate Professor Siti Hajar Mohd Yasin Faculty of Law, Universiti Teknologi MARA
SEMINAR KESEDARAN AKTA PERLINDUNGAN DATA PERIBADI9 February 2012
Kuala Lumpur
1
![Page 2: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/2.jpg)
Privacy and Data ProtectionSweet & Maxwell
(2002)
Internet Banking: Law and Practice
LexisNexis UK(2004)
Cyber Law: Policies and Challenges
Butterworths Asia(1999)
Some of our books on ICT Law
In Print
Information & Communication Technology Law
Legal & Regulatory Challenges
Thomson Reuters(2010)
2
![Page 3: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/3.jpg)
Please read this book.
![Page 4: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/4.jpg)
4
THE WORLD’S GREATEST NEWSPAPER 1843-2011
![Page 5: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/5.jpg)
![Page 6: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/6.jpg)
Reality Check
The efficiency of computer network has caused more and more personal data be stored in computers
The world has reaped the benefits of the fast flow information and personal data: Ten years ago – gigabytes of data, Five years ago – terabytes of data, Today, petabytes of data, are being transferred and stored on daily basis.
Users globally send around 47 billion (non-spam) emails and submits 95 millions tweets
Each month users share about 30 billion pieces of contents on facebook
Personal data is the new oil of the Internet and the new currency of the digital world
Greater concerns about privacy invasion
6
![Page 7: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/7.jpg)
7
![Page 8: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/8.jpg)
8
![Page 9: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/9.jpg)
Types of Privacy
The right to be left alone Bodily privacy Privacy of communications Territorial privacy Informational privacy
![Page 10: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/10.jpg)
Privacy as Human Rights
Article 12 Universal Declaration on Human Rights 1948
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Some Other Instruments
Article 17, International Covenant on Civil and Political Rights 1966 Article 16, Conventions on the Rights of the Child 1989 Article 8, Convention for the Protection of Human Rights and Fundamental
Freedoms 1950 Article 18, OIC Cairo Declaration on Human Rights in Islam 1990 Article 4.3, Declaration of Principles on Freedom of Expression in Africa
2002 Article 5, American Declaration of the Rights and Duties of Man
![Page 11: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/11.jpg)
Informational Privacy
The rights of an individual to have control over his personal information
Informational Privacy = Personal Data Protection
![Page 12: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/12.jpg)
Why countries protect personal data?
International obligation Competitiveness Human right International influence
12
![Page 13: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/13.jpg)
Why Protect Personal Data? What Customers Say…
Nearly 90% of online consumers want the right to control how their personal information is used after it is collected
(Forrester Research 2003)
87 % of Americans are concern about the security of their information on the Internet
(Zogby International 2010)
61 % of adult Americans said that they were extremely concerned about the privacy of their personal information when buying online
(University of Southern California 2007)
![Page 14: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/14.jpg)
Cont……..
Our research shows that 80% of our customer would walk away if we mishandled their information
(Royal Bank of Canada 2003)
Concerns about the use of personal information led 64% of respondents to decide not to purchase from a company
(Privacy and American 2005)
67% respondents decided not to register at a website or shop online because they found privacy policy to be too complicated or unclear
(Privacy and American 2005)
![Page 15: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/15.jpg)
Malaysian Consumers Say…..
75.3% respondents say that they were “somehow concerned” and “very concerned” with their personal privacy even when not online
94.2 % respondents felt that their personal privacy might be threatened when using the Internet
50.8 % of non Internet Banking customers have not migrated to the online services mainly due to security, trust and privacy concerns
(Muniruddeen Lallmahamood 2007/2008)
![Page 16: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/16.jpg)
Therefore….
Trust and risk are major determinants towards purchasing and of intention to purchase
Trust is difficult to gain but easy to lose Consumers are concern about their privacy Consumers are very concern about privacy
when transact online
16
![Page 17: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/17.jpg)
GOOD PRIVACY, GOOD BUSINESS
“Privacy is good for business”
Harriet PearsonIBM Chief Privacy Officer
17
![Page 18: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/18.jpg)
How?
