If you have been reading the news all the time, you would have known that Malaysia has suffered a few major data leaks. The most recent one was the data leak of 22.5 million Malaysians. Now the government wants to amend the Personal Data Protection Act so we can reduce or eliminate the chance of something like this happening again.
In a news report by MalaysiaKini, Putrajaya has considered amending the Personal Data Protection Act 2010 (PDPA or Act 709) to mandate the appointment of a data protection officer for commercial data users.
The change to Act 709 has been sent to the Attorney General’s Chambers, according to a parliamentary response from Communications and Multimedia Minister, Tan Sri Annuar Musa.
He stated that the government is also thinking about enacting a rule that would make data breaches subject to notification.
Users of data must notify the Personal Data Protection Department (JPDP) of any data leaks, he said.
The JPDP is in charge of controlling how people’s personal information is handled during business transactions.
The proposed amendment bill will make it compulsory for all data users to appoint a data protection officer.
It will introduce a data breach notification that makes it compulsory for all data users to report on data leakages to the commissioner of the JPDP within 72 hours.
Communications and Multimedia Minister, Tan Sri Annuar Musa
Fahmi Fadzil, an MP for PKR in Lembah Pantai, questioned Annuar about how 100 million sets of personal data had been compromised since 2017 and what steps the ministry was taking to hold those responsible accountable.
According to Annuar, a person who violates the law could face a maximum fine of RM500,000, up to three years in jail, or both.
Act 709 does not apply to the federal government, state governments, or their agencies; rather, it solely relates to commercial transactions involving personal data.
The National Cyber Security Agency (NACSA), which is under the National Security Council (NSC), is responsible for the data leak implicating government agencies.
According to Annuar, occurrences of data leaks involving illegal activity would be reported to the police and NACSA.
The communications director for PKR, Fahmi, claimed last month that 100 million people’s personal details had been stolen over the previous five years based on known leaks.
He listed eight of these instances, including the well-known “telco leak” in 2017 and the most recent “Pikas leak,” and said that just one case of data theft has been brought in court thus far.
Additionally, he indicated that Malindo Air being charged in 2020 for allegedly breaking the PDPA.
Fahmi filed a notice of motion to table a private member’s bill to alter the PDPA with the Dewan Rakyat on 30 June.
