Advisory on protecting contact tracing information approved


  • Nation
  • Friday, 29 May 2020

A new guideline drafted by the Department of Personal Data Protection will outline measures that business owners must take protect the contact tracing data given by users during the CMCO period. - SAM THAM/The Star

PETALING JAYA: An advisory by the Department of Personal Data Protection (JPDP) on the collection, processing and possession of personal data by businesses during the conditional movement control order period (MCO) has been approved.

“The advisory was drafted in accordance with the Personal Data Protection Act, ” said Personal Data Protection commissioner Mazmalek Mohamad, adding that the Covid-19 committee chaired by Senior Minister Datuk Seri Ismail Sabri Yaakob had approved the content and an announcement would be made soon.

According to the advisory, businesses are only permitted to record minimal information – name, contact number, as well as dates and times of visit – and can choose to collect the information digitally or manually.

For manual data collection, a specific document must be prepared and used throughout the conditional MCO period. Staff recording the data must not disclose the information without permission.

The department said it would monitor the compliance level of businesses from time to time. Failure to comply could result in a fine of no more than RM300,000 or a prison term of no more than two years or both, if convicted.

When the government announces the end of the conditional MCO, the data must be disposed of permanently within six months.

The advisory also requires businesses to display a notice citing that it is compulsory for visitors to present the requested information and its purpose is in accordance with the Prevention and Control of Infection Disease Act.

Experts welcomed the decision to introduce an advisory to help protect contact tracing info given by visitors to various establishments.

“It’s good to have a standard approach for businesses that process personal data. It also removes any uncertainty, ” said Foong Cheng Leong, the Bar Council Information Technology and Cyber Laws Committee deputy chairman.

He hoped that the advisory would introduce standard operating procedures that are suitable for both small medium enterprises (SMEs) and large businesses.

“It should not be too onerous on businesses especially for small outfits with fewer employees, ” he said, suggesting that the government encourage larger businesses like shopping malls to use a designated online platform to register visitors, as it could help to prevent the misuse of personal data.

“The data should only be maintained by a specific department with the sole purpose of aiding the Health Ministry with contact tracing.”

Article type: free
User access status:
   

Did you find this article insightful?

Yes
No

78% readers found this article insightful

Across the site