Contents · i 2010 i ii 2010 i Contents Arrangement of Sections ..... 3 Part I : Preliminary Section 1

Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010

i

Contents

Arrangement of Sections .......................................................... 3

Part I : Preliminary

Section

1. Short title and commencement ............................................... 11

2. Application ............................................................................. 11

3. Non-application ...................................................................... 13

4. Interpretation .......................................................................... 13

Part II : Personal Data Protection

Division 1Personal Data Protection Principles

5. Personal Data Protection Principles ....................................... 18

6. General Principle .................................................................... 19

7. Notice and Choice Principle ................................................... 20

8. Disclosure Principle ................................................................ 22

9. Security Principle ................................................................... 22

10. Retention Principle ................................................................. 23

11. Data Integrity Principle .......................................................... 24

12. Access Principle .................................................................... 24

Personal Data Protection Act 2010(Act 709)


ii

Division 2Registration

Section

13. Application of this Division ................................................... 24

14. Registration of data users ....................................................... 24

15. Application for registration .................................................... 25

16. Certificateofregistration ........................................................ 25

17. Renewalofcertificateofregistration ...................................... 26

18. Revocation of registration ...................................................... 27

19. Surrenderofcertificateofregistration .................................... 28

20. Register of Data Users ............................................................ 28

Division 3Data user forum and code of practice

21. Data user forum ...................................................................... 29

22. Register of Data User Forums ................................................ 30

23. Code of practice ...................................................................... 30

24. Commissioner may issue code of practice ............................. 31

25. Applicable code of practice .................................................... 33

26. Revocation, etc., of code of practice ...................................... 34

27. Submission of new code of practice by data user forum ........ 35

28. Register of Codes of Practice ................................................. 35

29. Non-compliance with code of practice ................................... 36

Division 4Rights of data subject

30. Right of access to personal data ............................................. 36

31. Compliance with data access request ..................................... 37


iii

Section

32. Circumstances where data user may refuse to comply with data access request ......................................... 37

33. Notificationofrefusaltocomplywith data access request .................................................................. 40

34. Right to correct personal data ................................................. 40

35. Compliance with data correction request ............................... 41

36. Circumstances where data user may refuse to comply with data correction request ................................... 43

37. Notificationofrefusaltocomplywith data correction request ............................................................ 44

38. Withdrawal of consent to process personal data ..................... 46

39. Extent of disclosure of personal data ...................................... 46

40. Processing of sensitive personal data ..................................... 47

41. Repeated collection of personal data in same circumstances ............................................................ 50

42. Right to prevent processing likely to cause damage or distress ......................................................... 50

43. Right to prevent processing for purposes of direct marketing .................................................................. 53

44. Record to be kept by data user ................................................ 53

Part III : Exemption

45. Exemption ............................................................................... 54

46. Power to make further exemptions ......................................... 56


iv

Part IV : Appointment, Functions and Powers of Commissioner

Section

47. Appointment of Commissioner .............................................. 57

48. Functions of Commissioner .................................................... 57

49. Powers of Commissioner ........................................................ 59

50. Appointment of Deputy Commissioners and Assistant Commissioners ................................................. 60

51. Appointmentofotherofficersandservants ............................ 60

52. Loansandadvancestoofficersandservants .......................... 60

53. Tenureofoffice ....................................................................... 61

54. Revocation of appointment and resignation ........................... 61

55. Temporary exercise of functions and powers of Commissioner ........................................................ 61

56. Vacationofoffice .................................................................... 61

57. Remuneration and allowances ................................................ 62

58. Delegation of Commissioner’s functions and powers ............ 62

59. Direction by Minister .............................................................. 63

60. Returns, reports, accounts and information ............................ 63

Part V : Personal Data Protection Fund

61. Establishment of Fund ............................................................ 64

62. Expenditure to be charged on Fund ........................................ 65

63. Conservation of Fund ............................................................. 66

64. Reserve fund ........................................................................... 66

65. Financial year ......................................................................... 66

66. Limitation on contracts ........................................................... 66

67. Bank accounts ......................................................................... 66

68. Accounts and audit ................................................................. 66

69. Expenditure and preparation of estimates .............................. 67


v

Part VI : Personal Data Protection Advisory Committee

Section

70. Establishment of Advisory Committee ................................... 67

71. Functions of Advisory Committee .......................................... 67

72. Members of Advisory Committee .......................................... 68

73. Tenureofoffice ....................................................................... 68

74. Revocation of appointment and resignation ........................... 68

75. Temporary exercise of functions of Chairman ....................... 68


77. Allowances ............................................................................. 70

78. Time and place of meetings .................................................... 70

79. Advisory Committee may invite others to attend meetings ... 70

80. Minutes ................................................................................... 71

81. Procedure ................................................................................ 71

82. Members to devote time to business of Advisory Committee .......................................................... 71

