Abstract image of a woman sitting on books and studying on a laptop

PDPA 2010 at office (HairulHafiz)

Download as PPT, PDF
H
Hairul Hafiz Hasbullah

The document outlines the Personal Data Protection Act (PDPA) 2010 in Malaysia, detailing the types of personal data, responsibilities for collection, processing, and management of such data. It emphasizes the need for consent, disclosure, and data protection principles to mitigate risks associated with personal data breaches. Additionally, it includes guidelines for employees and the importance of safeguarding personal information while complying with legal obligations.

Law
1 of 37
Downloaded 46 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Most read
20
21
22
23
24
25
26
27
28
29
30
31
Most read
32
33
34
35
36
37
Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection: It’s Getting Personal
WHAT YOU WILL LEARN?
• What is personal data • General guidelines for the collection of personal data • Your responsibilities with respect to the protection and management of personal data • Which major legislation and policies directly relate to privacy and personal data WHAT YOU WILL LEARN:
Loss of personal data leaves customers and employees at risk of fraud and personal identity theft WHAT YOU WILL LEARN: Identity Thief -The Scam.mp4
Crooks_use_fake_hotel_WiFi_hotspots_to_steal_personal_info.mp4
To demonstrate the data you are routinely sharing, walk through these next steps. If you are an iPhone user, here's how you can easily see if you are vulnerable to a data hack: 1.Go to Settings. 2.Tap Privacy. 3.Tap Location Services (If Off, you have nothing to worry about). 4.Scroll down and tap on Systems Services. 5.Scroll down to Frequent Locations (if Off, your privacy is intact). 6.If ON, tap on Frequent Locations. 7.Tap on any of the History details. Up will pop the last six weeks of your whereabouts, including frequency, time of day and amount of time spent at each location! Of course, this is not limited to iPhone users. THE SCARIER FACT IS THAT YOU MIGHT SHARED THE INFORMATION WITH HACKERS FOR NEFARIOUS PURPOSE GOOD NEWS TO POKEMON FANS
ZITMO BANKER MALWARE ANDROID –2010-PRESENT
PDPA 2010 at office (HairulHafiz)
Information about an individual that is recorded in any form Personal data is…
3TYPES OF DATA Data SubjectData Subject Individual who is subject of personal data Written / Oral Data UserData User Person who processes personal data OR has control over OR authorises processing of personal data Data ProcessorData Processor Person (other than data user’s employee) who processes personal data solely on behalf of data user
PERSONAL # SENSITIVE# COMMERCIAL DATA
PERSONAL DATA • Home address • Home telephone number • Age, date of birth, gender • Blood type • Ethnicity, nation of origin, colour of skin • Religious beliefs • Health care/medical history • Marital status • Identifying numbers (NRIC) • Credit card numbers • Criminal records, fingerprints • Curriculum vitae • Educational history • Financial history • Employment information • Exact salary
SENSITIVE DATA Any personal data consisting: • the physical or mental health of a data subject • his political opinions • his religious beliefs • the commission by him of any offence; or • any other personal data determined by the Minister Note : can only be processed under specific circumstances set out in PDPA (including explicit consent by data subject)
Written / Oral SENSITIVE PERSONAL DATA MAY ONLY BE PROCESSED IF:
COMMERCIAL DATA • Any transaction of a commercial nature include matters relating to: • Supply or exchange of goods or services • Agency • Investments • Financing • Banking & • Insurance Note: Does not include a credit reporting business (CTOS/CCRIS)
RESPONSIBILITY MyCEB employees are expected to be aware and follow applicable guidelines for the collection of personal data.
What Data That You need consent? Written / Oral
EXEMPTIONS TO CONSENT No Exemption Example 1 Performance of a contract to which the data subject is a party Employment contracts 2 the taking of steps at the request of the data subject with a view to entering into a contract Before the sale & purchase of a house or Hire and Purchase of a car. 3 Compliance with any legal obligation Organisation is under a duty pursuant to eg. SOCSO/EPF/LHDN, to provide data of its employees to authorities 4 Protect the vital interests of the data subject Person that is unconscious & needs medical treatment to save his life 5 Administration of justice Enforcement of a court order 6 Exercise of any functions conferred on any person by or under any law If an organisation is tasked to perform a service by a law eg Police