Potential Risks Breaches of data protection law Damage to organization’s reputation and brand Physical, psychological and economic harm to
customers Financial losses associated with deterioration in
quality and integrity of personal data due to customers’ distrusts
Loss of market share or a drop in stock prizes due to negative publicity/ failure or delay in the implementation of new product / service due to privacy concern
18
![Page 19: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/19.jpg)
Benefits
More positive organizational image and significant edge over the competition
Business development via expansion into jurisdiction requiring clear privacy standard
Enhanced data quality and integrity Fostering better customer service and more
strategic business decision making Enhanced customer trusts and loyalty
19
![Page 20: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/20.jpg)
20
![Page 21: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/21.jpg)
21
![Page 22: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/22.jpg)
(Reuters) - HSBC Holdings, Europe's biggest bank, was fined 3.2 million pounds on Wednesday for information security breaches, the biggest fine the country's financial regulator has ever imposed for data security lapses. (2007, 2008)
22
![Page 23: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/23.jpg)
Insurance giant Norwich Union has been fined £1.26 million by the Financial Services Authority (FSA) for security
systems failures (2007)
23
![Page 24: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/24.jpg)
24
DATA PROTECTION COMMISSIONER’S OFFICE
Press Release For immediate release Date: 13 November 2012
2007 XYZ SDN. BERHAD IS IN BREACH OF THE PERSONAL DATA
PROTECTION ACT 2010
The Data Protection Commissioner's Office (DPCO) has found that the XYZ SDN. BERHAD is in beach of the Personal Data Protection Act 2010 following an
investigation into the complaint of ………………………………………………
………AB H……….. DATA PROTECTION COMMISSIONER
![Page 25: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/25.jpg)
International Instruments
OECD Guidelines 1980 Council of Europe Convention 1981 European Directive 1995 APEC Privacy Framework 2004 Madrid Resolution 2009 EU Proposed Directive (25 Jan 2012)
25
![Page 26: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/26.jpg)
OECD Guidelines 1980 (8 Principles)
Collection limitation Data Quality Purpose Specification Use Limitation Security Openness Individual Participation Accountability
26
![Page 27: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/27.jpg)
Council of Europe Convention 1981
Personal Data shall be:
obtained fairly and lawfully stored for specified and legitimate purposes and not
used in a way incompatible with those purposes adequate, relevant and not excessive accurate and, where necessary kept up to date preserved in a form which permits identification of the
data subjects for no longer than is required for the purpose for which those data are stored
27
![Page 28: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/28.jpg)
European Directive 1995
Personal data must be;
Processed fairly and lawfully Collected for specified, explicit and legitimate purposes
and not further processed in a way incompatible with those purposes
adequate, relevant and not excessive accurate and, where necessary kept up to date
28
![Page 29: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/29.jpg)
APEC Privacy Framework 2004 (9 Principles)
Preventing harm Notice Collection Limitation Uses of personal information Choice Integrity Security safeguards Access and correction accountability
29
![Page 30: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/30.jpg)
Madrid Resolution 2009 (6 Principles)
Lawfulness and fairness Purpose specification Proportionality Data quality Openness Accountability
30
![Page 31: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/31.jpg)
EU Proposed Directive
On Data Protection with regard to the processing of personal data by competent authorities for the
purposes of prevention, investigation, detection or prosecution of criminal offences or the executions of criminal penalties, and the fee movement of such data.
Known as The Police and Criminal Justice Data Protection Directive
January 25, 2012, the European Commission released a proposed data protection regulation to replace the current EU Data Protection Directive (95/46/EC). The proposed regulation would drastically alter the data protection landscape for companies
31
![Page 32: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/32.jpg)
32
National Approaches
Comprehensive Legislation Legislation + Self-Regulatory Self–Regulatory Doing Nothing
![Page 33: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/33.jpg)
Comprehensive Legislation
All EU countries, including the 10 new member states (Cyprus, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia and Slovenia)
Japan, Korea, New Zealand, Australia, Hong Kong, Macao, Taiwan, Philippines, Singapore
Chile, Argentina, Brazil, Mexico, etc. In Middle East, only Israel and Dubai Financial
Centre
33
![Page 34: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/34.jpg)
Legislation + Self-Regulatory USA – Privacy Act 1974 + 12 federal
sectoral based legislation + State Laws + Safe Harbour
Self-Regulatory Singapore - Does not work – To have a
data protection law by 2012
34
![Page 35: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/35.jpg)
35
Doing Nothing so far
Brunei Vietnam Laos Cambodia Many more
![Page 36: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/36.jpg)
36
![Page 37: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/37.jpg)
Our Part of the World : What’s Happening ?