Part VII : Appeal Tribunal

83. Establishment of Appeal Tribunal .......................................... 71

84. Powers of Appeal Tribunal ..................................................... 71

85. Members of Appeal Tribunal .................................................. 73

86. SecretarytoAppealTribunalandotherofficers,etc. ............. 73

87. Tenureofoffice ....................................................................... 74

88. Resignation and revocation of appointment ........................... 74

89. Temporary exercise of functions of Chairman ....................... 74


91. Allowances ............................................................................. 76

92. Disclosure of interest .............................................................. 76

93. Appeal to Appeal Tribunal ...................................................... 77


vi

Section

94. Record of decision of Commissioner ..................................... 78

95. Stay of decision pending appeal ............................................. 78

96. Composition of Appeal Tribunal ............................................ 79

97. Sitting of Appeal Tribunal ...................................................... 79

98. Procedure of Appeal Tribunal ................................................. 79

99. Decision of Appeal Tribunal ................................................... 79

100. Enforcement of decision of Appeal Tribunal .......................... 80

Part VIII : Inspection, Complaint and Investigation

101. Inspection of personal data system ......................................... 80

102. Relevant data user, etc., to be informed of result of inspection ............................................................. 81

103. Reports by Commissioner ...................................................... 81

104. Complaint ............................................................................... 82

105. Investigation by Commissioner .............................................. 82

106. Restriction on investigation initiated by complaint ................ 83

107. Commissioner may carry out or continue investigation initiated by complaint notwithstanding withdrawal of complaint ......................................................... 85

108. Enforcement notice ................................................................. 85

109. Variation or cancellation of enforcement notice ..................... 88

Part IX : Enforcement

110. Authorizedofficers ................................................................. 88

111. Authority card ......................................................................... 88

112. Power of investigation ............................................................ 89

113. Search and seizure with warrant ............................................. 89

114. Search and seizure without warrant ........................................ 91


vii

Section

115. Access to computerized data .................................................. 91

116. Warrant admissible notwithstanding defects .......................... 92

117. List of computer, book, account, etc., seized .......................... 92

118. Release of computer, book, account, etc., seized ................... 93

119. No cost or damages arising from seizure to be recoverable ..................................................................... 94

120. Obstruction to search .............................................................. 94

121. Power to require production of computer, book, account, etc. ................................................. 95

122. Power to require attendance of persons acquainted with case .................................................. 95

123. Examination of persons acquainted with case ........................ 96

124. Admission of statements in evidence ..................................... 97

125. Forfeiture of computer, book, account, etc., seized ................ 98

126. Joinder of offences ................................................................ 100

127. Power of arrest ...................................................................... 100

Part X : Miscellaneous

128. Register ................................................................................. 100

129. Transfer of personal data to places outside Malaysia ........... 101

130. Unlawful collecting, etc., of personal data ........................... 104

131. Abetment and attempt punishable as offences...................... 105

132. Compounding of offences..................................................... 106

133. Offences by body corporate .................................................. 107

134. Prosecution ........................................................................... 108

135. Jurisdiction to try offences.................................................... 108

136. Service of notices or other documents .................................. 108

137. Public Authorities Protection Act 1948 ................................ 109

138. Public servant ....................................................................... 109


viii

Section

139. Protection against suit and legal proceedings ....................... 109

140. Protection of informers ......................................................... 110

141. Obligation of secrecy ............................................................ 111

142. Things done in anticipation of the enactment of this Act ..... 111

143. Power to make regulations ................................................... 112

144. Prevention of anomalies ....................................................... 113

Part XI : Savings and Transitional Provisions

145. Personal data processed before the date of coming into operation of this Act ............................................................. 113

