KUALA LUMPUR, Nov 14 -- The Ministry of Communications and Multimedia is currently reviewing the Personal Data Protection Act 2010 to ensure it also applies to those receiving leaked information along with data leakers.
Its Minister Gobind Sing Deo said the review, which is being undertaken by Personal Data Protection Department (JPDP), would also ensure actions against cross-border hackers activities via cooperation with ASEAN countries.
He also said the review of the Act and related acts, was aimed at improving and strengthening measures to address the leakage of personal data in the country, in line with international best practices and current developments, as well as to keep abreast with digital technology and e-commerce developments.
"The review of this Act will ensure any data leakage will be contained and that we will be able to quickly restore it and prevent it from happening again,” he said during a question and answer session at the Dewan Rakyat today.
He said that in a reply to a question from Datuk Seri Ronald Kiandee (PH-Beluran) who wanted the ministry to outline steps taken in dealing with data breach and the effectiveness of the Personal Data Protection Act 2010.
Gobind also said that he was in the midst of getting inputs from various parties regarding the review.
Meanwhile, he said since 2017 to Oct 31 this year, five individuals had been charged and fined a total of RM54,000 for breach of confidential personal data while another seven were slapped with compounds amounting to RM80,000.
Gobind said the Act, which took effect on Nov 15, 2013 required the registration of data users belonging to 13 categories of data users.
Apart from that, JPDP also established Personal Data Protection Standard which provided minimum requirements that must be adhered by users, he said.
Meanwhile, Gobind said the government had enforced National Security Council's Directive Number 24 which requires all government agencies and organisations that had been identified as Critical National Information Infrastructure, including the telecommunications companies, to comply with Standard ISO 27001: Information Security Management System.
The directive which emphasized on ‘Confidentiality, Integrity and Availability (CIA) was to ensure all national’s critical agencies and organisations in the country attained the highest level of security in protecting data from being compromised, he said.
In addition, said Gobind, the Consumer Code of Practice for the Malaysian Communications and Multimedia industry also emphasized on data security so that service providers could take stringent steps to ensure the protection of personal data of consumers.