Oops! We could not locate your form.Click to close
The Personal Data Protection Act 2010 intends to protect personal data and stop it from being distributed.
Adjust Font Size:
THE Personal Data Protection Act 2010 is necessary because personal data is often the cause of constant unwelcome calls from companies, and can be used by malicious people to break into networks.
Personal Data Protection Department Deputy Director-General Dr Zainal Abidin Sait said personal data used in commercial transactions had value while personal data available online may not.
“My name on Facebook would not be useful for marketing. I don’t give my real information in Facebook, but in commercial transactions, I give my real name, my real data.”
He said there were penalties for those who did not adhere to the law, but that was not the reason the law was gazetted.
“The intention of this law is not to issue summonses to people. The intention of the law is to ensure the personal data of all Malaysians, which is collected from all over the place by these agencies, is managed properly and systematically.”
Zainal Abidin also said the PDPA would not hamper doctors and banks.
This is because for doctors, processing without consent can still be carried out with conditions, while banking transactions made via contracts do not fall under the law.
Solicitor Foong Cheng Leong said laws similar to the Personal Data Protection Act (PDPA) 2010 had been implemented around the world.
“But in Southeast Asia, we are the first to come up this law. Singapore has a similar law. It came after ours, but came into force earlier than us.”
Foong is a lawyer focusing on Intellectual Property, Information Technology, Internet, Social Media and Cyber laws, Franchise, Privacy and Data Protection laws.
In the past, people had been selling personal data without repercussions, but that will all change now.
“The new law is to protect personal data and stop it from being distributed. Now under the law, it is subject to consent. If individuals want to receive all these things, then they (the companies) can send. Otherwise they can’t,” Foong said.
Websense Inc Asia Pacific Sales Engineering Director William Tam pointed out that personal information was highly valuable, not just to sell insurance or credit cards.
“When we look at what happened at many large retailers over the years, such as TJ Maxx and Target, personal data was pure gold to people with a malicious intent.”
He said cybercriminals were not just after credit card details as even simple personal contact details could be used in social engineering to create a very powerful lure that could be the way into a company’s network and lead to a highly targeted attack.
“Once individuals understand their rights under the PDPA, they can be the key driving force in encouraging businesses to comply with the same standard.”