KUALA LUMPUR, 9 FEBRUARY, 2012: The Personal Data Protection Act 2010 or Act 709, which will be enforced in June, comprises seven principles that must be abided by to safeguard the integrity of personal data, said Information Communications and Culture Minister Datuk Seri Dr Rais Yatim.

He said a new department and the 19th agency under the ministry, the Personal Data Protection Department, was set up to regulate personal data processing by users in commercial transactions to avoid them from being misused.

"Personal data include details of bank accounts, identity cards, blood types and medical history, apart from credit accounts or any other communication details regarded as personal data.

"It is an offence for another party to keep personal data of others without permission or not in accordance with the seven principles.

"A person faces a fine not exceeding RM30,000 and/or imprisonment for a term not exceeding one year, if convicted," he told reporters after opening the department and the Personal Data Protection Awareness Seminar 2012 here today.

Rais outlined the seven data protection principles that would form the basis of the Act, which was gazetted in June 2010. They are:


•    The General Principle: Personal data can only be processed once the data subject has given his consent;

•    The Notice and Choice Principle: Data users must inform a data subject the purpose of the personal data being collected and processed;

•    The Disclosure Principle: Subject to consent of the data subject, personal data shall not be disclosed for any other purpose other than for which it was disclosed;

•    The Security Principle: A data user must take practical steps to protect the personal data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction, or being given to unauthorized parties;

•    The Retention Principle: The personal data processed shall not be kept longer than necessary for the fulfillment of the purpose;

•    The Data Integrity Principle: The data user must take all reasonable steps to ensure that the personal data is accurate, complete, not misleading and kept up-to-date, having regard to the purpose for which the personal data was collected and processed; and

•    The Access Principle: A data subject must be provided access to his personal data held by the data user and be able to correct his personal data.


Rais said the seven principles would provide protection to the individual's personal data, thereby safeguarding the interests of consumers, and e-commerce, network and non-network facility practitioners.

However, he said the federal and state governments were given a leeway and right to process personal data for lawful administrative purposes.

He said the Act would complement the Communications and Multimedia Act 1998 which was aimed at protecting the integrity and security of personal data.

Rais said the Act did not include a person's credit rating related to insolvency or bankruptcy for it was covered by another act.

In his speech, Rais said the legislation would help Malaysia become centers for communication and electronic trading, and industrial and multimedia investment as well as attract international trading partners for data protection was safeguarded in accordance with international standards.

He said more than 100 countries had introduced personal data protection legislations.


- Bernama