KUALA LUMPUR, July 10, 2024 – The government has today presented a proposed amendment to the Personal Data Protection Act 2010. This amendment underscores the government’s commitment to addressing personal data breaches seriously.
According to Minister of Digital Affairs, Gobind Singh Deo, during the period from October 2023 to March 2024, the number of complaints received showed a 5.1% increase in 2024 compared to 2023.
A total of 322 complaints related to the misuse and violation of personal data were received by the Personal Data Protection Commissioner’s Office (PDP). Of these, 157 complaints were received in the fourth quarter of 2023, while 165 complaints were received in the first quarter of 2024.
“Specifically regarding personal data breaches, there was a more pronounced trend, with a 41% increase in 2024 compared to 2023. In the fourth quarter of 2023, the PDP received 27 notifications of personal data breaches, whereas in the first quarter of 2024, 38 notifications were received.
Based on the 2023 statistics, the PDP received a total of 779 complaints related to the misuse and violation of personal data. As of June 2024, 288 complaints have been received by the PDP. Although there has been a slight decline on average due to continuous enforcement efforts by the PDP, these statistics remain concerning,” stated Gobind.
The proposed amendments reinforce specific aspects within the Act, including ensuring that the appointment of Data Protection Officers is carried out by organizations that handle data. Additionally, provisions related to data protection are to be adhered to:
1. Each organization (Data Controller or Data Processor) must inform the PDP Commissioner about the appointment of their Data Protection Officer.
2. The amendment establishes the responsibility for every data controller to promptly report any incidents of personal data breaches. If such breaches cause significant harm to data subjects, the data controller must act swiftly to make the necessary report. Failure to report incidents, as specified, can result in fines not exceeding RM250,000 or imprisonment for up to 2 years, or both.
3. The amendment introduces the right to data portability, allowing data subjects to request that their personal data be transferred to their chosen data controller. This facilitates necessary data transfers under specific circumstances.
4. In cases of violations of existing laws, the amendment imposes penalties ranging from RM300,000 or imprisonment for up to 2 years, or both, up to RM1,000,000 (One Million Ringgit) or imprisonment for up to 3 years, or both.
Gobind emphasized that these amendments demonstrate the government’s commitment to protecting data, especially in the digital world where data plays a crucial role in emerging technologies like artificial intelligence (AI).
“These amendments aim to ensure that no data is used without the owner’s consent and to prevent data misuse in the use of existing and future digital platforms, aligning with technological advancements.
The government hopes that the proposed amendments to this Act will receive support from all Members of Parliament after being presented in the House for approval during this session,” he stated.
Leave a comment