KUALA LUMPUR (Aug 4): Amendments to the Personal Data Protection Act 2010 (PDPA) are expected to be tabled in the next session of Parliament in October this year, with the proposed amendments expected to create a stronger and more dynamic personal data protection policy.
This follows a series of personal data breaches in the country this year which had stirred concerns among the public.
Communications and Multimedia Minister Tan Sri Annuar Musa said the ministry through the Personal Data Protection Department (JPDP) is committed to the matter given its responsibility for regulating the processing of personal data in commercial transactions based on the jurisdiction stipulated under the PDPA.
Speaking in the Dewan Rakyat on Thursday, the Ketereh Member of Parliament (MP) noted the proposed amendments to the Act had already been extended by the ministry to the Attorney General's Chambers on June 28 for further action.
Annuar was responding to a question by Setiu MP Shaharizukirnain Abd Kadir, who asked about the ministry's plan to amend several clauses in the PDPA in fighting cybercrimes that had caused nearly 100 million cases of personal data breach.
The suggested amendments made include requiring all data users to appoint a data protection officer, and introducing data breach notification which obligates all data users to report data leaks to the JPDP Commissioner within 72 hours.
Besides obligating data processors to comply with security principles under the Act, another amendment is to allow the transfer of personal data (data portability) between data users at the request of the data, if the technical system allows it.
This is in addition to the repeal of the Determination of Cross-Border Place List which will replace the place list (whitelist) with a blacklist for the transfer of personal data across borders.
“Based on the records by JPDP, in fact, almost 120 million personal data have been leaked.
“Despite this, it needs to be clarified that what is subject to the jurisdiction of the ministry under the PDPA is only for the purpose of commercial transactions while data in departments and ministries are not subject to this Act,” Annuar said.
Annuar was responding to a supplementary question by Shaharizukirnain, who asked about the action taken against perpetrators of data breaches and what the efforts taken by the ministry to curb the issue of data breaches were.
For more Parliament stories, click here.