Proposal to have privacy officer to implement data protection law


KUALA LUMPUR: New Zealand’s Assistant Privacy Commissioner Katrine Evans has suggested that Malaysia have privacy officers to implement the data protection law.

She said a privacy officer is the person in an agency who can understand its business and, at the same time, help the agency get it right in handling personal information.

“I don’t know whether Malaysia has the requirement for every agency to have a privacy officer but, if it doesn’t, you should have one,” she said when delivering her talk on ‘First Steps for a Data Protection Commissioner: Some Suggestions from New Zealand’ at the inaugural seminar on personal data protection, here.

The seminar, which was held on Thursday, was opened by Information, Communications and Culture Minister Datuk Seri Dr Rais Yatim who announced the setting up of the Personal Data Protection Department under the ministry.

Evans said New Zealand has had its data protection laws for almost 20 years in its Privacy Act 1993.

Deputy Coordinator of the Privacy Commissioner’s Office of Macau, Ken Chongwei Yang, said there have been increased investigations regarding personal data protection in the five years since 2007.

He said there were 22 cases in 2007, 35 in 2008, 47 in 2009, 63 in 2010 and 86 last year.

Macau’s data protection law, passed in August 2005 and entered into force in February 2006, covers both the public and private sectors, he said.

“It also covers automatic data processing as well as systematic manual processing,” he said in his talk on ‘Effective Approach in Implementation of Data Protection Law: Macau’s Experience’.

Yang said many resources were used to educate people and a lot of promotional work was done for different targets, especially youths, to make them understand the role of the law.

“Youths are a group which use information technology a lot and we also hold briefing sessions, seminars, training courses and conferences to make people understand the personal data protection act,” he said.

Founder and chief executive officer of Abdul Raman Saad & Associates, Datuk Dr Abdul Raman Saad, in his working paper on ‘Offences under the Personal Data Protection Act’, said the penalty of a fine of RM500,000 or a jail term of up to three years or both is severe.

He said it was proper for a severe sentence to be imposed because personal data is vital individual information and people cannot afford to neglect it in the current cyber era.

The Personal Data Protection Act was gazetted in June 2010, aimed at protecting people’s personal data such as bank account details, credit card information, medical history, blood type and communication details to avoid misuse. — Bernama