Consumers can expect less cold calls or spam SMSes with the implementation of the much-awaited Personal Data Protection Act 2010 (Act 709) on Nov 15.
The Act requires data users to register with the regulatory body, in this case, the Personal Data Protection Department, by Feb 15, 2014.
The 11 sectors affected by the Act are communication service providers, banking and financial institutions, insurance, health, tourism and hospitality, transportation, education, direct selling, services, real estate and utilities. The Government is exempted from the Act.
Communication and Multimedia Minister Datuk Seri Ahmad Shabery Cheek said those failing to register within the stipulated period and continuing to reveal personal data could face a fine of up to RM500,000 or three years’ jail, or both.
“We have identified about 25,000 institutions as data users. We urge them to register immediately,” he said at a press conference here yesterday.
The annual fee is RM100 for sole proprietors, RM200 for partnership businesses, RM300 for private companies and RM400 for public companies.
Ahmad Shabery said the law stipulated that consent for personal data processing should be explicitly obtained, rather than implied or assumed.
“The law provides that there will be no transfer of data outside Malaysia, unless you get consent, or the country or jurisdiction where you want to transfer data to is included in the list by the Personal Data Protection Commissioner,” said Shabery.
The minister also announced the appointment of Abu Hassan Ismail as the Personal Data Protection Commissioner, besides being the department director-general.
At Putrajaya, Attorney-General Tan Sri Abdul Gani Patail said that the Personal Data Protection Department was formed primarily to regulate the processing of personal data of individuals involved in commercial transactions so that the data would not be misused.
This, said Abdul Gani, would protect personal data from being abused, especially in commercial transactions like Internet banking.
“A data user or processor would be criminally liable if the personal data is not handled in the manner as denoted in the legislation,” said Abdul Gani at the National Law Conference 2013 here yesterday.
