The Minister Gobind Singh in a reply to a query by a Member of Parliament in the Dewan Rakyat on 15th November 2019, said the Communications and Multimedia Ministry is currently reviewing the Personal Data Protection Act 2010 (PDPA) to include the following:-
Penalties against organisations whose systems are breached and customer data leaked;
Imposing penalties against those who obtain or come into possession of leaked data in an unlawful manner; and
Action against those who misuse leaked data
Under the existing PDPA, there are already provisions for item 2 and 3. Enforcement, however, left much to be desired based on the leaks/breaches that allegedly happened in some organisations in Malaysia.
We laud and is happy that item 1, something which we advocated very strongly for to be implemented in Malaysia is under serious consideration and we hope the Minister keeps to his words in introducing this clause in the revised PDPA. This clause is actually nothing extraordinary or new as it was introduced in the EU last year with the introduction of the GDPR.
Concurrent with this introduction, it is imperative that the Minister should also consider and revamp the office of the PDPA to ensure that it has the necessary resources and 'teeth' to carry out implementation and enforcement of the expanded PDPA.