PERSONAL DATA PROTECTION LAW: Enforcement of act is in line with GTP By Jeong Chun Phuoc, Shah Alam, Selangor

20 January 2014| last updated at 10:43PM

PERSONAL DATA PROTECTION LAW: Enforcement of act is in line with GTP

By Jeong Chun Phuoc, Shah Alam, Selangor

THE enforcement of the Personal Data Protection Act 2010 from mid November last year, is timely and a good indication that Malaysia is serious in achieving its Personal Data Transparency Index. This in line with the Government Transformation Programme (GTP) . 

With three months to comply, industrial players and international stakeholders, especially United States companies in Kuala Lumpur and Singapore, are concerned with the scope and application of the legislation.

Personal Data Protection (PDP) Department director-general Abu Hassan Ismail has a crucial role in ensuring holistic compliance.

Among the most contentious areas of compliance is the general principle of consent, notice and choice; principle, disclosure principle, security principle, retention principle, data integrity principle; and access principle.

They all must be in line with jurisdictions that have comprehensive data protection laws, such as in the European Union, the United Kingdom, Canada, Hong Kong, Australia and New Zealand.

The legal rationale in the EU was expressed by the Organisation for Economic Cooperation and Development (OECD) Council as: "The development of automatic data processing, which enables vast quantities of data to be transmitted within seconds across national frontiers, and across continents, has made it necessary to consider privacy protection in relation to personal data. For this reason, OECD member countries considered it necessary to develop guidelines which would help to harmonise national privacy legislation and, while upholding such human rights, would at the same time prevent interruptions in international flows of data."

Malaysia shares the same view, and Singapore, too, as of this year.

Industrial players and major stakeholders in Malaysia are still not familiar with the inner workings of the Personal Data Protection Act. 

Abu Hassan, as the new "master chef", will have the critical task of preparing a good green menu to ensure holistic compliance for all parties.

Current assessment shows that it will take the government and private sector several more years before full compliance under Phase II of the implementation of the Act will be fully achieved.