1 / 38

PERSONAL DATA PROTECTION BILL

PRESENTATION OF PERSONAL DATA PROTECTION BILL to Participants of the Asian Personal Data Privacy Forum 27 March 2001 Hong Kong. PERSONAL DATA PROTECTION BILL. I Introduction II Rationale of proposed legislation III Objectives and principles of proposed legislation

bhoward
Télécharger la présentation

PERSONAL DATA PROTECTION BILL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PRESENTATIONOF PERSONAL DATA PROTECTION BILL toParticipants of the Asian Personal Data Privacy Forum27 March 2001Hong Kong MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  2. PERSONAL DATA PROTECTION BILL I Introduction II Rationale of proposed legislation III Objectives and principles of proposed legislation IV Major Provisions V Issues MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  3. I - INTRODUCTION • Malaysia is in the process of formulating PDP bill which • is one of the cyberlaws identified under MSC • would assist in transforming Malaysia into a communications and multimedia hub • would promote e-commerce by creating an environment of trust and confidence through personal data protection MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  4. I - CURRENT STATUS • DRAF BILL HAS BEEN FORMULATED • PRESENTED TO THE PUBLIC AND NGO’S FOR FEEDBACKS • COMPILING THE FEEDBACKS AND TO PRESENT IT TO THE GOVERNMENT FOR CONSIDERATION MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  5. II - RATIONALE OF PROPOSED LEGISLATION The personal data protection law is envisaged to be a world class leading edge cyberlaw that provides for higher level of personal data protection • To provide a secure electronic environment in line with MSC objectives • To create confidence among consumers and users of both network and non-network industries • To accelerate uptake of e-based transactions MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  6. III - OBJECTIVES AND PRINCIPLES OF PROPOSED LEGISLATION MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  7. OBJECTIVES OF LEGISLATION TO PROMOTE MALAYSIA AS (a) Communications and e-commerce hub where the national adoption of e-based transactions is high (b) A premier investment centre for the communications & multimedia industry. …. CONT. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  8. Cont…... (c) A premier test-bed for applications of information and communication technologies. (d) A preferred trading partner that provides international standards of personal data protection. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  9. PURPOSE OF THE ACT a) To regulate the collection, holding, processing and use of personal data by any person/organization so as to provide protection to an individual’s personal data and safeguard the privacy of an individual b) To establish a set of common rules and guidelines on handling and treatment of personal data by any person /organization MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  10. WHAT IS PROTECTED? PERSONAL DATA OF A LIVING INDIVIDUAL MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  11. WHO IS TO BE REGULATED? DATA USER • ‘DATA USER’ MEANS - a) Any person/organization who collects, holds, processes or uses (automated or otherwise) any personal data of a data subject; b) Includes Government, Business Sector,NGOs and individuals MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  12. DATA PROTECTION PRINCIPLES 1. Manner of Collection of Personal Data 2. Purpose of Collection of Personal Data 3. Use of Personal Data 4. Disclosure of Personal Data MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  13. DATA PROTECTION PRINCIPLES 5. Accuracy of Personal Data 6. Duration of Retention of Personal Data 7. Access to and Correction of Personal Data MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  14. DATA PROTECTION PRINCIPLES 8. Security of Personal Data 9. Information to be Generally Available to Public MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  15. DATA PROTECTION PRINCIPLESPRINCIPLE 1 - MANNER OF COLLECTION OF PERSONAL DATA THE PERSONAL DATA SHALL BE COLLECTED FAIRLY AND LAWFULLY MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  16. PRINCIPLE 2 - PURPOSE OF COLLECTION OF PERSONAL DATA (1)PERSONAL DATA SHALL BE HELD ONLY FOR ONE OR MORE SPECIFIED AND LAWFUL PURPOSES. (2) PERSONAL DATA SHALL NOT BE COLLECTED UNLESS - (a) The personal data are collected for a lawful purpose directly related to a function or activity of the data user who is to use the personal data; MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  17. PRINCIPLE 2 - PURPOSE OF COLLECTION OF PERSONAL DATA (b) The collection of the data is necessary for or directly related to that purpose; and (c) The personal data are adequate, relevant but not excessive in relation to that purpose. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  18. PRINCIPLE 3 - USE OF PERSONAL DATA PERSONAL DATA HELD FOR ANY PURPOSE SHALL NOT BE USED FOR OTHER THAN - The purposes for which the personal data were to be used at the time of the collection of the data MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  19. PRINCIPLE 4 - DISCLOSURE OF PERSONAL DATA PERSONAL DATA SHALL NOT BE DISCLOSED UNLESS - The disclosure of the personal data is done for the purposes in connection with which the personal data was obtained or is directly related to the purposes in connection with which the personal data was obtained MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  20. PRINCIPLE 5 - ACCURACY OF PERSONAL DATA Personal data shall be accurate, complete, relevant, not misleading and up-to-date, having regard to the purpose (including any directly related purpose) for such the personal data are or to be used. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  21. PRINCIPLE 6 - DURATION OF RETENTION OFPERSONAL DATA Personal data held for any purpose shall not be kept for longer than is necessary for that purpose. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  22. PRINCIPLE 7 - ACCESS TO AND CORRECTIONOF PERSONAL DATA AN INDIVIDUAL SHALL BE ENTITLED: (a) To be informed by any data user whether he holds personal data of which that individual is the subject; (b) To have access to any such personal data; and WHERE APPROPRIATE, TO HAVE THE DATA CORRECTED. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  23. PRINCIPLE 8 - SECURITY OF PERSONAL DATA Appropriate security measures shall be taken against unauthorized or accidental access, processing or erasure to, alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  24. PRINCIPLE 9 - INFORMATION TO BE GENERALLY AVAILABLE TO PUBLIC ALL PRACTICABLE STEPS SHALL BE TAKEN TO ENSURE THAT A PERSON CAN - (a) ascertain a data user’s policies and practices in relation to personal data; (b) be informed of the kind of personal data held by a data user; and (c) be informed of the main purposes for which personal data held by a data user are or are to be used. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  25. IV. MAJOR PROVISIONS OF THE ACT 1) Powers and functions of Commissioner 2) Personal Data Protection Tribunal 4) Codes of Practice 5) Matching Procedure MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  26. 2. POWERS AND FUNCTIONS OF THE COMMISSIONER a) monitoring and supervising the compliance of the Act; b) promote awareness and understanding and compliance of the Act; c) promote the observance and compliance of the data protection principles; d) arrange the dissemination of information and giving opinion to the general public as to the operation of the Act; MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA Cont…

