Developing and Implementing Data Protection Law: Malaysia and Beyond

Similar documents
Hong Kong s Personal Data (Privacy) Ordinance

Data and Cyber Crisis how to manage a crisis and reduce loss. Melissa Russell Special Counsel February 2016

Technology and data privacy Global perspectives

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics

A Modern European Data Protection Framework

2014 Luxury & Fashion Industry Conference for Multinationals

Law & Policy Meets Data in the Cloud: Data Sovereignty Across Asia. Bernie Trudel Chairman, Asia Cloud Computing Association

Regulating Cyber: the UK s plans for the NIS Directive

Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Global Privacy and Data Protection Risk:

Liechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

Introduction to the Personal Data (Privacy) Ordinance

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

ITU-ACMA Asia Pacific Regulators Roundtable July 2014

Forum. Ningbo, China 25 February

Introduction to the Personal Data (Privacy) Ordinance

A Regulator s Perspective on Accountability and How to Incentivise It

Introduction to the Personal Data (Privacy) Ordinance

University Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

EU data security and privacy trends

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

DATA PROTECTION LAWS OF THE WORLD. Bahrain

The practice likely started out as a safeguard in case a visitor commits a crime or sabotage.

PROJECT BACKGROUND AND RATIONALE

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Building Trust in the Cloud Era - Protect, Respect Personal Data

Data Breach Notification: what EU law means for your information security strategy

Presented by AI Yuxin, Programme Officer, CSAM

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Safeguards on Personal Data Privacy.

= = = = = = Promotion and Public Educaton

ASEAN s Cyber Confidence Building Measures

Data Leak Protection legal framework and managing the challenges of a security breach

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Canada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The Role of the Data Protection Officer

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

Privacy by Design, Security by Design

Cybersecurity & Spam after WSIS: How MAAWG can help

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

Enterprise with Integrity

Countering Spam. ITU-T Study Group 17 Geneva, Switzerland 11 October 2005

THE MADRID PROTOCOL. A single trademark registration supports regional economic integration. A Case Study

Jane Nishida and participants of Group D

KIN GROUP PTY LTD PRIVACY POLICY

China and International Governance of Cybercrime

KISH REMARKS APEC CBPR NOV 1 CYBER CONFERENCE KEIO Page 1 of 5 Revised 11/10/2016

Benefits of Open Cross Border Data Flows

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Package of initiatives on Cybersecurity

Digital Opportunity Index. Michael Minges Telecommunications Management Group, Inc.

Action Plan Developed by. Institute of Certified Public Accountants of Uganda BACKGROUND NOTE ON ACTION PLANS

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

A comprehensive approach on personal data protection in the European Union

The United Nations Convention On the Use of Electronic Communication in International Contracts, 2005 and Electronic Transactions Law in Thailand

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

HEALTH INFORMATION INFRASTRUCTURE PROJECT: PROGRESS REPORT

Mapping of the CVD models in Europe


Singapore: Your Gateway to ASEAN*

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

MEMORANDUM OF COOPERATION BETWEEN THE INDUSTRIAL AND PRODUCT SAFETY POLICY GROUP OF THE MINISTRY OF ECONOMY, TRADE AND INDUSTRY OF JAPAN AND

Promoting Global Cybersecurity

DATA PROTECTION BY DESIGN

INNOVENT LEASING LIMITED. Privacy Notice

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

IDENTITY ASSURANCE PRINCIPLES

UNIFIED CARRIER LICENCE TELECOMMUNICATIONS ORDINANCE (Chapter 106)

Networking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud

FLIPOUT Privacy Charter. We will handle any information we collect about you in accordance with our privacy Policy

mr. sci. Suada Hadžović, dipl.ing.el. Communications Regulatory Agency Bosnia and Herzegovina Ohrid, Republic of Macedonia, May 24 26, 2017.

