KUALA LUMPUR – Aug 16, 2016: Members of the public should get in touch with the Personal Data Protection Commission (PDPC) if they suspect their personal data has been unwillingly and unknowingly passed around.
Personal data, as defined in the Personal Data Protection Act 2010, is information that relates to a data subject who is identifiable from that information.
The data includes names, contact details, identity card and passport numbers. In fact, religious beliefs, political opinions and criminal convictions come under this category.
And any act of collecting, disclosing and selling personal data without consent has become a serious offence since the Act came into force on November 15, 2013.
Section 130 details the punishment of the above-mentioned crimes, stating that upon conviction an offender shall be liable to a fine not exceeding RM500, 000 or jail not exceeding three years or both
According to the commission’s enforcement officer Ismail Hamzah, the Act is to ensure that data users will treat personal data with more care and integrity.
Data user is a person who, according to the Act, either alone or jointly or in common with other persons processes any personal data or has control over or authorises the processing of personal data.
A data subject on the other hand means an individual who is the subject of the personal data.
This Act also ensures that there is no abuse or invasion or personal information that is in their (data users) control, explains Ismail.
“If you find any data users have processed your personal data in violation of the Act’s principles or by denying your rights as a data subject, you can directly lodge a complaint with us.
“You can either visit us at Precinct 4 in Putrajaya or do it via our website,” he said.
Ismail also urged Malaysians to immediately report any form of abuse of their personal data, especially in matters relating to commercial transactions, stressing that such abuse violates the people’s right to safety, welfare and privacy.
But how do data subjects determine that they are being properly engaged by data users who wants to collect their personal data?
According to the commission’s head of risk assessment unit, Siti Dinar Othman, data users need to adhere to the Act’s seven principles when processing personal data for commercial purposes.
The first principle, also known as the general principle, states that data users must obtain the consent from a data subject when processing his/her personal data and the consent must be able to be recorded and maintained.