  27. Con’t.. e) hear complaints on the non-compliance of the act; f) encourage associations, etc. to prepare and comply with the code of practice; g) issue and approve code of practice; h) undertake research into implications of new technology to privacy; I) determine the classes of industry that must register with commissioner. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  28. 2 (a) - ENFORCEMENT POWERS OF COMMISSIONER a) Power to Investigate b) Power to Seize and Search c) Power to Compound d) Power to Conduct Prosecution MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  29. 3. TRIBUNAL ESTABLISHMENT OF A DATA PROTECTION TRIBUNAL • to hear appeals from any person aggrieved by the decision of the Commissioner MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  30. 4. CODES OF PRACTICE • While act defines general requirements, detailed operational requirements for different industries to be drawn up by industry/commissioner. MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  31. 5. MATCHING PROCEDURE NO MATCHING OF PERSONAL DATA IS ALLOWED UNLESS - a) Consent given by the - • Data subject; • Commissioner. b) The personal data belongs to a class of matching procedure specified in a notice issued by the commissioner • APPLICATION NEEDED MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA Con’t…

  32. V - ISSUES MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  33. ISSUE NO. 1 Should this legislation apply to the Government (CLAUSE 3) MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  34. ISSUE NO.2 Status of the Personal Data Protection Law I.E. WHETHER IT WILL SUPERCEDE OTHER LAWS MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  35. ISSUE NO 3 INDEPENDENCE OF REGULATORY AGENCY MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  36. ISSUE NO 4: EXEMPTIONS HOW MUCH EXEMPTIONS TO PROVIDE - Generally - Specific purposes MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  37. ISSUE NO 5: ALTERNATIVES TO PDP - Self-regulation & Sector Specific Regulation - “Habeas Data” MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

  38. THANK YOU MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA

More Related