PROTECTING YOUR PERSONAL DATA

Breaking News : Join us in Thousand Likes Gathering and stand a chance to win an IPAD Air and submit your article and journals to us if you wish to join as journalist! Contact us @ klsetechanalyst@gmail.com for detail information

Over the past decade, with the rapid development of technological advances and in the area of Information and Communication Technology, vast amounts of personal information are being transmitted, collected, stored and used daily. This in turn opens up an opportunity for processing and also mis-processing of personal data resulting in mounting pressure for data protection law to be enacted around the world. Recently, there has been considerable hype in the Asia-Pacific region in relation to privacy regulations. Malaysia has quietly gazetted its Personal Data Protection Act 2010 (PDPA), effective immediately, and given businesses three months to ensure compliance. Even though the Personal Data Protection Act 2010 has come into force, but the public will have to do their part to make it effective. The rising menace of debt collectors is caused by the lackadaisical attitude of Bank Negara, which show that the creditors could reveal private data of a customer to a third party despite Malaysia having enacted the Personal Data Protection Act 2010.

Data has become an integral part of life in today's world, and thanks to the advent of digital technology, collecting, editing, sharing and transferring data have never been easier. Personal data, which includes identity card numbers, addresses and bank account details, is now the most valuable commodity as well as the most dangerous weapon. The enforcement of the personal data protection law is thus not only timely, but also necessary, to protect the safety and privacy of consumers who have been left too long at the scruples of companies and organisations when it comes to their personal data. After all, can you remember the last time your day has not been interrupted by unsolicited phone calls, text or e-mail messages offering a product or service that you must have or event that you cannot miss?

Data users don’t need consent from subjects for the performance of a contract, such as the details you provide a bank when opening an account, as most of them will be used to perform the contract with the consumer. But if the bank uses the personal data for marketing or other ancillary things, they have to specify in the notice to give consumer transparency. Another circumstance in which data users are allowed to bypass the Act’s general principle is if they have an obligation under another law. This means that the PDPA becomes secondary when there is another Act that overrides it. However, the Act entrusts a degree of responsibility on the data user, as seen in its Security Principle and Data Integrity Principle. The former requires a data user to protect the personal data from any loss, misuse, or unauthorised access or disclosure, while the latter states that it is the responsibility of the data user to ensure the personal data they have is accurate, complete and up to date.

it is important for consumers to know their rights as stipulated in the Act: “right to access, right to correct data, right to prevent damage or distress, right to withdraw from data processing, right to prevent direct marketing, and very critically right to bring complaint on data abuses to PDP Commissioners. The right of access to personal data and right to correct their personal data allows data subjects to make a request to check and verify their information. Any personal data deemed inaccurate can be corrected or struck off the record. To exercise both rights, the consumer will need to make a request in writing to the data user, to which the company or organisation will have to comply within 21 days.

Another important data-subject right provided by the Act is the right to withdraw consent. This provision drives in the message that when a consumer gives consent for their personal data to be processed, it is not forever. When consent is withdrawn, the data user will have to stop processing the personal data. Failure to do so is an offence that carries a fine of up to RM100,000 or a maximum one-year jail, or both.

Taking heed of the public's distress over the rampant unsolicited telemarketing messages, the enforcement of the PDPA will give them the right to ask telemarketers to stop their communications (SMS, e-mail, calls, etc), even if prior consent has been obtained. Failure to comply will cost the direct marketing companies a maximum of RM200,000 fine or jail term up to two years, or both.

Consumers should quickly identify people or companies who have been using their personal data without their knowledge, their consent or otherwise in contrary with the original purpose that they consented to initially. But no worries, we will not risk our members’ personal details by disclosing the data to anyone, it is safe to register as our member!