|
In brief
- New privacy legislation is likely to affect all IT outsourcing in Malaysia.
- Significantly, the new Act includes potential imprisonment for breach.
|
In April, the Malaysian Parliament enacted the Personal Data Protection Act, the latest development in the increasing regulation of private data in the ASEAN region. The Act will apply to all private sector data processing occurring in Malaysia in a commercial context.
The Malaysian provisions broadly follow the European Union approach, rather than the United States / APEC approach, although some of the more bureaucratic elements of the EU Directive have been excluded. Another significant departure is that the Malaysian Act provides for penalties including imprisonment for breaches of the Act, although the system of enforcement has been criticised for being unworkable.
The introduction of this Act is likely to significantly affect Malaysia’s outsourcing industry, and potentially ease restrictions on inbound data from the EU and other jurisdictions with developed data privacy regimes. Many Australian enterprises engage Malaysia’s cost effective IT industry to process employee and payroll data. The Act will apply to that type of activity, and may cause significant changes to the industry, including upgrades of IT security standards.
This article was written by Alix Grice, Special Counsel, Singapore and Emily Stanton, Graduate, Perth.
More information
For information regarding possible implications for your business, contact