Workday s Robust Privacy Program

IAEA Perspective: The Framework for the Security of Radioactive Material and Associated Facilities

European Cybersecurity cppp and ECSO. org.eu

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Signed on December 22 nd, 2015 MINISTRY OF INDUSTRY MINISTRY OF ECONOMY, TRADE AND INDUSTRY

Government data matching and the Privacy Act 1988 (Cth)

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Consumer Rights in the Digital Age

GUIDELINES ON THE CONTINUING PROFESSIONAL DEVELOPMENT (CPD) HOURS. Appendix I. Guidelines on the Continuing Professional Development (CPD) Hours

CYBER INTELLIGENCE ASIA Combating Cybercrimes across the region Conference & Exhibition 20 th 22 nd March 2018 Singapore

Capacity building in the IAEA Action Plan on Nuclear Safety

Cyber Crime Prosecution & Defence

International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018

Regional Initiative 5: Telecommunication/ICT policy and Regulation in the Asia-Pacific Region

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

Policy on Privacy and Management of Personal Information

UNODC tackling cybercrime in support of a safe and secure AP-IS

The NIS Directive and Cybersecurity in

The prospects of data breach laws in 18 European countries

Transcription:

Developing and Implementing Data Protection Law: Malaysia and Beyond Professor Abu Bakar Munir Faculty of Law, University of Malaya Malaysia K&K Advocates - Expert Panel Discussion on Data Protection Jakarta, 28 March Some of my Books & Latest Works on ICT & Data Protection Law Cyber Law: Policies and Challenges Butterworths Asia (1999) Privacy and Data Protection Sweet & Maxwell (2002) z Internet Banking: Law and Practice LexisNexis UK (2004) Information & Communication Technology Law Legal & Regulatory Challenges Thomson Reuters (2010)

Cont Protection in Malaysia Sweet & Maxwell (2010) Data Protection Law In Singapore Singapore Academy of Law (2014) Data Protection Law in Asia Sweet & Maxwell (2014) Second Edition (April )

Recent speaking engagements (invitations) Securing the digital economy - Trust, Privacy and Transparency, New Delhi, India, 21-22 February Data Protection Regulation in Asia: A Comparative Analysis, NUS, Singapore, 9 February Invited Guest Lecture, Bangor Law, University of Bangor, United Kingdom, 25 January. Asia - Europe Dialogue on Growing the Digital Economy, Washington, D.C, 6-7 November 2017. International Conference on Law and Governance in Global Context (LGGC), University of Indonesia, Jakarta, 1-2 November 2017. Seminar on Big Data: Dealing with the New Oil in the Digital Economy, University of Atmajaya, Jakarta, 31 October 2017. International Institute of Communications Annual Conference, Brussels, 10-12 October 2017. UN Conference, Asian Perspectives for Privacy as a Global Human Right, University of Hong Kong, 29-30 September 2017. 39th International Conference of Data Protection and Privacy Commissioners ( ICDPPC ), Shang-ri La Hong Kong, 28-29 September 2017 Asian Privacy Scholars Network International Conference, University of Hong Kong, 27 September 2017. International Seminar on Academic Network on Competition Policy, Building Knowledge Hub and Regional Expertise Towards the Harmonisation of Competition Policy in East Asian Region, Bali, 6 September 2017. Research & Consultancy Developed the National Human Rights Action Plan for Malaysia (RM 3.3 million) Legal and Regulatory Aspects of Blockchain Technology (QRC International RM 300,000 ) Cross-Boarder Data Transfer (ABLI Singapore) Data Protection Law in Asia (2 nd Edition, Thomson Reuters Hong Kong) Developing the Data Breach Notification Rules and Guidelines for the Department of Protection, Malaysia.

Data Protection Law: WHY? Human Right Consumer protection To make countries more competitive outsourcing centre, big data hub, smart nation, etc. International business Consumer demand International/ Regional Instruments OECD Guidelines 1980 Council of Europe Convention 1985 APEC Privacy Framework 1995 EU Data Protection Directive 2004 EU General Data Protection Regulation (May )

Hong Kong Some Recent Developments in Asia EU Adequacy Ruling on Japan Expected Singapore joins APEC CBPR March South Korea in the Pipeline for Adequacy Decision Indonesia s New Regulation on Personal Data Protection Strengthening the data protection ecosystem in Singapore through the work of PDPC Malaysia publishes draft "White List" for personal data exports

India's Supreme Court Recognises The Right to Privacy. Principle Petitioner Justice KS Puttaswamy 547 page judgement Asian Laws: A comparative overview Malaysia 2010 Taiwan 2010 Singapore 2012 Philippines Data Privacy Act 2012 Japan Personal Information 2003 Hong Kong (Privacy) Ordinance 1995 Korea Personal Information 2011 Indonesia Draft law Thailand Draft law Data Protection Principles?? Rights of Data Subjects?? Special enforcement entity X?? Exemption to public agency X X X X X??

