Over the past decade, technology has advanced rapidly, and the widespread use of the internet has granted people access to a wide range of information, including personal data of others. The internet is no longer limited to connecting people and conducting research; it has transformed into a platform where individuals can store information and promote themselves and their businesses.
At Finex & Co, we have implemented a “Smart Will System” that includes a digital questionnaire to gather essential data about our clients’ assets and personal information. This innovative solution may seem unfamiliar and might raise concerns or doubts. However, I’m here to assure you that your personal data is secure and there is no need to worry about it being leaked or misused.
Why can I provide this assurance? It is because the handling of personal data in commercial transactions is strictly governed and regulated by the Personal Data Protection Act 2010 (PDPA).
What is Personal Data?
Personal data refers to any information that can be used, either directly or indirectly, to identify an individual. This includes things like photographs, addresses, phone numbers, and descriptive information about a person’s traits or characteristics. Personal data should only be retained until it is no longer necessary. Typically, personal data should not be kept for more than a period of ten (10) years.
Who is subject to the compliance of PDPA?
The compliance with the PDPA is not mandatory for everyone. It specifically applies to individuals who use personal information for commercial purposes. However, government bodies and those carrying out official governmental duties are exempt from the requirements of the PDPA.
In order for a person or company to process your personal data, they are required to obtain your explicit consent. This means they must directly ask for your permission and cannot make assumptions or presume that you would grant consent. There is an exception to this rule when they provide a notice stating that if you neither accept nor reject, it will be considered as granting permission for them to use your personal data.
Nevertheless, you have the right to withdraw your consent at any time by following the procedures outlined in the respective company’s policies.
If you suspect that one of the employees from the company that has collected your personal data has leaked it to others, there are steps you can take. First, you should notify the company about your suspicion. It is their responsibility to take appropriate measures to investigate the alleged breach, determine the cause of the breach, and take necessary actions to contain the leaked information.
If it is discovered that the person or company has violated the PDPA and they are unresponsive to your request, there are further actions you can take. You have the option to file a complaint with the Department of Personal Data Protection using their web portal. You will be required to complete the provided form on their website and attach any relevant documents that support your complaints.
The primary objective of the PDPA is to protect the personal data of individuals, known as “data subjects,” from being misused by those who have control over the data, referred to as “data users” or individuals who authorize the processing of such data, known as “data processors.” This broad definition encompasses various details such as name, address, contact information, and national identification card details. It also extends to “sensitive” personal data, including an individual’s physical or mental health condition, political opinions, and religious beliefs.
Rest assured that your personal data is safeguarded under the PDPA in Malaysia. Failure to comply with the PDPA can lead to legal consequences and may require involvement of a lawyer for further action.