05.10.2018

Malaysia News: Personal Data Protection Update Breach Notification

PDF

The Malaysian Personal Data Protection Commissioner (“Commissioner”) has recently published a Public Consultation Paper No. 1/2018 entitled “The Implementation of Data Breach Notification”. The Consultation Paper seeks feedback from the data users regarding the personal data breach management and encourages suggestions on any other criteria that may be relevant with the expected implementation of the Data Breach Notification mechanism. The data users were solicited to provide their feedback by end of August 2018.

Personal Data Protection Update Breach Notification

The Malaysian Personal Data Protection Commissioner (“Commissioner”) has recently published a Public Consultation Paper No. 1/2018 entitled “The Implementation of Data Breach Notification”. The Consultation Paper seeks feedback from the data users regarding the personal data breach management and encourages suggestions on any other criteria that may be relevant with the expected implementation of the Data Breach Notification mechanism. The data users were solicited to provide their feedback by end of August 2018.


How does it work?

Currently, there are no general data breach notification requirements in place in Malaysia in application of the Personal Data Protection Act (“PDPA”) 2010. In light of the recent enforcement of the European General Data Protection Regulation (GDPR) in May 2018, the Commissioner intends to fill the gap by implementing a mechanism where data users will be required to notify and inform the relevant authorities and the affected parties when a data breach has occurred within an organization.

 

Who is targeted?

The full details on the intended Data Breach Notification mechanism are not disclosed yet. However, it is expected that by end of 2018 a Data Breach Notification mechanism will be implemented by way of imposing conditions to the certificate of registration issued by the Commissioner to the data users. In other words, the Commissioner proposes that only the class of data users belonging to the 13 industries1 which are required to be registered with the Commissioner should be subject to the Data Breach Notification requirements. The Commissioner remains silent of further extension to data users that are not currently required to be registered.

 

What are the objectives?

By implementing this mechanism on the Data Breach Notification, the Commissioner essentially aims to assist the data users to manage their personal data breaches and encourage them to take proactive actions by informing the relevant authorities when these data breaches occur and enables those authorities to conduct fair and transparent investigations when data breaches have been addressed.

 

What are the proposed elements to be
addressed in Data Breach Notification?

The Consultation Paper lists down a number of information that will be part of the Data Breach Notification such as details in relation of the data breach to be submitted to the Commissioner, containment or control measures taken, number of the affected data subjects, as well as details on the organization’s training and guidance related to data protection.

For guidance and information, please feel free to contact us anytime.

Luther Corporate Services Sdn. Bhd.

 

Your Contact

Caroline Pelaez
Head of French Desk
Luther Corporate Services Sdn. Bhd.
Unit 17-2, Level 17, Wisma UOA II
No. 21, Jalan Pinang
50450 Kuala Lumpur
Malaysia
Phone +60 3 2166 0085
caroline.pelaez@luther-services.com

Coline Grison
Associate (French Desk)
Luther Corporate Services Sdn Bhd
Unit 17-2, Level 17, Wisma UOA II
No. 21, Jalan Pinang
50450 Kuala Lumpur
Malaysia
Phone + 60 3 2166 0085
coline.grison@luther-services.com