Personal Data Protection Act 2010 (PDPA) Case Study in Malaysia. Background Information, A Case study related to the Personal Data Protection Act. Also, Suggestions to improve the Personal Data Protection Act 2010 (PDPA). Example of Personal Data Protection policy of an organization.
Personal Data Protection Act
The personal data protection act refers to the written regulation of the government to protect consumer’s sensitive documents. PDPA is the acronym for the personal data protection act. The personal data protection act is a written policy created and regulated by the government to protect the personal information of consumers such as users’ names, users’ IDs, and phone numbers.
Personal Data Protection Act 2010 in Malaysia
The Malaysian Parliament passed the Personal Data Protection Act 2010 (PDPA) of Act 709 in May 2010 (Personal Data Protection Act, n.d.). After passing the bill related to the personal data protection act 2010 by the Malaysian parliament, it had been sent to the king for getting royal assent. On 2 June 2010, it was received royal assent. The Malaysian government started to implement the Personal Data Protection Act 2010 on 15 November 2013 by way of notification in the government gazette. The prime objective of this act is to protect personal information from the perspective of commercial transactions.
The most general principle of this act to prohibit people to use other’s personal data without consent. “Personal Data Protection Department (PDPD) is an agency under the Ministry of Communications and Multimedia Commission (MCMC)”. The prime duty of the PAPD department is to supervise the handling of personal data of individuals related to commercial transactions. PAPD wants to ensure that no one misuses and misapplies the other party’s data without taking concern. The maximum penalty is between RM100k to 500k and/or between 1 to 3 years imprisonment for non-compliance (Shahwahid & Miskam, 2014). There is no amendment or modification that has been noticed in the Personal Data Protection Act 2010.
The PDPA 2010 act was a need to actualized to enable the confidence of the consumer in electronic commerce and business transactions. Before passing this act, the credit card fraud cases increased in Malaysia. The theft was selling personal data without customer consent. After passing the PDPA 2010, the amount of fraud cases related to bank cards has been reduced. Now people can trust the company to provide their personal information without hesitation. Therefore, companies and clients’ parties get benefits from the PDPA 2010 act.
Personal Data Protection Act 2010 Case Study
Due to the popularity of social media platforms, cybersecurity became a major concern that would cause a personal data breach. As one of the cases from Facebook, in December 2019, the personal data of 267 million Facebook users were exposed to an online database. These personal data consist of users’ names, users’ IDs, and phone numbers, which could be accessed by anyone through the database.
Although Facebook contacted the internet service provider to remove these data from the servers after discovering the data leak, however, the database was exposed online for two weeks which these data were also posted on a hacker forum already. Regarding the possible reason for this data breach, the security researcher of Facebook claimed that the data is most likely the result of exploiting Facebook’s Application Program Interface (API) by hackers. Thus, it is essential to enforce a personal data protection act in vulnerable cyberspace.
In addition, relating this act specifically in the Malaysian context, on 3 May 2017, Khas Cergas Sdn Bhd, the company that owns Vitoria International College was charged in the Sessions Court for processing personal data of the former employee without a valid certificate of registration issued by the Personal Data Protection Department (PDPD). Specifically, this case breached section 16 (1) of the PDPA in which requires the data users to register the applicant and issue a certificate of registration by the PDPD. The offense was allegedly committed by the company at its premises on June 6, 2016. After the Sessions Court judge, the charge which under section 16 (4) of the PDPA claimed on conviction, the company would be liable to a maximum fine of RM 500,000 or imprisonment up to three years, or both (Attorney General’s Chambers of Malaysia, 2016).
Why PADA is Relevant to the New Media?
With the rapid development and progress of science and technology, the medium of information dissemination is constantly changing. The release of the Personal Data Protection Act (PDPA) in Malaysia had an impact on the new media environment. Next, the author will talk about my reasons for the PDPA is relevant now with the new media environment.