• Macao enacted her Personal Data Protection Act in 2006
• China has came out with several drafts of the law, and the latest in 2007
• India amended her Information Technology Act in December 2008. Some new provisions are added to protect privacy and personal data. In April 2011, the third draft of the Privacy Bill was issued.
• Indonesia came out with an academic draft in 2009
• Thailand has developed a draft Bill in 2010
• Taiwan amended her old law and passed a more comprehensive Personal Data Protection Act in April 2010
• Malaysia has passed the Personal Data Protection Act in June 2010
• Korea came out with a more comprehensive law in March 2011
• The Philippines Congress has came out with the draft Act
• Australia and Hong Kong are reviewing their Privacy Act and Privacy Ordinance respectively
• Singapore is currently developing a law and is expected to be ready by 2012. On 13 Sept 2011, a Consultation Paper was released
• In April 2011, the EU Working Party decided that the New Zealand Privacy Act is adequate
![Page 38: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/38.jpg)
38
Korea Data Protection Act
2011• Data Protection
Principles• Rights of Data Subjects• Organization to
designate someone to take charge
• Special entity to enforce the Act (Data Protection Commission/DPC)
• Mandatory reporting of significant breach to DPC
• Data breach notification (to the Data Subject)
• Mediation to resolve dispute.
• Differentiate personal data & sensitive data
• PIAs are encouraged
Malaysia Personal Data
Protection Act 2010
• Data Protection Principles
• Rights of Data Subjects
• Special entity to enforce the Act (Data Protection Commissioner)
• No mandatory data breach notification.
• Differentiate personal data & sensitive data.
• Does not apply to Federal and States Governments
TaiwanPersonal Data
Protection Act 2010
• Data Protection Principles
• Rights of Data Subjects
• Mandatory data Breach Notification (to the Data Subject)
• Enforcement by Ministries responsible for each industry sector
![Page 39: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/39.jpg)
PDPA 2010: Applicability
Non-Applicatio
n
Federal & States Govts
Non-Commercial Transactions
Personal, Family,
Household Affairs
Data Processed
Outside Malaysia
Credit Reference Agencies
39
![Page 40: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/40.jpg)
DATA PROTECTION PRINCIPLES
General Principle
Notice and Choice
Principle
Disclosure Principle
Security Principle
Retention Principle
Data Integrity Principle
Access Principle
40
![Page 41: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/41.jpg)
Exemptions
• Crime Prevention/Detection• Offenders Apprehension/Prosecution• Tax/Duty Assessment/Collection• Physical/Mental Health• Statistics/Research• Court Order/Judgment• Regulatory Functions• Journalistic/Literary/Artistic
Partial
• Personal• Family• Household• RecreationalTotal
41
![Page 42: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/42.jpg)
PurposesGeneralPrinciple
Notice &ChoicePrinciple
DisclosurePrinciple
Security Principle
Retention Principle
Data IntegrityPrinciple
Access Principle
Crime Prevention/Detection
x x x x
OffendersApprehension/Prosecution
x x x x
Tax/dutyAssessment/Collection
x x x x
Physical/Mental Health
x
Statistics/Research
x x x x
Court Order/Judgment
x x x x
Regulatory Functions
x x x x
Journalistic/Literary/Artistic
x x x x x x42
![Page 43: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/43.jpg)
43
RIGHTS OF DATA
SUBJECTS
Right to be Informed
Right to Access
Right to Correct
Right to Withdraw Consent
Right to Prevent
Processing Likely to
Cause Distress
Right to Prevent
Processing for Direct
Marketing Purposes
![Page 44: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/44.jpg)
No. Section Offences Penalty
1S. 16(4) Processing without a certificate of registration
Fine <RM500,000.00/Imprisonment < 3 years/ Both
2S 18(5) Processing after registration is revoked
Fine <RM500,000.00/Imprisonment < 3 years/Both
3S.5 Contravening Data Protection Principles
Fine <RM500,000.00/Imprisonment < 2 years/Both
4S. 29 Non-Compliance with Code of Practice
Fine <RM100,000.00/Imprisonment < 1 year/Both
5S. 37(4)
Failure to Inform the Refusal to Comply with the Data Correction Request
Fine <RM100,000.00/Imprisonment < 1 year/Both
6S. 38(4) Processing after consent been withdrawn
Fine <RM100,000.00/Imprisonment < 1 year/Both
7S.40(3) Processing of Sensitive Data
Fine <RM200,000.00/Imprisonment < 2 years/Both
8.S.42(6)
Failure to Comply with the Commissioner’s Requirement
(Processing likely to cause damage or distress)
Fine <RM200,000.00/Imprisonment < 2 years/Both
9S. 43(4)
Failure to Comply with the Commissioner’s Requirement
(Direct Marketing)
Fine <RM200,000.00/Imprisonment < 2 years/Both
10.S. 129(5)
Transfer of Data to Places Outside Malaysia without any law or adequate protection
Fine <RM300,000.00/Imprisonment < 2 years/Both
11S. 130(3)
