Thanks to the advance of the digital technology, database become an integral part of life today’s world where it has become very easy to collect, edit, share or transfer of data among other people. Due to this, little we know what that our personal data such as identity and numbers, address or even bank accounts details has become the most danger weapons. Irresponsible parties can easily exploit the most valuable commodities for their personal gain unethically.
In Malaysia, it has been like an acceptable practice where we leave or cards, or personal information at registration counters or at any public eveners without concerns on what the organizers would do with this information in hand. Mostly what happen is that people would then start to receive numerous unknown phone calls or text messages offering different services and products.
Under the enforced Personal Data Protection Act 2010 (PDPA) people now are more covered and have more control over their personal data. However, it depends on how well they understand their rights and its limitations.
Among the basic rights that one should know are the data subjects (consumers) are the “real owner” of their own personal data. They have the right to:
· Access personal data
· Collect personal data
· Prevent damage or distress
· Withdraw from processing data
· Prevent from direct marketing
When any of these rights are violated, data subjects can lodge complaints on data abuse to PDP Commissioners.
The right to access personal data is to allow data subject to check and verify the accuracy of their information. If deem inaccurate, it can be corrected or struck off the record. To exercise the right, data subjects need to make request to data users which they need to comply within 21 days.
Another important rights is to withdraw consent of data even when being processed. When consent is withdraw, data user need to stop processing the personal data. Failure to do so can be fine up to RM100,000 or 1 year in jail, or both.
On the other hand, this act protects data subjects from the telemarketers to stop their unsolicited telemarketing messages which can cause distress to the public. Failure to comply to do so by telemarketers can caused then RM200,000 of fine or jail term of 2 years, or both.
For future, data subjects able to ask the data users to not use their personal data for future profiling, screening, or any data mining activities.
However, the Act has some limitations. Before data subjects can lodge their complaints to the authority, they need to determine whether the act is applicable to their case. The PDPA is not applicable in processes of personal data by the government and its agencies (government-link companies may not be included); “non-commercial” transactions; for credit reporting business; data processes outside the country; and data collected solely for personal purposes. The Act does not applied to 2 of the biggest depositories of personal data for Malaysians which are:
1. The National Registration Department (Government Agencies)
2. Facebook (data not process in Malaysia)
With most businesses moving on with social media network, most information of consumers obtained and processed through transaction online. This might provide loophole for schemers and scammers. Therefore, we are as the owners for our own personal data should be extra careful on what kind of information we shared online or offline.