Legal News: Laws To Act Against Data Breach

ALTHOUGH the Personal Data Protection Act (PDPA) has yet to be enforced and a commissioner yet to be appointed, Malaysians can still lodge their grouses to the Personal Data Protection Department (JPDP) in Putrajaya.

“If you think an organisation or a person has broken the law and caused a data breach, or if you are not satisfied or happy with their response to your grouse (about the misuse of your personal details), you can file a complaint with the department.

“Even though the PDPA has not been enforced yet, there are other relevant laws that can be used to take action against the offenders and we will forward the complaints to the specific agencies, like the Malaysian Communications and Multimedia Commission (MCMC), to help those who feel that their privacy has been violated,” said its director-general Abu Hassan Ismail.

Personal data is the new currrency of the digital world. That is why people are concerned about privacy, especially when they transact online. - Abu Bakar Munir Personal data is the new currrency of the digital world. That is why people are concerned about privacy, especially when they transact online. – Abu Bakar Munir

These legislations include the Communications and Multimedia Act (CMA) 1998 and the Credit Rating Agency Act 2010.

For example, a person who intentionally infiltrates and gets without permission the personal data of an individual can be jailed up to one year or fined up to RM50,000 or both, if found guilty under the CMA.

However, Abu Hassan advised complainants to seek redress with the companies or individuals in question before considering the courts.

“If you are still not satisfied with the response or the action taken by the particular organisation, you can lodge a complaint directly to the JPDP,” he added.

Created in June 2011, the department that is aimed at facilitating the enforcement of the Act was officially launched in February this year.

To date, the department has received more than 100 complaints related to personal data, out of which only eight are of offences directly related to the PDPA.

To lodge a complaint with the department, all one has to do is to send a letter or email stating their case to the department.

The statement will have to include the name of the organisation or person that you are lodging a complaint against, the reason for your grouse, the actions that have been taken or responses made by the “offender” after you have complained to them, and copies of the correspondence about the issue that you made with the organisation or individual in question.

Abu Hassan declined to comment on the delay of the PDPA’s enforcement. Ministry sources, however, said that enforcement details would be announced as early as next month.

Universiti Malaya cyber law expert Prof. Abu Bakar Munir believes that the JPDP should be converted into a commission to speed up the enforcement of the PDPA.

“It is practical that the department take time to train personnel and prepare the rules and regulations for the enforcement of the Act. The Act does not state in detail things such as registration fees and processes that companies will need to undergo.

“However, it is imperative that the Act is enforced soon as people need to an avenue to seek redress for violations of their personal data and privacy,” he said.

Abu Bakar added that the delay could also impact direct foreign investment and Malaysia’s free trade agreements.

To lodge your personal data complaint, call 03-8911 5000 / 7901 or email

Source: The Star

Published: Sunday, September 30, 2012

Leave a Message

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s