DISCLOSURE IS VERY IMPORTANT It is vital that the following is disclosed to the owners of the personal DATA: • Why this personal DATA is being collected • How this DATA may be used and if the DATA is shared, with whom; and • How and for how long this DATA will be held and then disposed of
Responsibility MyCEB employees have a duty to protect and manage personal data about individuals. Responsibility MyCEB employees have a duty to protect and manage personal data about individuals.
7 PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle • Data user shall provide a written notice to the data subject. To include: • That personal data of the data subject is being processed by or on behalf of the data user • Description of the personal data • Purpose it is collected & further processed • Class of 3rd parties to whom data user discloses / may disclose the personal data • Whether it is obligatory for the data subject to provide the personal data • Must be given as soon as practicable • In Bahasa & English
CHANNELS OF SERVING NOTICE • Application forms • Terms & conditions • RFQs / RFPs • Agreements • Letters of employment • Salary slips • E-mails
PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle Personal data shall not without the consent of the data subject, be disclosed: •For any purpose other than the purpose disclosed at the time of collection or related purpose; or •To any party other than 3rd parties of the class in notice
PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle • The personal data processed for any purpose shall not be kept longer than is necessary for the fulfillment of that purpose • No time limit but if it is not required for its initial purpose, it must be destroyed
PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle A data user shall take reasonable steps to ensure that the personal data is accurate, complete, not misleading & kept up-to-date by having regard to the purpose, including any directly related purpose, for which the personal data was collected & further processed
PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle • A data subject shall be given access to his personal data held by a data user • Able to correct that personal data where the personal data is inaccurate, incomplete, misleading or not up-to-date • EXCEPT where compliance with a request to such access or correction is refused under PDPA
# CASES # MyCEB COMPLIANCE
PDPA 2010 at office (HairulHafiz)
Written / Oral
Written / Oral Offence Liability Contravention of the personal data protection principles RM300,000 or imprisonment of 2 years or both Failure to register as data user for specified class of data users RM500,000 or imprisonment of 3 years or both Data users continue to process personal data after the registration is revoked RM500,000 or imprisonment of 3 years or both Processing of sensitive personal data in contravention with s40 RM200,000 or imprisonment of 2 years or both Failure to comply with the Commissioner's requirements to cease processing of personal data likely to cause damage or distress RM200,000 or imprisonment of 2 years or both Unlawful collection or disclosure of personal data: RM500,000 or imprisonment 3 years or to both RM500,000 or imprisonment of 3 years or both Transfer of personal data overseas RM300,000 or imprisonment of 2 years or both UNDER PDPA 2010 (Act 709)UNDER PDPA 2010 (Act 709)
Compliance
PDPA COMPLIANCE PreventPrevent DetectDetect RespondRespond • Risk assessment & regular re- assessment • Policies • Guidelines • Training • Risk assessment & regular re- assessment • Policies • Guidelines • Training • Monitoring • Compliance Audit • Concern / incident reporting • Monitoring • Compliance Audit • Concern / incident reporting • Internal Investigations • Dealings with authorities • Employment related consequences • Internal Investigations • Dealings with authorities • Employment related consequences
