What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Personal Data Protection Act
Malaysia’s Personal Data Protection Act 2010 went into effect at the end of 2013 and sets the standard for employee data protection in the country. The Act is based on seven principles:
- General Principle – sets the instances when personal data can be processed
- Notice and Choice Principle – gives data subjects the right to be notified when information is being processed about them, along with the right to access and correct their data
- Disclosure Principle – prevents personal data from being disclosed for a new purpose or to a new third party without the consent of the individual
- Security Principle – sets the general requirement that data should be protected
- Retention Principle – sets the expectation that personal data will be deleted once no longer necessary
- Data Integrity Principle – creates the standard that data users should take steps to ensure personal information is accurate and updated
- Access Principle – gives data subjects the right to access their personal data and request correction when it’s inaccurate, unless there is a denial of the request that is allowed under the law.
The current authority responsible for enforcement of data privacy law and regulations in Malaysia is the:
Department of Personal Data Protection