Important mail: Many data users are sending out notification letters, such as this, to their customers.
PUTRAJAYA: Don’t be alarmed if you seem to be bombarded lately with “love letters” from your bank, insurance agent and even Indah Water, vowing to protect your personal data.
It is all part of the compliance process of these service providers to the Personal Data Protection Act 2010 or PDPA.
Enforced on Nov 15 last year, the Act requires companies and organisations that handle consumers’ personal data in commercial transactions (known as data users) to notify them and get their agreement for collecting and processing the information within three months of the enforcement date.
Based on this principle, if you have received notification from a data user that you don’t remember signing up with, or no longer want to conduct business with, you have the right to request for your personal data to be deleted from its records.
“The most important principle of the PDPA is that when a data user is using the personal data of consumers for commercial purposes, consent must first be obtained from the data owners,” said Personal Data Protection commissioner Abu Hassan Ismail.
The PDPA was formed primarily to regulate the processing of personal data for commercial purposes and safeguard consumers’ rights amid the explosion of data in the world.
Other than obtaining consumers’ consent, data users must comply with six other principles of the Act, including ensuring that the data processed is accurate and taking practical steps to prevent it from loss, misuse or unauthorised access.
Failure to comply with any of these principles is punishable by up to RM300,000 fine or three years’ jail or both.
Personal data is information such as name, address, telephone number, MyKad number, images from CCTV recording, bank account and credit card details, as well as any expression of opinion about a person.
Consumers have the right to check their personal data with any data user to ensure they are not misused or abused.
Abu Hassan said the authorities received 800 to 1,000 complaints of data leakages or abuses every month, including unauthorised selling of data to third parties.
The Act is to create a culture of respect and trust in the management of personal data in the country.
“We hope that public confidence will grow now that the Act has been enforced.
“At the same time, the public must find out more about their rights as consumers and how to protect their personal information,” Abu Hassan said.
“They should always look at the fine print before giving their consent,” he said.
Abu Hassan added that the public can raise their personal data concerns or grouses to his department when the three months compliance period ends on Feb 15.
Comply with Act or face action data users warned
Businesses in the dark over the PDPA
Nube: Bank staff forced to give up their personal info