PRIVACY IMPACT ASSESSMENT LOOK OUT FOR: Description of personal data How personal data is collected Was consent sought? How? Purpose of processing How personal data is kept – security? Procedures to ensure accuracy? Access? Retention period? Is personal data destroyed? Disclosure / transfer
GUIDELINES: COLLECTION OF PERSONAL DATA • Any collection of personal data shall be done in consultation with legal and corporate service unit. • No personal data shall be collected unless it relates directly to an operating program or activity of MyCEB.
HR : PDPA POLICY MALAYSIA CONVENTION & EXHIBITION BUREAU PERSONAL DATA PROTECTION Privacy Policy 1. Collection of Personal Data This Personal Data Protection Notice is issued to all our valued customers/prospective customers, pursuant to the requirements of the Personal Data Protection Act 2010. We treat and view your personal data seriously. In the course of your dealings with Malaysia Convention & Exhibition Bureau (“MyCEB”), as our valued customer / prospective customer, we will request that you provide data and information about yourself (“Personal Data”) to enable us to enter into transaction with you or to deliver the necessary notices, services and/or products. 2. Nature of Personal Data Such Personal Data may be subject to applicable data protection, privacy and other similar laws and may include information concerning name, age, identity card number, passport number, address, gender, date of birth, marital status, occupation, contact information, email address, race, ethnic origin and nationality. 3. Impact from failure to supply Personal Data The failure to supply such Personal Data will result in us being unable to : a. provide you with the notices, services and/or products requested; b. update you on our latest products, services and promotions. 4. Purpose of Collecting Personal Data The Personal Data is collected, used and otherwise processed by us for, amongst others, the following purposes: a. delivering notices, services, products, updates materials to you; b. maintaining and improving customer relationship; c. maintaining and updating internal record keeping; and d. meeting any legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to PSMB 5. Disclosure The Personal Data provided to us will generally be kept confidential but you hereby consent and authorize us to provide or disclose your Personal Data to the following categories:- a. any person to whom we are compelled or required to do so under law ; b. statutory authorities, government agencies and industry regulators; c. our consultants, accountants, auditors, lawyers or other financial or professional advisers; and d. our service providers for purposes of establishing and maintaining a common database where we have a legitimate common interest; 6. Safeguards We shall keep and process your data in a secure manner. We endeavour, where practicable, to implement the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to prevent the unauthorized or unlawful processing of the Personal Data and the accidental loss or destruction of, or damage to, the Personal Data. 7. Rights of Access and Correction You have the right to request for access to and correction of your information held by us and in this respect, you may: a. Check whether we hold or use your Personal Data and request access to such data; b. Request that we correct any of your Personal Data that is inaccurate, incomplete or out- of-date; c. Request that your Personal Data is retained by us only as long as necessary for the fulfilment of the purposes for which it was collected; d. Request that we specify or explain our policies and procedures in relation to data and types of Personal Data handled by us; e. Communicate to us your objection to the use of your Personal Data for marketing purposes whereupon we will not use your Personal Data for these purposes; and f. Withdraw, in full or in part, your consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period.
IN SUMMARY: • Personal data is information about an individual that is recorded in any form. • We must establish a process for the storage and management of personal data that both enables access to and protection of the information. • You must ensure that personal data is correct and you should practice “just in time” collection of personal information.
CONGRATULATIONS! You have just completed Privacy and Personal data (Part 1) under MyCEB Personal Data Protection 2010 THANK YOU