Firstly, the Personal Data Protection Act (PDPA) gives people more control over their personal data. More and more people can easily get online due to the rapid development of the network. There are varieties of social media, for example, Facebook, Twitter, WhatsApp, etc, in which people steal other information to misuse. Unfortunately, a lot of criminals catch the opportunity to steal other people’s personal information. There is no doubt that the stealing of personal information is a terrible thing. If everyone knew the benefits of the Personal Data Protection Act, people can use it to control their personal data. Thus, the Personal Data Protection Act is relevant now with the new media environment.
Secondly, the Personal Data Protection Act (PDPA) deals with personal data related to commercial transactions. Since the human appeared, business activities had not stopped. The release of the Personal Data Protection Act (PDPA) in Malaysia has significantly reinforced the protection of personal data in relation to commercial transactions. It imposed strict restrictions on some people who collect, record, and process personal data. There is no denying that this action protects the unauthorized use of personal information. Thus, the Personal Data Protection Act is relevant now with the new media environment.
Last but not least, the Personal Data Protection Act (PDPA) lets a person reduce unwanted telemarketing messages received. Have you been harassed by an advertising call? Due to the popularity of mobile phones and some mobile devices, more and more people’s personal information does not feel leaked. People want a safe network environment where all information keep safe. Therefore, the Personal Data Protection Act(PDPA) is relevant now with the new media environment.
Suggestions to Improve the PDPA 2010
Although the establishment of PDPA has provided great help for the protection of personal information at the commercial level, after a long period of practice, some problems have still been exposed.
Firstly, we must reduce the impact on the personal data life cycle management process. Collection, use, storage, and destruction should be minimized in every aspect.
Secondly, comprehensively consider the operating methods of different companies and find the best and generally applicable specific terms to minimize the changes in business processes made by the company to adapt to the terms.
Third, the establishment of a central database to achieve unified management of global information can not only facilitate the integration of information but also simplify the process of cross-border personal data transmission. For example, during the MCO, everyone uses ZOOM to conduct virtual courses. After we install ZOOM, usually there will be a pop-up window at the bottom of the screen “Allow ZOOM to obtain your location permission”. Usually, no one cares about this problem, but in fact, your geographic location has been exposed. The next step is to bind the account.
Usually, everyone binds their Google account by default, so that ZOOM directly obtains our email address. We recall further, what personal information did you provide when you first registered your Google account? Name, date of birth, nationality, region, these four items are the most basic personal privacy. Since we provide ZOOM with our Google mailbox, the personal information that we leaked when registering Google mailbox does not rule out that ZOOM’s company has learned all of them. Imagine that the ID card and passport that you usually hide in the innermost layer of the wallet or in the innermost drawer have been completely wiped out by strangers.
What should we do in this situation? We can only rely on legal protection. According to PDPA, “from a business perspective, the organization cannot use other people’s information without his or her permission. When we registered with Google, it was equivalent to allowing Google to obtain and use our personal information. However, for ZOOM, we only allow it to bind our Google account (Google mailbox), which does not mean that we also agree to it to obtain our name, age, nationality, and region. This problem is exactly what needs to be resolved urgently.
With the rapid development and wide application of information technology, human beings have gradually entered the era of new media. The protection of personal data is also particularly important. In the media field, while the continuous changes in media technology have had a profound impact on the media, the privacy of personal data has been greatly challenged.
The Survey Report on the Protection of the Rights and Interests of Chinese Netizens (2015) shows that in the past year, netizens have lost approximately RMB 80.5 billion, or RMB 124 per capita, due to personal information leakage, spam, and fraudulent information. (The State Council Information Office of the People Republic of China. 2015). Personal data protection plays an important role in the media field. Personal data security even affects the security of collective interest, and the protection of corresponding laws and regulations is very important.
Personal Data Protection Policy Example
The sample of the Personal Data Protection Policy conveys a better understanding regarding the Personal Data Protection policy. This is a Personal Data Protection policy of a private university in Malaysia, Putra Business School.
Attorney General’s Chambers of Malaysia. (2016). Personal Data Protection Act 2010. http://www.agc.gov.my/agcportal/uploads/files/Publications/LOM/EN/Act%20709%2014%206%202016.pdf
Personal Data Protection Act (n.d.). Retrieved from https://www.malaysia.gov.my/portal/content/654