90 likes | 162 Views
Death of Data Peddlers. an afternoon on Personal Data Protection Regime & how it affects you 11th may 2010 suaran singh sidhu. some issues. Automatic opt-in? Is this consent from d/subject? ….. For ‘ sensitive p/d ’ Section 40: “ …explicit consent.. ” Registration: s.13 ~
E N D
Death of Data Peddlers an afternoon on Personal Data Protection Regime & how it affects you 11th may 2010 suaran singh sidhu
some issues • Automatic opt-in? • Is this consent from d/subject? • ….. • For ‘sensitive p/d’ • Section 40: “…explicit consent..” • Registration: s.13 ~ • Act applies to ALL D/users • D/Users falling within a class as Gazetted by Ministry, need to register • Offence: RM500K and/or up to 3years imprisonment
some (further) issues • Codes of practice • Only one code will apply to one class of d/users • S.25(2): compliance is mandatory • S.29: offence - RM100K and/or 1year jail • Data access request (DAR): s.30~ • D/subject to pay fee • D/user with different entities - separate DAR • Compliance: within 21days • Refusal to comply: s.32
The Banker • Where is the Bank established? • Estd in Msia? - 6mths, Msian Co/etc formed in Msia, or has office/branch/agency/regular practice • If not Malaysian - nominate local rep. • Personal data processed? • By whom? - by bank, employees or “engaged by that establishment” • Other than transit? - an exception
The eCommerce Set-Up • The website auto-collects p/data • Is information processed? • Sending out auto-reply emails/responses: is this processing? • Information captured for processing payment • Payment gateway/portal run by 3P - who’s d/user? • Based abroad?
The Insurance Co. • Contains sensitive p/d • If processing done by D/Processor: • Security Principle: s.9(2) - similar guarantees expected from D/Processor • When can the panel doctor reveal your personal data to the insurance company? • Disclosure to lawyers for filing/settling legal actions
The Content Providers. • Consider communications companies • Content providers • ‘spammers’ • Their ‘connection’ with existing telcos
…and some others • Hospitals • Multinationals • Touch n Go operator • Scratch n Win & other contests (p/data is collected) • Colleges/universities • Companies selling items based on personal traits/information (e.g. birth date, numerology)
am i within the PDP scheme? Thank you, hope we all learnt something today A presentation by Suaran Singh Sidhu