At long last, we now have a venue to bring up grouses about our personal data being given away without our knowledge – the Personal Data Protection Department, which was officially launched on Thursday.

ISSUES related to Personal Data Protection have been dabbled with for a long time in this part of the world. The Personal Data Protection Act 2010 (PDPA) is one of the cyber legislations aimed at regulating the processing of personal data in commercial transactions.

The Act was passed by Parliament in May 2010 and the Personal Data Protection Department was created a year later. At a cyber seminar in November 2001, I raised the importance of Malaysia creating an Act to protect the personal data of an individual.

Awareness had risen not only because of rapid commercial development involving violations of personal data such as credit status of individuals, but also invasion through the means of communication tools being detected and questioned.

During the seminar, I spoke on the rights and liabilities pertaining to information; protection of information from unlawful use; the right to information; the status of information belonging to individuals and the overall issues pertaining to the future of online trade and commerce using other people’s data.

"Under the law, the Federal and State Governments are exempted from the PDPA application. This is to give space and the right for the Government to use one’s basic personal data to be processed for legal administrative purposes." - DATUK SERI DR RAIS YATIM

When you purchase an item online, your credit card data is online as well. Your banking activities precipitate the storage, retrieval as well as the movement of your credit and debit records.

To some quarters, these are useful if not valuable information. Wrongly used, your very own data could be the meat for a sly move or the subject matter of fraud.

Whichever way you look at it, modern life has involved us in a multi-faceted approach towards preserving our rights in respect of personal data.

Now, 11 years later, we are dealing with personal data again with the opening of the department (on Thursday) and a seminar on its legislation. In this context, our Government’s efforts to recognise individual interests through efforts to protect personal data should be given due recognition.

While the PDPA functions in the commercial environment, abuse of telephony communication networks or other channels through violations of personal data are also closely associated with the Communications and Multimedia Act (CMA) 1998.

For example, a person who intentionally infiltrates and gets without permission any information, including data through telephony or other means of communications under S.234 of the CMA, can be jailed up to one year or fined up to RM50,000 or both, if convicted.

The word “intercepts, attempts to intercept or procures through any other person, any communications” have very broad implications and applications to the extent of involving the personal data of an individual.

On the other hand, the CMA is complementary to the PDPA and the expedient should be used in the best interest of the people in terms of integrity and security of personal data of an individual. The promulgation of the personal data protection legislation was also mentioned in the CMA to “ensure information security, and network strength and reliability”.

Defining personal data

To ordinary citizens, a common question is: What is actually personal data? Under Section 4 of the PDPA, personal data means any information concerning commercial transactions stored or recorded and which can be managed automatically or as a file system.

It does not matter whether the information is being processed, stored automatically or filed by any party. But it will only be an offence if the information data is used in the commercial environment.

The next question is: If certain personal data are not involved in any commercial transaction, does the question of offence or abuse arise? This seems to be the implications and applications of the new law. Hence, the commercial environment should be involved before a criminal offence is recognised under the PDPA.

Generally, personal data has a very wide scope, covering sensitive and personal information such as blood type, health records and descriptions, political and religious beliefs, mental or physical conditions, or any other data needed by the authority from time to time.

Normal personal data also involves details on bank accounts, credit cards, telecommunication links like telephone or any other information stipulated by the minister under the PDPA from time to time.

The lists of personal data under the PDPA could also be expanded by the authority based on the demands of the living environment. However, details or information of one’s credit ratings are put under the Credit Rating Agency Act 2010 and so are not covered by the PDPA. It is clear that while the register or lists of personal data could be added according to the needs and interests of the consumers in the commercial environment in the future, the public need to know their rights under the new law.

It should also be stressed that the PDPA comprises seven key principles that must be adhered to under S.5(1) to protect the integrity of personal data. They are:

> A user is not allowed to process the personal data of another user without permission. The process here simply means data handling through an automated or computerised system or method or any other process;

> The user must comply with the Principle of Notice and Choice in which the information and purpose of the preliminary communication are conveyed to the data subject;

> The Principle of Disclosure spells out the need to disclose the use of personal data;

> The Principle of Security states that when processing personal data of any subject, precautionary measures must be taken so that the data is safe, and not tampered with, abused, missing or given to irrelevant parties;

> The Principle of Storing specifies that any personal data shall not be kept in a processing system longer than needed;

> The Principles of Data Integrity: all personal data must be accurate, complete, non-confusing and up-to-date in line with the purpose of storing and processing; and

> The Principle of Access: a user must be given access to his/her own personal data, which is kept by another user, and to be allowed to update the data.

With these principles in place, users and e-commerce practitioners will be more confident that their personal information are well protected. In the meantime, a practical and reasonable code of practice can be formulated by private effort or on the initiatives of Personal Data Commissioner.

