KUALA LUMPUR – Proposed amendments to the Personal Data Protection Act 2010 will see fines increased to RM1 million, Digital Minister Gobind Singh Deo said.
This will be an increase from the current RM30,000 fine, while jail terms will be raised from not more than two years to not more than three years.
“The amendments are aimed at giving consumers the right to data portability, whereby a data owner can ask the data controller to send over their data, which will facilitate the data transfer process,” he said after tabling the amendment bill for first reading in the Dewan Rakyat today.
The amendments also require organisations that control data to appoint a data protection officer and to notify the personal data protection commissioner about this appointment.
Every organisation that controls or processes personal data must also report data breach incidents within the shortest period practicable.
“Data controllers, with this amendment, must also ensure they immediately report any data breach, as failure to do so makes them liable for a maximum RM250,000 fine or imprisonment for a period not exceeding two years, or both.
For other violations which he did not specify, Gobind said the current penalties of RM300,000 or imprisonment for not more than two years, or both, will be raised to RM1 million or imprisonment for not more than three years, or both.
“These amendments show that the government takes seriously the need to protect data, especially in the digital world where data will play an important role in new technologies such as artificial intelligence.
“The amendments are to ensure that no data is used without the consent of the data owner and to prevent data misuse when using existing digital platforms,” he said at a press conference in Parliament.
Gobind said he hopes all MPs will unanimously support the bill so that stricter punishment can be meted out to perpetrators of data breach crimes.
He said the office of the personal data protection commissioner had recorded a 41% hike in data breach cases for the first quarter of this year.
As of June of this year, the commissioner’s office had received 288 complaints of personal data violation and abuse, compared to 779 complaints the previous year.
“Between October 2023 and March this year, the number of complaints has increased to 5.1%. These figures are worrying,” he said. – July 10, 2024