Malaysia 2010 Taiwan 2010 Singapore 2012 Philippines Data Protection Act 2012 Japan Personal Information 2003 Hong Kong (Privacy) Ordinance 1995 Korea Personal Information 2011 Indonesia Draft law Thailand Draft law Mandatory data breach notification to the Data Subject X X X X (encouraged)?? Mandatory reporting to the Authority X X X X X (encouraged)?? Differentiate personal data & sensitive data X?? Mediation to resolve dispute X X X X X?? Organisation must designate someone to take charge (DPO) X X X X (encouraged)?? Malaysia 2010 Taiwan 2010 Singapore 2012 Philippines Data Protection Act 2012 Japan Personal Information 2003 Hong Kong (Privacy) Ordinance 1995 Korea Personal Information 2011 Indonesia Draft law Thailand Draft Law Registration X X X X X X?? Civil and criminal remedies X?? Data Protection Impact Assessment X X X X X X?? Financial penalty by Regulator X X X X X??

Enforcement in Malaysia and Singapore Malaysia - Subsidiary Legislations Determination of the effective date of enforcement Appointment of commissioner Protection of personal data (data user group) Rules of personal data protection Regulations protection of personal data (user registration data) Rules of personal data protection (fees) Personal data protection standard Rules on compounding of offences

Code of Practice PDP Code of Practice for the Banking and Financial Sector PDP Code of Practice for the Utility Sector (Electricity) PDP Code for the Insurance and Takaful Industry PDP Code for Licensees under the CMA 1998 (Telcos and Multimedia Companies) Complaints received 300 250 200 150 280 100 162 153 50 0 2014 2015 2016

Complaints in 2016 1 1 1 20 11 5 12 19 3 8 7 10 Communication Education Financial ector Direct Marketing Insurance Services Health Real Estate Utility No. SECTOR OFFENCES PENALTY 1 Tourism ( HOTEL ) 1.Section 16(4) Processing personal data without authorisation of the Commissioner 2.Section 5(2) Processing personal data without consent of data subject Fine of RM 10,000.00 @ 8 Months Imprisonment Fine of RM 10,000.00 @ 8 Months Imprisonment 2 Education ( IPTS ) 1.Section 16(4) Processing personal data without authorisation of the Commissioner Fine of RM 10,000-00 or 3 Months Imprisonment 3 Services ( Employment Agency ) 1.Section 16(4) Processing personal data without authorisation of the Commissioner Fine of RM 10,000.00

Singapore Advisory Guidelines Advisory Guidelines on Key Concepts in the (revised on 27 July 2017) Advisory Guidelines on the for Selected Topics (revised on 28 March 2017) Advisory Guidelines on the Do Not Call Provisions (revised on 27 July 2017) Advisory Guidelines on Requiring Consent for Marketing Purposes (published on 8 May 2015) Advisory Guidelines on Enforcement of Data Protection Provisions (published 21 April 2016) Advisory Guidelines on Application of PDPA to Election Activities (published 8 August 2017) Sector Specific Guidelines Advisory Guidelines for the Telecommunication Sector (published on 16 May 2014) Advisory Guidelines for the Real Estate Agency Sector (published on 16 May 2014) Advisory Guidelines for the Education Sector (published on 11 Sep 2014) Advisory Guidelines for the Healthcare Sector (updated on 28 March 2017) Industry led guidelines LIA Code of Practice for Life Insurers on the Singapore Protection Act (published on 1 Apr 2015) LIA Code of Conduct for Tied Agents of Life Insurers on the Singapore Personal Data (published on 1 Apr 2015)

Other Guides Guide to Notification (published on 11 Sep 2014) Guide to Securing in Electronic Medium (updated on 20 January 2017) Guide to Managing Data Breaches (published on 8 May 2015) Guide on Building Websites for SMEs (updated on 20 January 2017) Guide to Disposal of on Physical Medium (updated on 20 January 2017) Guide to Preventing Accidental Disclosure When Processing and Sending (published 20 January 2017) Guide to Data Sharing (revised on 1 February ) Guide to Developing a Data Protection Management Programme (published on 1 November 2017) Guide to Data Protection Impact Assessments (published on 1 November 2017) Guide to Basic Data Anonymisation Techniques (published on 25 January ) Enforcement Complaints Received 3500 3000 2500 2000 1500 1000 3300 3100 2200 500 0 2015 2016 2017

abmunir@um.edu.my Office: +60379676526 Mobile: +60122185242

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback