To link to this article, copy this persistent link:

(Apr 16, 2010) Malaysia's House of Representatives (Dewan Rakyat) passed a bill on April 5, 2010, that would for the first time codify a comprehensive data protection framework for Malaysian enterprises. The bill will now proceed to the Senate (Dewan Negara) for further deliberation. (Donald G. Aplin & Newley Purnell, Malaysia Data Protection Framework Bill Passes House, Country Eyes EU Adequacy, BNA PRIVACY LAW WATCH, Apr. 9, 2010, available at

The bill's seven privacy protection principles, e.g., providing notice to and obtaining the consent of data subjects for use of their data (under the "notice" and "disclosure" principles), are reportedly modeled on those established by the Asia-Pacific Economic Cooperation (APEC) (Malaysia is a member) and the European Union Data Protection Directive (95/46/EC), and the legislation shares certain features of the data protection laws of a number of EU Member States. (Id.; APEC SECRETARIAT, APEC PRIVACY FRAMEWORK (2005), Australian Government Attorney General's Department website, available at
; Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, European Commission Justice and Home Affairs website, (last visited Apr. 13, 2010) .)

The bill includes provisions that require registration of data users, allow for data-user forums and their preparation of codes of practice, set forth the rights of data subjects, regulate direct marketing and personal data transfers outside Malaysia, set up a Personal Data Protection Fund, and establish an Office of the Data Protection Commissioner (ODPC). The ODPC will have limited powers of investigation and enforcement; among other duties, the ODPC will be responsible for monitoring credit reference agencies' activities. The bill also provides for a Personal Data Protection Advisory Committee and an Appeal Tribunal. Inspection, complaint, and investigation procedures, as well as enforcement measures, are also outlined in the legislation. (Aplin & Purnell, supra; Personal Data Protection Bill 2009, Parliament of Malaysia website, (last visited Apr. 13, 2010).)

According to Information Communication and Culture Minister Datuk Seri Dr Rais Yatim, the permissible time frame for retention of personal data will be determined once the legislation is implemented. (Personal Data Protection Bill Passed, THE MALAYSIAN INSIDER, Apr. 5, 2010, available at
.) Rais stressed that the bill had no compensatory provisions for unauthorized use of personal data, but "[c]omplainants can institute civil action for remedy if personal data is abused for commercial transactions." (Id.) He added that upon the law's entry into force, credit reference agencies would have to apply to the ODPC before being allowed to retain in their databases any personal data on individuals. (Id.)

Author: Wendy Zeldin More by this author
Topic: Right of privacy More on this topic
Jurisdiction: Malaysia More about this jurisdiction

Search Legal News
Find legal news by topic, country, keyword, date, or author.

Global Legal Monitor RSS
Get the Global Legal Monitor delivered to your inbox. Sign up for RSS service.

The Global Legal Monitor is an online publication from the Law Library of Congress covering legal news and developments worldwide. It is updated frequently and draws on information from the Global Legal Information Network, official national legal publications, and reliable press sources. You can find previous news by searching the GLM.

Last updated: 04/16/2010