The right to privacy as a fundamental human right is recognized by the laws of most countries as an underlying value to be safeguarded. Where the countries’ laws differ is in the manner that this right is upheld. In the countries that follow the English Common Law (Malaysia being one), the courts are unwilling to formulate a general principle of “invasion of privacy”; instead they would rely on various case laws and statutes to uphold the Privacy Right of a person.
Is Privacy Law recognized in Malaysia?
In Malaysia, the courts are generally unwilling to accept that there is a general principle of invasion of privacy. However, there have been occasions where the courts did find that a person’s privacy had been intruded, especially where there is a case for breach of confidence (e.g., doctor-patient relationship).
How are Privacy Rights protected?
There are various laws that a person can rely on to protect his privacy. For example, if there is a pre-existing relationship (contractual/professional) between the victim and the perpetrator, the perpetrator by divulging certain private information about the victim may be liable for breach of confidence. If another person is making baseless accusations against you to a third party, you may also have an action in defamation. Misuse of another person’s personal details may also be a criminal offence in Malaysia under a new piece of legislation, the Personal Data Protection Act 2010 (PDPA).
What does the Personal Data Protection Act 2010 protect?
The PDPA protects personal data from being misused. Personal data is defined as any information collected or processed in connection to a commercial transaction by any equipment operating automatically (e.g., ATM, Computers) which is capable of identifying a person (a.k.a. data subject). The above definition will include such information as names, addresses, identification card/passport numbers, email addresses, telephone numbers, as well as banking details.
What duty does the PDPA impose on data users?
The PDPA prohibits data users from collecting and processing a data subject’s personal data without his or her consent. The Act also prohibits data users from disclosing or making its data available to any third party without the consent of data subjects. It requires data users to inform data subjects on the purpose of its data collection, the class of third party who may have access to the data, and the choices that data subjects have on how the data is to be used.
The Act also imposes a duty on data users to put in place adequate security and indemnity measures to prevent the theft, misuse, unauthorized access, accidental disclosure, alteration or destruction of data under their care. The Act also provides for the rights of data subjects to access, modify and update their personal data.
Are there any exceptions to the PDPA?
Yes, the PDPA does not apply to credit reporting business, data collected/processed for the prevention or detection of crime, for the purpose of preparing statistics and research, in accordance with a court order or for the purpose of discharging regulatory functions. The Act also does not apply to personal data that is processed outside of Malaysia.