Scope of the Act

Under the law, the Federal and State Governments are exempted from the PDPA application. This is to give the space and the right for the Government to use one’s basic personal data to be processed for legal administrative purposes.

The law will also speed up the development of electronic connection and transactions like e-commerce and e-business. It can be concluded that the existence of the law will, among others, help Malaysia to become a communication and electronic trade centre; an attractive location for investment in multimedia and communications industry; and an international trade partner which is able to offer personal data protection assurance according to international standards.

More than 100 countries have or are in the process of introducing personal data protection legislation as the borderless transaction environment entails a free flow of information through electronic networks worldwide to cater to the needs to comply with international standards.

The activities and scopes of the Personal Data Protection Act, among others, cover the Registration of Personal Data Users; Creation of the Consumer Data Forum; Creation of the Personal Data Practice Code; Appointment, Functions and Powers of Personal Data Protection Commissioner, including Financial Provisions; Creation of the Personal Data Protection Provident Fund; Creation of the Personal Data Protection Advisory Committee; Creation of the Appeal Tribunal; Inspection Procedures, Complaints and Investigation; and Enforcement.

Personal data processed by an individual for the purpose of personal, family or household affairs, including for recreational purposes, are excluded from the provisions of this Act.

The security, integrity and protection of personal data are a fundamental factor to shift the country from a manufacturing-based economy to high-value knowledge economy through the support of ICT infrastructure. The rise of electronic-based transactions has assailed the status of personal data which previously did not have a high commercial value.

This Act, of course, is able to strengthen personal data protection as a social obligation. This is important in order to protect the privacy of an individual, apart from the objective of producing dignified, integral and responsible traders in daily practices hinged on widespread use of e-commerce characteristics.

The importance of decisiveness and efficiency in all matters pertaining to enforcement must be stressed. May the Personal Data Protection Commissioner implement this principle in an effort to produce a resilient society for the benefit of future generations.

> Datuk Seri Dr Rais Yatim, who is Information, Communication and Culture Minister, officially opened the new Personal Data Protection Department in Kuala Lumpur on Thursday.

• AirAsia Q1 earnings slightly higher at RM172.4m
• Malaysia's GDP grows at slower pace of 4.7% in Q1
• April inflation rate up 1.9% on-yr as food, non-food costs rise
• MPHB to demerge gaming, financial services businesses
• Petronas seeks 10-12 partners for RAPID project
• China plans brokerage reforms to create its own Goldman Sachs
• Hock Seng Lee Q1 net profit up nearly 11% to RM19.59m
• Khazanah MD says committed to MAS recapitalisation plan
• MPHB suspended for material announcement
• Petronas Chemical's FY2012 capex at RM2b
• Greece worries continues to dampen market sentiment
• TSH Resources' plantation capex at RM1bil over next 5 yrs
• China to buy over 2,500 commercial planes in 5 years to 2015: Xinhua
• UAC surges after hitting limit-up Tuesday
• Maybank IB gets HK investment banking licence

• Regulators, investors turn up heat over Facebook IPO
• Chelsea Flower Show blooms defy drought and gloom
• US Air jet diverts after passenger claims to have "device"
• Romney begins to stir in fight for US Hispanic votes
• Saudi prince sues Los Angeles to hasten mansion plans
• Survey: More top executives willing to pay bribes
• Scientists turn skin cells into beating heart muscle
• Gupta jury hears competing views of Rajaratnam ties
• Mountain lion wanders into California city center, is killed

• Thomas Cup: Malaysia falls to China
• Bulgarian sprinter Eftimova banned for two years
• Aussies cry foul over 'dawn' starts in hockey
• NBA: James and Wade on fire as Heat crush Pacers
• Tennis: Clijsters to retire again after US Open
• Chong Wei out for three to four weeks after ankle injury
• Malaysia face top seeds China in the quarters
• Yongbo gets away with defiant act again
• Kim Her defends his decision to tinker with doubles pairs
• Daren does okay
• Danish scratch pair perform like veterans to deliver winner
• Shahidatun sets record but fails to surpass personal best
• Champs Sarawak lead standings with six golds on opening day
• Bolt gets bold in Ostrava
• Seven juniors drafted into Beng Hai’s squad for Azlan Shah Cup

• MAS offers no-pay leave
• Roger Tan replies to Loyarburok
• More than 12,500 PTPTN loans converted to scholarships
• Former Deputy Minister offers to be candidate in next GE
• ILO: 75 million youth will be jobless in 2012
• Loan sharks take out anger on family
• New mobile app to book a taxi to be launched soon
• ‘Innovative’ forms of violence
• Malaysia only selects quality FDIs, says Najib
• Datuk sues Datuk for defamation