More Related Content

PPTX
Digital personal data protection act, 2023.pptx
DineshPrasad64
 
PPT
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
PPT
Data Protection Act
mrmwood
 
PPTX
The Data Protection Act
SaimaRafiq
 
PPT
Data protection in_india
Altacit Global
 
PDF
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
PDF
Overview on data privacy
Amiit Keshav Naik
 
PPTX
Digital Personal Data Protection Bill 2023 PPT.pptx
RohanTyagi57
 
Digital personal data protection act, 2023.pptx
DineshPrasad64
 
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Data Protection Act
mrmwood
 
The Data Protection Act
SaimaRafiq
 
Data protection in_india
Altacit Global
 
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
Overview on data privacy
Amiit Keshav Naik
 
Digital Personal Data Protection Bill 2023 PPT.pptx
RohanTyagi57
 

What's hot (20)

PPT
Personal Data Protection in Malaysia
khenghoe
 
PPTX
Pdpa presentation
Alan Teh
 
PDF
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
PPTX
GDPR Presentation slides
Naomi Holmes
 
PDF
GDPR for Dummies
Caroline Boscher
 
PDF
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
PPTX
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
PPTX
PDPA Compliance Preparation
LawPlus Ltd.
 
PPTX
Presentation on GDPR
DipanjanDey12
 
PPTX
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
PDF
GDPR Demystified
SPIN Chennai
 
PDF
What about GDPR?
Martin Hawksey
 
PPTX
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
PPTX
skillcast-gdpr-training-presentation-q320.pptx
RahulGarg294918
 
PDF
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
PPTX
Introduction to GDPR
Priyab Satoshi
 
PPTX
The Protection of Personal Information Act 4 of 2013
Myron Duncan Burton Betshanger
 
PPTX
Popi act presentation
Kholisile Mazaza
 
PDF
GDPR Overview
Trish McGinity, CCSK
 
PDF
Data Protection and Privacy
Vertex Holdings
 
Personal Data Protection in Malaysia
khenghoe
 
Pdpa presentation
Alan Teh
 
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
GDPR Presentation slides
Naomi Holmes
 
GDPR for Dummies
Caroline Boscher
 
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
PDPA Compliance Preparation
LawPlus Ltd.
 
Presentation on GDPR
DipanjanDey12
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
GDPR Demystified
SPIN Chennai
 
What about GDPR?
Martin Hawksey
 
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
skillcast-gdpr-training-presentation-q320.pptx
RahulGarg294918
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
Introduction to GDPR
Priyab Satoshi
 
The Protection of Personal Information Act 4 of 2013
Myron Duncan Burton Betshanger
 
Popi act presentation
Kholisile Mazaza
 
GDPR Overview
Trish McGinity, CCSK
 
Data Protection and Privacy
Vertex Holdings
 
Ad

Similar to PDPA 2010 at office (HairulHafiz) (20)

PDF
Pdpa2010 & GDPR (part 5)
Hairul Hafiz Hasbullah
 
PDF
PDPA 2010 (part 2) - What's Next?
Hairul Hafiz Hasbullah
 
PDF
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
PPTX
3A – DATA PROTECTION: ADVICE
CFG
 
PDF
PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
Hairul Hafiz Hasbullah
 
PDF
Pasoco ITSMF,SPMI-PDPA-140626-public
PasocoPteLtd
 
PPT
Data protection act
Iqbal Bocus
 
PDF
Data Protection Act 1998 (amended 2000)
The Pathway Group
 
PPT
Personal privacy and computer technologies
sidra batool
 
PDF
data privacy handbook: A starter guide to data privacy compliance
DesmondMontgomery2
 
PDF
Data Decoded: Understanding India's Draft Data Protection Bill
Antaraa Vasudev
 
PPTX
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 
PDF
Personal Data Privacy Law In Hong Kong A Practical Guide On Compliance Stephe...
staffacerulo46
 
PDF
data-privacy-egypt-what-you-need-know-en.pdf
kiruthigajawahar6
 
PDF
GDPR - Sink or Swim
Guy Griffiths
 
PPT
Privacy Ordinance in Hong Kong
若水 鲁
 
PPTX
PRIVACY_SPI-Subject_3rdyear-BSITWeb.pptx
inaresangelique
 
PPTX
Data protection training emea new joiners. mandatory quiz
Deborahchiesa
 
PPTX
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
PPT
Data privacy & social media
Prof. Jacques Folon (Ph.D)
 
Pdpa2010 & GDPR (part 5)
Hairul Hafiz Hasbullah
 
PDPA 2010 (part 2) - What's Next?
Hairul Hafiz Hasbullah
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
3A – DATA PROTECTION: ADVICE
CFG
 
PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
Hairul Hafiz Hasbullah
 
Pasoco ITSMF,SPMI-PDPA-140626-public
PasocoPteLtd
 
Data protection act
Iqbal Bocus
 
Data Protection Act 1998 (amended 2000)
The Pathway Group
 
Personal privacy and computer technologies
sidra batool
 
data privacy handbook: A starter guide to data privacy compliance
DesmondMontgomery2
 
Data Decoded: Understanding India's Draft Data Protection Bill
Antaraa Vasudev
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 
Personal Data Privacy Law In Hong Kong A Practical Guide On Compliance Stephe...
staffacerulo46
 
data-privacy-egypt-what-you-need-know-en.pdf
kiruthigajawahar6
 
GDPR - Sink or Swim
Guy Griffiths
 
Privacy Ordinance in Hong Kong
若水 鲁
 
PRIVACY_SPI-Subject_3rdyear-BSITWeb.pptx
inaresangelique
 
Data protection training emea new joiners. mandatory quiz
Deborahchiesa
 
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
Data privacy & social media
Prof. Jacques Folon (Ph.D)
 
Ad

Recently uploaded (20)

PDF
Manipur-Report.pdf governance failure in Manipur
sabranghindi
 
PPTX
The-Specific-Relief-AmendmentAct2018.pptx
portraitdrawings111
 
PDF
Civil Court Procedure by Shivam Dhawal.pdf
Shivam Dhawal
 
PPTX
REGISTRATION OF PHARMACIST , SAHILI WATH [ROLL NO 80].pptx
mehvishfatimasheikh0
 
PDF
UNIT-3-COMPANIES ACT-2013.pdf (Applicable for India)
Dr. Abhijeet Dawle
 
PDF
Legal Strategics for Startup Success Contracts.pdf
Roger Royse
 
PDF
UNIT- 5 & 6_Industrial Relations PPT.pdf
Dr. Abhijeet Dawle
 
PDF
Case Digest_ G.R. No. 45081 - Angara vs. Electoral Commission.pdf
lauralibusada
 
PPTX
Principles_of_Forensic_Science_Presentation.pptx
ankusharmaofficial94
 
PPT
Federalism lecture note power point for law
Temesgen59
 
PPTX
INTRODUCTION OF Philippine Politics and Governance.pptx
jhonkleinchavez1
 
PDF
Data Act Effective from September 2025: Here is a Guide to the Main Obligations
Giulio Coraggio
 
DOCX
Political Science Election Part One.docx
wandeer2
 
PPTX
Introduction_to_ICT_in_Legal_Education.pptx
SharminSathi2
 
PPTX
Introduction to Patents & Patentability criteria.pptx
NagendrapavanAddala1
 
PDF
UNIT-4 - Limited Liability Partnership_2008.pdf
Dr. Abhijeet Dawle
 
PDF
Dangers In The Oil Field: Helping Injured Workers Hold Oil And Gas Companies ...
The Law Buzz
 
PDF
Case Digest_ G.R. No. 46076 - People vs. Rosenthal.pdf
lauralibusada
 
PPTX
Principles_of_Forensic_Science_Presentation.pptx
ankusharmaofficial94
 
PPTX
Database Management Systems - akash dbms - abar tomake - nitei-hbe - na hle h...
akashsarkar95217
 
Manipur-Report.pdf governance failure in Manipur
sabranghindi
 
The-Specific-Relief-AmendmentAct2018.pptx
portraitdrawings111
 
Civil Court Procedure by Shivam Dhawal.pdf
Shivam Dhawal
 
REGISTRATION OF PHARMACIST , SAHILI WATH [ROLL NO 80].pptx
mehvishfatimasheikh0
 
UNIT-3-COMPANIES ACT-2013.pdf (Applicable for India)
Dr. Abhijeet Dawle
 
Legal Strategics for Startup Success Contracts.pdf
Roger Royse
 
UNIT- 5 & 6_Industrial Relations PPT.pdf
Dr. Abhijeet Dawle
 
Case Digest_ G.R. No. 45081 - Angara vs. Electoral Commission.pdf
lauralibusada
 
Principles_of_Forensic_Science_Presentation.pptx
ankusharmaofficial94
 
Federalism lecture note power point for law
Temesgen59
 
INTRODUCTION OF Philippine Politics and Governance.pptx
jhonkleinchavez1
 
Data Act Effective from September 2025: Here is a Guide to the Main Obligations
Giulio Coraggio
 