146. Registration of persons who process personal data before the date of coming into operation of this Act ............ 114

Government Gazettes A. Personal Data Protection Regulations 2013 ......................... 115

B. Personal Data Protection (Class of Data Users) Order 2013 ............................................................................ 125

C. Personal Data Protection (Registration of Data User) Regulations 2013 .................................................................. 133

D. Personal Data Protection (Fees) Regulations 2013 .............. 141

E. Appoint of Date of Coming into Operation .......................... 147

F. Appointment of Personal Data Protection Commissioner .... 151

********


ix

Susunan Seksyen .................................................................. 157

Bahagian I : Permulaan

Seksyen

1. Tajuk ringkas dan permulaan kuat kuasa .............................. 165

2. Pemakaian ............................................................................. 165

3. Ketidakpakaian ..................................................................... 167

4. Tafsiran ................................................................................. 167

Bahagian II : Perlindungan Data Peribadi

Penggal 1Prinsip Perlindungan Data Peribadi

5. Prinsip Perlindungan Data Peribadi ...................................... 173

6. Prinsip Am ............................................................................ 174

7. Prinsip Notis dan Pilihan ...................................................... 175

8. Prinsip Penzahiran ................................................................ 177

9. Prinsip Keselamatan ............................................................. 177

10. Prinsip Penyimpanan ............................................................ 179

11. Prinsip Integriti Data ............................................................ 179

12. Prinsip Akses ........................................................................ 179

Akta Perlindungan Data Peribadi 2010(Akta 709)


x

Penggal 2Pendaftaran

Seksyen

13. Pemakaian Penggal ini .......................................................... 179

14. Pendaftaran pengguna data ................................................... 180

15. Permohonan untuk pendaftaran ............................................ 180

16. Perakuan pendaftaran ........................................................... 181

17. Pembaharuan perakuan pendaftaran ..................................... 182

18. Pembatalan pendaftaran ........................................................ 182

19. Penyerahan perakuan pendaftaran ........................................ 183

20. Daftar Pengguna Data ........................................................... 184

Penggal 3Forum pengguna data dan tataamala

21. Forum pengguna data ........................................................... 184

22. Daftar Forum Pengguna Data ............................................... 185

23. Tataamalan ............................................................................ 185

24. Pesuruhjaya boleh mengeluarkan tataamalan ....................... 187

25. Tataamalan yang terpakai ..................................................... 189

26. Pembatalan, dsb., tataamalan ................................................ 190

27. Pengemukaan tataamalan yang baru oleh forum pengguna data .................................................... 191

28. Daftar Tataamalan ................................................................. 191

29. Ketidakpatuhan tataamalan ................................................... 192

Penggal 4Hak subjek data

30. Hak untuk mengakses data peribadi ..................................... 192

31. Pematuhan permintaan mengakses data ............................... 193


xi

Seksyen

32. Hal keadaan yang pengguna data boleh enggan mematuhi permintaan mengakses data .................... 194

33. Pemberitahuan mengenai keengganan mematuhi permintaan mengakses data ................................. 196

34. Hak untuk membetulkan data peribadi ................................. 197

35. Pematuhan permintaan pembetulan data .............................. 198

36. Hal keadaan yang pengguna data boleh enggan mematuhi permintaan pembetulan data ................... 200

37. Pemberitahuan mengenai keengganan untuk mematuhi permintaan pembetulan data ...................... 202

38. Penarikan balik persetujuan untuk memproses data peribadi ...................................................... 203

39. Takat penzahiran data peribadi ............................................. 204

40. Pemprosesan data peribadi sensitif ....................................... 205

41. Pengumpulan data peribadi secara berulang dalam hal keadaan yang sama ............................... 208

42. Hak untuk menghalang pemprosesan yang mungkin menyebabkan kerosakan atau distres .................... 209

43. Hak untuk menghalang pemprosesan bagi maksud pemasaran langsung ........................................ 211

44. Rekod disimpan oleh pengguna data .................................... 212

Bahagian III : Pengecualian

45. Pengecualian ......................................................................... 212

46. Kuasa untuk membuat pengecualian tambahan .................... 215


xii

Bahagian IV : Pelantikan, Fungsi dan Kuasa Pesuruhjaya

Seksyen

47. Pelantikan Pesuruhjaya ......................................................... 216

48. Fungsi Pesuruhjaya ............................................................... 216

49. Kuasa Pesuruhjaya ................................................................ 218

50. Pelantikan Timbalan Pesuruhjaya dan Penolong Pesuruhjaya .................................................... 219

51. Pelantikan pegawai lain dan pekhidmat ............................... 220

52. Pinjaman dan wang pendahuluan kepada pegawai dan pekhidmat ........................................................ 220

