Upload
solomon-king
View
220
Download
0
Embed Size (px)
DESCRIPTION
3 some (further) issues Codes of practice Only one code will apply to one class of d/users S.25(2): compliance is mandatory S.29: offence - RM100K and/or 1year jail Data access request (DAR): s.30~ D/subject to pay fee D/user with different entities - separate DAR Compliance: within 21days Refusal to comply: s.32
Citation preview
1
Death of Data Peddlers
an afternoon on Personal Data Protection Regime & how it affects you
11th may 2010suaran singh sidhu
2
some issues Automatic opt-in?
Is this consent from d/subject? …..
For ‘sensitive p/d’ Section 40: “…explicit consent..”
Registration: s.13 ~ Act applies to ALL D/users D/Users falling within a class as Gazetted by Ministry,
need to register Offence: RM500K and/or up to 3years imprisonment
3
some (further) issues Codes of practice
Only one code will apply to one class of d/users S.25(2): compliance is mandatory S.29: offence - RM100K and/or 1year jail
Data access request (DAR): s.30~ D/subject to pay fee D/user with different entities - separate DAR Compliance: within 21days Refusal to comply: s.32
4
The Banker Where is the Bank established?
Estd in Msia? - 6mths, Msian Co/etc formed in Msia, or has office/branch/agency/regular practice
If not Malaysian - nominate local rep. Personal data processed? By whom? - by bank, employees or
“engaged by that establishment” Other than transit? - an exception
5
The eCommerce Set-Up The website auto-collects p/data Is information processed? Sending out auto-reply emails/responses: is
this processing? Information captured for processing
payment Payment gateway/portal run by 3P - who’s d/user? Based abroad?
6
The Insurance Co. Contains sensitive p/d If processing done by D/Processor:
Security Principle: s.9(2) - similar guarantees expected from D/Processor
When can the panel doctor reveal your personal data to the insurance company?
Disclosure to lawyers for filing/settling legal actions
7
The Content Providers. Consider communications companies Content providers ‘spammers’ Their ‘connection’ with existing telcos
8
…and some others Hospitals Multinationals Touch n Go operator Scratch n Win & other contests (p/data is
collected) Colleges/universities Companies selling items based on personal
traits/information (e.g. birth date, numerology)
9
am i within the PDP scheme?
Thank you, hope we all learnt something today
A presentation by Suaran Singh Sidhu