Political Science Election Part One.docx
wandeer2
 
Introduction_to_ICT_in_Legal_Education.pptx
SharminSathi2
 
Introduction to Patents & Patentability criteria.pptx
NagendrapavanAddala1
 
UNIT-4 - Limited Liability Partnership_2008.pdf
Dr. Abhijeet Dawle
 
Dangers In The Oil Field: Helping Injured Workers Hold Oil And Gas Companies ...
The Law Buzz
 
Case Digest_ G.R. No. 46076 - People vs. Rosenthal.pdf
lauralibusada
 
Principles_of_Forensic_Science_Presentation.pptx
ankusharmaofficial94
 
Database Management Systems - akash dbms - abar tomake - nitei-hbe - na hle h...
akashsarkar95217
 

PDPA 2010 at office (HairulHafiz)

  • 1. Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection: It’s Getting Personal
  • 2. WHAT YOU WILL LEARN?
  • 3. • What is personal data • General guidelines for the collection of personal data • Your responsibilities with respect to the protection and management of personal data • Which major legislation and policies directly relate to privacy and personal data WHAT YOU WILL LEARN:
  • 4. Loss of personal data leaves customers and employees at risk of fraud and personal identity theft WHAT YOU WILL LEARN: Identity Thief -The Scam.mp4
  • 6. To demonstrate the data you are routinely sharing, walk through these next steps. If you are an iPhone user, here's how you can easily see if you are vulnerable to a data hack: 1.Go to Settings. 2.Tap Privacy. 3.Tap Location Services (If Off, you have nothing to worry about). 4.Scroll down and tap on Systems Services. 5.Scroll down to Frequent Locations (if Off, your privacy is intact). 6.If ON, tap on Frequent Locations. 7.Tap on any of the History details. Up will pop the last six weeks of your whereabouts, including frequency, time of day and amount of time spent at each location! Of course, this is not limited to iPhone users. THE SCARIER FACT IS THAT YOU MIGHT SHARED THE INFORMATION WITH HACKERS FOR NEFARIOUS PURPOSE GOOD NEWS TO POKEMON FANS
  • 9. Information about an individual that is recorded in any form Personal data is…
  • 10. 3TYPES OF DATA Data SubjectData Subject Individual who is subject of personal data Written / Oral Data UserData User Person who processes personal data OR has control over OR authorises processing of personal data Data ProcessorData Processor Person (other than data user’s employee) who processes personal data solely on behalf of data user
  • 12. PERSONAL DATA • Home address • Home telephone number • Age, date of birth, gender • Blood type • Ethnicity, nation of origin, colour of skin • Religious beliefs • Health care/medical history • Marital status • Identifying numbers (NRIC) • Credit card numbers • Criminal records, fingerprints • Curriculum vitae • Educational history • Financial history • Employment information • Exact salary
  • 13. SENSITIVE DATA Any personal data consisting: • the physical or mental health of a data subject • his political opinions • his religious beliefs • the commission by him of any offence; or • any other personal data determined by the Minister Note : can only be processed under specific circumstances set out in PDPA (including explicit consent by data subject)
  • 14. Written / Oral SENSITIVE PERSONAL DATA MAY ONLY BE PROCESSED IF:
  • 15. COMMERCIAL DATA • Any transaction of a commercial nature include matters relating to: • Supply or exchange of goods or services • Agency • Investments • Financing • Banking & • Insurance Note: Does not include a credit reporting business (CTOS/CCRIS)
  • 16. RESPONSIBILITY MyCEB employees are expected to be aware and follow applicable guidelines for the collection of personal data.
  • 17. What Data That You need consent? Written / Oral
  • 18. EXEMPTIONS TO CONSENT No Exemption Example 1 Performance of a contract to which the data subject is a party Employment contracts 2 the taking of steps at the request of the data subject with a view to entering into a contract Before the sale & purchase of a house or Hire and Purchase of a car. 3 Compliance with any legal obligation Organisation is under a duty pursuant to eg. SOCSO/EPF/LHDN, to provide data of its employees to authorities 4 Protect the vital interests of the data subject Person that is unconscious & needs medical treatment to save his life 5 Administration of justice Enforcement of a court order 6 Exercise of any functions conferred on any person by or under any law If an organisation is tasked to perform a service by a law eg Police