53. Tempoh jawatan .................................................................... 220

54. Pembatalan pelantikan dan peletakan jawatan ..................... 220

55. Penjalanan sementara fungsi dan kuasa Pesuruhjaya ........... 220

56. Pengosongan jawatan ........................................................... 221

57. Saraan dan elaun ................................................................... 222

58. Pewakilan fungsi dan kuasa Pesuruhjaya ............................. 222

59. Arahan oleh Menteri ............................................................. 222

60. Penyata, laporan, akaun dan maklumat ................................ 222

Bahagian V : Kumpulan Wang Perlindungan Data Peribadi

61. Penubuhan Kumpulan Wang ................................................ 223

62. Perbelanjaan yang hendaklah dipertanggungkan pada Kumpulan Wang ............................. 224

63. Pemeliharaan Kumpulan Wang ............................................ 225

64. Kumpulan wang rizab ........................................................... 225

65. Tahun kewangan ................................................................... 225

66. Batasan untuk berkontrak ..................................................... 225

67. Akaun bank ........................................................................... 226

68. Akaun dan audit .................................................................... 226

69. Perbelanjaan dan penyediaan anggaran ................................ 226


xiii

Bahagian VI : Jawatankuasa Penasihat Perlindungan Data Peribadi

Seksyen

70. Penubuhan Jawatankuasa Penasihat ..................................... 227

71. Fungsi Jawatankuasa Penasihat ............................................ 227

72. Anggota Jawatankuasa Penasihat ......................................... 227

73. Tempoh jawatan .................................................................... 227

74. Pembatalan pelantikan dan peletakan jawatan ..................... 228

75. Penjalanan sementara fungsi Pengerusi ................................ 228


77. Elaun ..................................................................................... 230

78. Masa dan tempat mesyuarat ................................................. 230

79. Jawatankuasa Penasihat boleh mengundang orang lain untuk menghadiri mesyuarat ............................... 230

80. Minit ..................................................................................... 231

81. Tatacara ................................................................................. 231

82. Anggota hendaklah menumpukan masa kepada urusan Jawatankuasa Penasihat ................................ 231

Bahagian VII : Tribunal Rayuan

83. Penubuhan Tribunal Rayuan ................................................. 231

84. Kuasa Tribunal Rayuan ........................................................ 232

85. Keanggotaan Tribunal Rayuan ............................................. 233

86. Setiausaha Tribunal Rayuan dan pegawai lain, dsb. ............. 234

87. Tempoh jawatan .................................................................... 234

88. Peletakan jawatan dan pembatalan jawatan .......................... 235

89. Penjalanan sementara fungsi Pengerusi ................................ 235


91. Elaun ..................................................................................... 237

92. Penzahiran kepentingan ........................................................ 237


xiv

Seksyen

93. Rayuan kepada Tribunal Rayuan .......................................... 238

94. Rekod keputusan Pesuruhjaya .............................................. 239

95. Penggantungan keputusan sementara menunggu rayuan ..... 240

96. Keanggotaan Tribunal Rayuan ............................................. 240

97. Persidangan Tribunal Rayuan ............................................... 240

98. Tatacara Tribunal Rayuan ..................................................... 241

99. Keputusan Tribunal Rayuan ................................................. 241

100. Penguatkuasaan keputusan Tribunal Rayuan ....................... 241

Bahagian VIII : Pemeriksaan, Aduan dan Penyiasatan

101. Pemeriksaan sistem data peribadi ......................................... 241

102. Pengguna data yang berkaitan, dll., hendaklah dimaklumkan mengenai keputusan pemeriksaan ................. 242

103. Laporan oleh Pesuruhjaya .................................................... 243

104. Aduan .................................................................................... 244

105. Penyiasatan oleh Pesuruhjaya ............................................... 244

106. Sekatan terhadap penyiasatan yang dimulakan melalui aduan ...................................................... 245

