Personal data transfer to be regulated from next year
10th October 2003 (NST)
By K.T. Chelvi

KUALA LUMPUR, Oct 9: The Personal Data Protection Bill to be tabled in Parliament next year, will regulate the transfer of consumer data to a third party by institutions.

Minister in the Prime Minister's Department Datuk Seri Dr Rais Yatim said the legislation would regulate the collection, procession and use of personal data by any person or institution.

Institutions including banks which currently out-source their non-core activities, would need to be cautious on the kind of information released to their contractors.

The legislation would specify the type of data which could be accessed by third parties as well as those which required the owner's permission before it could be released.

"The data of all bank customers are within the reach of everybody, except probably, their account particulars. The banks may rightly or wrongly be extending information such as addresses, IC particulars and creditworthiness to third parties without the individual's permission," said Rais at the Press conference after opening a seminar on Data Protection, here today.

He added that in such situation it is almost impossible for a person to trace who was releasing or misusing his personal information and how it was being transmitted.

"Though the banks may feel uncomfortable, they ought to understand that illegal transfer of data has always been regarded as a criminal act. International practice demands that data protection be an integral part of the banking business and those who violate this must face the music." Rais also said that he was concerned with the misuse of data concerning a person's insolvency, whereby this record would remain unchanged even after he becomes solvent.

"This data would be referred to again and again; thus affecting a person's chances of getting loans." He said currently, the bankruptcy division in the Prime Minister's department was looking into ways of solving this, so that past insolvency records of a person could not be misused by third parties.

Penalties for infringement or violation under the Act would include, maximum jail term of 10 to 12 years, depending on the severity of the offence, said Rais.

The Bill was also expected to incorporate provisions for the protection of DNA data kept by the police.

"If a person's DNA data is retrieved illegally by others, it would be a violation," he said.

Rais said the new law could also be enforced across national boundaries via international co-operation.

Nevertheless, he added that to be effective, policing must also be strict and stringent.