  • 19. DISCLOSURE IS VERY IMPORTANT It is vital that the following is disclosed to the owners of the personal DATA: • Why this personal DATA is being collected • How this DATA may be used and if the DATA is shared, with whom; and • How and for how long this DATA will be held and then disposed of
  • 20. Responsibility MyCEB employees have a duty to protect and manage personal data about individuals. Responsibility MyCEB employees have a duty to protect and manage personal data about individuals.
  • 21. 7 PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle • Data user shall provide a written notice to the data subject. To include: • That personal data of the data subject is being processed by or on behalf of the data user • Description of the personal data • Purpose it is collected & further processed • Class of 3rd parties to whom data user discloses / may disclose the personal data • Whether it is obligatory for the data subject to provide the personal data • Must be given as soon as practicable • In Bahasa & English
  • 22. CHANNELS OF SERVING NOTICE • Application forms • Terms & conditions • RFQs / RFPs • Agreements • Letters of employment • Salary slips • E-mails
  • 23. PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle Personal data shall not without the consent of the data subject, be disclosed: •For any purpose other than the purpose disclosed at the time of collection or related purpose; or •To any party other than 3rd parties of the class in notice
  • 24. PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle • The personal data processed for any purpose shall not be kept longer than is necessary for the fulfillment of that purpose • No time limit but if it is not required for its initial purpose, it must be destroyed
  • 25. PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle A data user shall take reasonable steps to ensure that the personal data is accurate, complete, not misleading & kept up-to-date by having regard to the purpose, including any directly related purpose, for which the personal data was collected & further processed
  • 26. PRINCIPLES OF DATA PROTECTION Written / Oral * Disclosure Principle *Access Principle * Notice & Choice Principle • A data subject shall be given access to his personal data held by a data user • Able to correct that personal data where the personal data is inaccurate, incomplete, misleading or not up-to-date • EXCEPT where compliance with a request to such access or correction is refused under PDPA
  • 27. # CASES # MyCEB COMPLIANCE
  • 30. Written / Oral Offence Liability Contravention of the personal data protection principles RM300,000 or imprisonment of 2 years or both Failure to register as data user for specified class of data users RM500,000 or imprisonment of 3 years or both Data users continue to process personal data after the registration is revoked RM500,000 or imprisonment of 3 years or both Processing of sensitive personal data in contravention with s40 RM200,000 or imprisonment of 2 years or both Failure to comply with the Commissioner's requirements to cease processing of personal data likely to cause damage or distress RM200,000 or imprisonment of 2 years or both Unlawful collection or disclosure of personal data: RM500,000 or imprisonment 3 years or to both RM500,000 or imprisonment of 3 years or both Transfer of personal data overseas RM300,000 or imprisonment of 2 years or both UNDER PDPA 2010 (Act 709)UNDER PDPA 2010 (Act 709)
  • 32. PDPA COMPLIANCE PreventPrevent DetectDetect RespondRespond • Risk assessment & regular re- assessment • Policies • Guidelines • Training • Risk assessment & regular re- assessment • Policies • Guidelines • Training • Monitoring • Compliance Audit • Concern / incident reporting • Monitoring • Compliance Audit • Concern / incident reporting • Internal Investigations • Dealings with authorities • Employment related consequences • Internal Investigations • Dealings with authorities • Employment related consequences
  • 33. PRIVACY IMPACT ASSESSMENT LOOK OUT FOR: Description of personal data How personal data is collected Was consent sought? How? Purpose of processing How personal data is kept – security? Procedures to ensure accuracy? Access? Retention period? Is personal data destroyed? Disclosure / transfer