107. Pesuruhjaya boleh menjalankan atau meneruskan penyiasatan yang dimulakan melalui aduan walaupun aduan itu ditarik balik ................... 247

108. Notis penguatkuasaan ........................................................... 247

109. Perubahan atau pembatalan notis penguatkuasaan ............... 250

Bahagian IX : Penguatkuasaan

110. Pegawai diberi kuasa ............................................................ 251

111. Kad kuasa ............................................................................. 251

112. Kuasa penyiasatan ................................................................ 251

113. Penggeledahan dan penyitaan dengan waran ....................... 251


xv

Seksyen

114. Penggeledahan dan penyitaan tanpa waran .......................... 254

115. Capaian kepada data berkomputer ........................................ 254

116. Waran boleh diterima walaupun cacat .................................. 255

117. Senarai komputer, buku, akaun, dsb., yang disita ................ 255

118. Pelepasan komputer, buku, akaun, dsb., yang disita ............ 256

119. Tiada kos atau ganti rugi yang berbangkit daripada penyitaan boleh didapatkan ................................... 257

120. Halangan terhadap penggeledahan ....................................... 257

121. Kuasa untuk menghendaki pengemukaan komputer, buku, akaun, dsb. ................................................. 258

122. Kuasa untuk menghendaki kehadiran orang yang mempunyai pengetahuan tentang kes .......................... 259

123. Pemeriksaan orang yang mempunyai pengetahuan tentang kes ....................................................... 259

124. Kebolehterimaan pernyataan sebagai keterangan ................. 260

125. Pelucuthakan komputer, buku, akaun, dsb., yang disita ....... 261

126. Percantuman kesalahan ......................................................... 264

127. Kuasa menangkap ................................................................. 264

Bahagian X : Pelbagai

128. Daftar .................................................................................... 264

129. Pemindahan data peribadi ke tempat di luar Malaysia ......... 265

130. Pengumpulan, dsb., data peribadi yang menyalahi undang-undang .................................................... 268

131. Pensubahatan dan cubaan boleh dihukum sebagai kesalahan .................................................. 270

132. Pengkompaunan kesalahan ................................................... 271

133. Kesalahan oleh pertubuhan perbadanan ............................... 272

134. Pendakwaan .......................................................................... 273

135. Bidang kuasa untuk membicarakan kesalahan ..................... 273


xvi

Seksyen

136. Penyampaian notis atau dokumen lain ................................. 274

137. Akta Perlindungan Pihak Berkuasa Awam 1948 .................. 274

138. Pekhidmat awam ................................................................... 275

139. Perlindungan terhadap guaman dan prosiding undang-undang ..................................................... 275

140. Perlindungan pemberi maklumat .......................................... 275

141. Obligasi kerahsiaan ............................................................... 276

142. Benda yang dilakukan dalam menjangkakan Akta ini akan diperbuat ......................................................... 277

143. Kuasa untuk membuat peraturan-peraturan .......................... 278

144. Pencegahan anomali ............................................................. 279

Bahagian XI : Peruntukan Kecualian dan Peralihan

145. Data peribadi yang diproses sebelum tarikh permulaan kuat kuasa Akta ini .............................................. 279

146. Pendaftaran orang yang memproses data peribadi sebelum tarikh permulaan kuat kuasa Akta ini ..................... 280

Warta Kerajaan A. Peraturan-Peraturan Perlindungan Data Peribadi 2013 ........ 281

B. Perintah Perlindungan Data Peribadi (Golongan Pengguna Data) 2013 ............................................................ 291

C. Peraturan-Peraturan Perlindungan Data Peribadi (Pendaftaran Pengguna Data) 2013 ...................................... 299

D. Peraturan-Peraturan Perlindungan Data Peribadi (Fi) 2013 ................................................................. 309

E. Penetapan Tarikh Permulaan Kuat Kuasa ............................. 315

F. Pelantikan Pesuruhjaya Perlindungan Data Peribadi ............ 319

Documents

Contents · i 2010 i ii 2010 i Contents Arrangement of Sections ..... 3 Part I : Preliminary Section 1