PRIVACY ISSUES IN THE ASIA PACIFIC REGION: THE IMPACT OF THE PERSONAL DATA PROTECTION ACT 2010 ON PRIVACY LAWS IN MALAYSIA 28 TH LAWASIA CONFERENCE Sydney, Australia 9 November 2015 Adlin Abdul Majid
Content Introduction Privacy Laws in Malaysia The Personal Data Protection Act 2010 Conclusion 2
Introduction The development of privacy laws in Malaysia The Personal Data Protection Act 2010: The impact of its enforcement Whether it is sufficient to address invasions of privacy 3
Content Introduction Privacy Laws in Malaysia The Personal Data Protection Act 2010 Conclusion 4
Privacy laws in Malaysia: Statutory recognition Article 5(1) of the Federal Constitution: No person shall be deprived of his life or personal liberty save in accordance with law Penal Code Section 509: Whoever, intending to insult the modesty of any person, utters any word, makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard, or that such gesture or object shall be seen by such person, or intrudes upon the privacy of such person, shall be punished with imprisonment for a term which may extend to five years or with fine or with both Section 234(1): A person who, without lawful authority under this Act or any other written law (a) intercepts, attempts to intercept, or procures any other person to intercept or attempt to intercept, any communications; Communications & Multimedia Act 1998 (b) (b) discloses, or attempts to disclose, to any other person the contents of any communications, knowing or having reason to believe that the information was obtained through the interception of any communications in contravention of this section; or (c) uses, or attempts to use, the contents of any communications, knowing or having reason to believe that the information was obtained through the interception of any communications in contravention of this section, commits an offence 5
Privacy laws in Malaysia: Judicial developments NO Ultra Dimension Sdn Bhd v Kook Wei Kuan (HC) [2004] 5 CLJ 285 Dr Bernadine Fernandez v MPH Magazine (CA) [2010] 7 CLJ 525 Mohamad Izham Mohamed Yatim v Norina Zainol Abidin (HC) [2015] 7 CLJ 805 YES Maslinda Ishak v Mohd Tahir Osman (CA) [2009] 6 CLJ 653 Lee Ewe Poh v Dr. Lim Tiek Man (HC) [2011] 4 CLJ 397 Lee Cher Phow v Pua Yong Yong (HC) [2011] LNS 1528 6
Content Introduction Privacy Laws in Malaysia The Personal Data Protection Act 2010 Conclusion 7
The Personal Data Protection Act 2010 Enforced 15 November 2013 Protects personal data, which is defined as any information in respect of commercial transactions: that relates directly or indirectly to a data subject who is identified or identifiable from that information or from that & other information in the possession of a data user includes any sensitive personal data & expression of opinion about the data subject May be in any form, so long as a data subject can be identified / identifiable (eg. name, NRIC no, phone no, photograph, e-mail address, fingerprint, DNA) 8
The Personal Data Protection Act 2010 Data Subject * General Principle * Notice & Choice Principle Written / Oral *Access Principle Data User * Security Principle * Retention Principle * Integrity Principle * Disclosure Principle Data Processor/ 3 rd Party 9
The Personal Data Protection Act 2010 Data Subject * General Principle * Notice & Choice Principle Data User * Security Principle * Retention Principle * Integrity Principle Written / Oral *Access Principle Data user shall not process a personal data about a data subject UNLESS the data subject has given his CONSENT to the processing of the personal data * Disclosure Principle Data Processor/ 3 rd Party 10
The Personal Data Protection Act 2010 Offence Contravention of the personal data protection principles Failure to register as data user for specified class of data users Data users continue to process personal data after the registration is revoked Processing of sensitive personal data in contravention with s40 Written / Oral Failure to comply with the Commissioner's requirements to cease processing of personal data likely to cause damage or distress Unlawful collection or disclosure of personal data Transfer of personal data overseas Liability RM300,000 or imprisonment of 2 years or both RM500,000 or imprisonment of 3 years or both RM500,000 or imprisonment of 3 years or both RM200,000 or imprisonment of 2 years or both RM200,000 or imprisonment of 2 years or both RM500,000 or imprisonment of 3 years or both RM300,000 or imprisonment of 2 years or both 11
Content Introduction Privacy Laws in Malaysia The Personal Data Protection Act 2010 Conclusion 12
Conclusion Prevent abuse of personal data Prevent direct marketing The policy behind the PDPA Ensure that data is kept securely Ensure that data is accurate 13
Conclusion NO Ultra Dimension Sdn Bhd v Kook Wei Kuan (HC) [2004] 5 CLJ 285 Dr Bernadine Fernandez v MPH Magazine (CA) [2010] 7 CLJ 525 Mohamad Izham Mohamed Yatim v Norina Zainol Abidin (HC) [2015] 7 CLJ 805 YES Maslinda Ishak v Mohd Tahir Osman (CA) [2009] 6 CLJ 653 Lee Ewe Poh v Dr. Lim Tiek Man (HC) [2011] 4 CLJ 397 Lee Cher Phow v Pua Yong Yong (HC) [2011] LNS 1528 14
Thank you aam@lh-ag.com