  • 34. GUIDELINES: COLLECTION OF PERSONAL DATA • Any collection of personal data shall be done in consultation with legal and corporate service unit. • No personal data shall be collected unless it relates directly to an operating program or activity of MyCEB.
  • 35. HR : PDPA POLICY MALAYSIA CONVENTION & EXHIBITION BUREAU PERSONAL DATA PROTECTION Privacy Policy 1. Collection of Personal Data This Personal Data Protection Notice is issued to all our valued customers/prospective customers, pursuant to the requirements of the Personal Data Protection Act 2010. We treat and view your personal data seriously. In the course of your dealings with Malaysia Convention & Exhibition Bureau (“MyCEB”), as our valued customer / prospective customer, we will request that you provide data and information about yourself (“Personal Data”) to enable us to enter into transaction with you or to deliver the necessary notices, services and/or products. 2. Nature of Personal Data Such Personal Data may be subject to applicable data protection, privacy and other similar laws and may include information concerning name, age, identity card number, passport number, address, gender, date of birth, marital status, occupation, contact information, email address, race, ethnic origin and nationality. 3. Impact from failure to supply Personal Data The failure to supply such Personal Data will result in us being unable to : a. provide you with the notices, services and/or products requested; b. update you on our latest products, services and promotions. 4. Purpose of Collecting Personal Data The Personal Data is collected, used and otherwise processed by us for, amongst others, the following purposes: a. delivering notices, services, products, updates materials to you; b. maintaining and improving customer relationship; c. maintaining and updating internal record keeping; and d. meeting any legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to PSMB 5. Disclosure The Personal Data provided to us will generally be kept confidential but you hereby consent and authorize us to provide or disclose your Personal Data to the following categories:- a. any person to whom we are compelled or required to do so under law ; b. statutory authorities, government agencies and industry regulators; c. our consultants, accountants, auditors, lawyers or other financial or professional advisers; and d. our service providers for purposes of establishing and maintaining a common database where we have a legitimate common interest; 6. Safeguards We shall keep and process your data in a secure manner. We endeavour, where practicable, to implement the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to prevent the unauthorized or unlawful processing of the Personal Data and the accidental loss or destruction of, or damage to, the Personal Data. 7. Rights of Access and Correction You have the right to request for access to and correction of your information held by us and in this respect, you may: a. Check whether we hold or use your Personal Data and request access to such data; b. Request that we correct any of your Personal Data that is inaccurate, incomplete or out- of-date; c. Request that your Personal Data is retained by us only as long as necessary for the fulfilment of the purposes for which it was collected; d. Request that we specify or explain our policies and procedures in relation to data and types of Personal Data handled by us; e. Communicate to us your objection to the use of your Personal Data for marketing purposes whereupon we will not use your Personal Data for these purposes; and f. Withdraw, in full or in part, your consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period.
  • 36. IN SUMMARY: • Personal data is information about an individual that is recorded in any form. • We must establish a process for the storage and management of personal data that both enables access to and protection of the information. • You must ensure that personal data is correct and you should practice “just in time” collection of personal information.
  • 37. CONGRATULATIONS! You have just completed Privacy and Personal data (Part 1) under MyCEB Personal Data Protection 2010 THANK YOU