The Communication and Multimedia Ministry today announced that the Personal Data Protection Act 2010 came into force on Nov 15.
The act was introduced specifically for the purpose of preventing the misuse of people's personal data for commercial purposes, said Minister Datuk Seri Ahmad Shabery Cheek.
Those categorised as users of data had until Feb 15 next year to register with the Personal Data Protection Department, he said, adding that it was an offence to disclose personal data to third parties without the consent of the owner.
Ahmad Shabery said the act ensured information security, network reliability and integrity of data protection in the country.
He said Malaysia was the first country among the Asean nations which had enforced such an act, and thus would make a reality of the objective of the transformation of Malaysia into a developed country.
"Protecting personal data is a huge social responsibility as the Big Data industry in Malaysia is growing rapidly, and it also encompasses the question of personal data and other important information of an organisation," he told a news conference at the ministry.
Shabery said he estimated that 25,000 institutions in the country were categorised as data users and had to be registered under the act.
Answering a question about the seriousness of problems related to leakage of personal data, he said he learned that every month Cyber Security received 800 to 1,000 complaints of personal information being distributed to those who were not supposed to get it.
Shabery also announced the appointment of the Personal Data Protection Department director-general Abu Hassan Ismail as the first Personal Data Protection Commissioner.
Meanwhile, in a media release, the department defined data users as those who processed personal data or had control over such data or authorised the processing of personal data.
It listed 11 sectors classified as data users, encompassing the communication, banking and financial institutions, insurance, health, tourism and hospitality, transport, education, direct selling, services, real estate and utilities sectors.
It also listed the various offences and penalties under the act, including a fine of up to RM500,000 or a jail term of up to three years for processing personal data without a certificate of registration or after the registration had been revoked. – Bernama