Personal Data Protection Bill

The Personal Data Protection Bill 2009 (“PDP”) which aims to protect and regulate the processing of personal data was tabled in the Dewan Rakyat in November 2009. The second and third reading of the PDP is scheduled for next March 2010 during the next sitting of the Dewan Rakyat.

The proposed PDP is only applicable to the private sector i.e. any person who processes, controls and/or authorises the processing of any personal data in respect of commercial transactions. According to the Information, Communication and Culture Minister Datuk Seri Dr Rais Yatim, the PDP would not be applicable to the Government machinery as safeguards were already in place to take care of Government channels.

Source: Personal data protection: 'Govt has own mechanisms', thestar online, 15 July 2009

The objectives underlying the PDP are to:

1. provide adequate security and privacy in handling personal information;
2. create confidence among consumers and users of both networked and non-networked environment;
3. accelerate uptake of electronic transactions; and
4. promote a secure electronic environment in line with the objectives of MSC Malaysia.

Source: Opening and Keynote Address by the Deputy Minister II, Ministry of Information, Communications and Culture during the National Conference on Personal Data Protection Law, 7 October 2007

In the recent years, personal data has become a valuable commodity. There has also been an increase in the misuse and mishandling of personal data i.e. personal information such as ones name, address, telephone number, credit records, marital status etc are easily collected and shared for commercial purposes. These personal data are valuable to entities in profiling customers’, direct marketing and also for purposes of fraudulent transactions. In the event that the PDB becomes law, entities should no longer be able to buy or sell a person’s personal data as the use, collection and storage of any personal data must be in accordance to the law.

The PDP which consist of 11 sections and 146 clauses, amongst others provides for the appointment of a Personal Data Protection Commissioner and the setting up of a Personal Data Protection Advisory Committee to advise the Commissioner on the administration and enforcement of the PDP, as well as matters referred to the Commissioner.  

The second section of the PDP sets out the personal data protection principles, namely the General Principle, the Notice and Choice Principle, the Disclosure Principle, the Security Principle, the Retention Principle, the Data Integrity Principle and the Access Principle. Failure to adhere to these principles the offender may be liable to imprisonment up to two years jail and/or a fine up to RM300,000, if convicted. 

Click here for the complete Personal Data Protection Bill 2009.