Collects, disclose or procure to disclose data without consent of Data User
Fine <RM500,000.00/Imprisonment < 3 years/Both
12S. 130(4) and (5) Selling or offer to sell
Fine <RM500,000.00/Imprisonment < 3 years/Both
13S. 131(1) and (2) Abetment and Attempt to commit any of the offences
Half of the maximum term provided for that offence
![Page 45: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/45.jpg)
Offences by a body corporate
A director, chief executive officer, chief operating officer, manager, secretary; or other similar officer of the body corporate or was purporting to act in any such capacity or was in any manner or to any extent responsible for the management of any of the affairs of the body corporate or was assisting in such management - may be charged severally or jointly in the same proceeding with the body corporate; and
If the body corporate is found to have committed the offence, he shall be deemed to have committed the offences unless, having regard to the nature of his functions in that capacity and to all circumstances, he proves :
- that the offences was committed without his knowledge, consent or connivance; and
- that he had taken all reasonable precautions and exercised due diligence to prevent the commission of the offence. (s.133)
45
![Page 46: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/46.jpg)
Abetment and Attempt to Commit Offence
A person who abets the data user in the commission of any offence under this Act commits an offence, and shall, on conviction, be liable to the punishment provided for that offence.(s.132(1)
A person who attempts to commit an offence punishable under this Act commits an offence and shall be liable to imprisonment not exceeding one half of the maximum term provided for that offence.
46
![Page 47: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/47.jpg)
Transfer of Data to Outside Malaysia
What PDPA says…
Sect 129No transfer unless to such places specified by the Minister
The Minister may specify if:a) there is a law substantially similar to PDPA, orb) there is a law that serves the same purpose as PDPA, orc) that place ensures an adequate level of protection
equivalent to the protection afforded by PDPA
![Page 48: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/48.jpg)
48
Enforcement Mechanisms
Data Protection Commissioner Advisory Committee Appeal Tribunal Codes of Practice Enforcement Notice Prosecution Revocation of Registration
![Page 49: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/49.jpg)
49
Enough is Enough
![Page 50: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/50.jpg)
50
The Star Malaysia 18 Sept 2011
![Page 51: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/51.jpg)
51
Telco A
“Personal information held by Telco A may include your name, date of birth, current address, telephone/mobile phone number, email address, credit cards details, occupation, user ID or password… as well as certain details about your personal interest.”
“Telco A complies with and is registered under the data protection law in Malaysia and…”
![Page 52: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/52.jpg)
Bank A
“Any information sent to Bank A Bhd through the use of this site will be deemed not to be confidential and be deemed to remain the property of Bank A Bhd who shall be free to use, copy, publish, reproduce, distribute and/or transmit all such information at Bank A Bhd’s absolute discretion for any purpose and…”
52
![Page 53: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/53.jpg)
Bank C
“Bank C Group may also use your personal information to market Bank C Group’s products, and services to you based on your interest and…”
“Our use of your information may also extend to other purposes… which may at our sole discretion be made available to our third party vendors, advertisers, affiliates or relevant third parties”
53
![Page 54: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/54.jpg)
Bank Z“… the Bank does not warrant the security of any
information transmitted by the Customer using the Bank’s Internet Banking Services. Accordingly, the Customer hereby accepts the risk that any information transmitted or received using the Bank’s Internet Banking Services may be accessed by unauthorised third parties and the Customer agrees not to hold the Bank liable for any such unauthorised access or any loss or damage suffered as a result thereof.”
54
![Page 55: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/55.jpg)
The STAR headline 03 May 200955
![Page 56: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/56.jpg)
56
![Page 57: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/57.jpg)
57
![Page 58: PERSONAL DATA PROTECTION ACT 2010 TO COMPLY IS TO KNOW Professor Abu Bakar Munir Faculty of Law, University of Malaya & Associate Professor Siti Hajar.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d135503460f949e7c2b/html5/thumbnails/58.jpg)
58