Putrajaya has proposed an amendment to the Personal Data Protection Act 2010 (PDPA or Act 709) requiring commercial data users to appoint a data protection officer.
In a parliamentary reply, Communications and Multimedia Minister Annuar Musa said the amendment of Act 709 has been submitted to the Attorney General's Chambers.
He said the ministry is also mulling introducing a rule to require the notification of data breaches.
Data users, he explained, will be obliged to report data leaks to the Personal Data Protection Department (JPDP).
This department oversees the processing of personal data of individuals involved in commercial transactions.
"The proposed amendment bill will make it compulsory for all data users to appoint a data protection officer.
"It will introduce a data breach notification which compels all data users to report on data leakage to the commissioner of the JPDP within 72 hours," he said.
Annuar (above) was responding to PKR's Lembah Pantai MP Fahmi Fadzil who asked how 100 million sets of personal data were leaked since 2017 and what the ministry's measures were to punish those involved in the breach.
He said an individual who violates the act can be penalised with a maximum RM500,000 fine, jail of up to three years, or both.
Act 709 only applies to commercial transactions of personal data and the legislation does not cover the federal government, state governments, and their agencies.
The leak of data involving government agencies comes under the National Cyber Security Agency (Nacsa) which is under the National Security Council (NSC).
Data leak incidents with criminal elements will be referred to Nacsa and the police, said Annuar.
Last month, Fahmi, who is also the PKR communications director, estimated that 100 million individual personal records have been compromised over the past five years based on known leaks.
He cited eight such incidents including the infamous "telco leak" in 2017 and the latest "Pikas leak", and said there was only one data theft case brought to court so far.
He also referred to Malindo Air being charged in 2020 for allegedly violating the PDPA.
On June 30, Fahmi submitted a notice of motion to the Dewan Rakyat to table a private member’s bill to amend the PDPA. - Mkini
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.