contents · i 2010 i ii 2010 i contents arrangement of sections ..... 3 part i : preliminary...
TRANSCRIPT
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
i
Contents
Arrangement of Sections .......................................................... 3
Part I : Preliminary
Section
1. Short title and commencement ............................................... 11
2. Application ............................................................................. 11
3. Non-application ...................................................................... 13
4. Interpretation .......................................................................... 13
Part II : Personal Data Protection
Division 1Personal Data Protection Principles
5. Personal Data Protection Principles ....................................... 18
6. General Principle .................................................................... 19
7. Notice and Choice Principle ................................................... 20
8. Disclosure Principle ................................................................ 22
9. Security Principle ................................................................... 22
10. Retention Principle ................................................................. 23
11. Data Integrity Principle .......................................................... 24
12. Access Principle .................................................................... 24
Personal Data Protection Act 2010(Act 709)
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
ii
Division 2Registration
Section
13. Application of this Division ................................................... 24
14. Registration of data users ....................................................... 24
15. Application for registration .................................................... 25
16. Certificateofregistration ........................................................ 25
17. Renewalofcertificateofregistration ...................................... 26
18. Revocation of registration ...................................................... 27
19. Surrenderofcertificateofregistration .................................... 28
20. Register of Data Users ............................................................ 28
Division 3Data user forum and code of practice
21. Data user forum ...................................................................... 29
22. Register of Data User Forums ................................................ 30
23. Code of practice ...................................................................... 30
24. Commissioner may issue code of practice ............................. 31
25. Applicable code of practice .................................................... 33
26. Revocation, etc., of code of practice ...................................... 34
27. Submission of new code of practice by data user forum ........ 35
28. Register of Codes of Practice ................................................. 35
29. Non-compliance with code of practice ................................... 36
Division 4Rights of data subject
30. Right of access to personal data ............................................. 36
31. Compliance with data access request ..................................... 37
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
iii
Section
32. Circumstances where data user may refuse to comply with data access request ......................................... 37
33. Notificationofrefusaltocomplywith data access request .................................................................. 40
34. Right to correct personal data ................................................. 40
35. Compliance with data correction request ............................... 41
36. Circumstances where data user may refuse to comply with data correction request ................................... 43
37. Notificationofrefusaltocomplywith data correction request ............................................................ 44
38. Withdrawal of consent to process personal data ..................... 46
39. Extent of disclosure of personal data ...................................... 46
40. Processing of sensitive personal data ..................................... 47
41. Repeated collection of personal data in same circumstances ............................................................ 50
42. Right to prevent processing likely to cause damage or distress ......................................................... 50
43. Right to prevent processing for purposes of direct marketing .................................................................. 53
44. Record to be kept by data user ................................................ 53
Part III : Exemption
45. Exemption ............................................................................... 54
46. Power to make further exemptions ......................................... 56
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
iv
Part IV : Appointment, Functions and Powers of Commissioner
Section
47. Appointment of Commissioner .............................................. 57
48. Functions of Commissioner .................................................... 57
49. Powers of Commissioner ........................................................ 59
50. Appointment of Deputy Commissioners and Assistant Commissioners ................................................. 60
51. Appointmentofotherofficersandservants ............................ 60
52. Loansandadvancestoofficersandservants .......................... 60
53. Tenureofoffice ....................................................................... 61
54. Revocation of appointment and resignation ........................... 61
55. Temporary exercise of functions and powers of Commissioner ........................................................ 61
56. Vacationofoffice .................................................................... 61
57. Remuneration and allowances ................................................ 62
58. Delegation of Commissioner’s functions and powers ............ 62
59. Direction by Minister .............................................................. 63
60. Returns, reports, accounts and information ............................ 63
Part V : Personal Data Protection Fund
61. Establishment of Fund ............................................................ 64
62. Expenditure to be charged on Fund ........................................ 65
63. Conservation of Fund ............................................................. 66
64. Reserve fund ........................................................................... 66
65. Financial year ......................................................................... 66
66. Limitation on contracts ........................................................... 66
67. Bank accounts ......................................................................... 66
68. Accounts and audit ................................................................. 66
69. Expenditure and preparation of estimates .............................. 67
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
v
Part VI : Personal Data Protection Advisory Committee
Section
70. Establishment of Advisory Committee ................................... 67
71. Functions of Advisory Committee .......................................... 67
72. Members of Advisory Committee .......................................... 68
73. Tenureofoffice ....................................................................... 68
74. Revocation of appointment and resignation ........................... 68
75. Temporary exercise of functions of Chairman ....................... 68
76. Vacationofoffice .................................................................... 69
77. Allowances ............................................................................. 70
78. Time and place of meetings .................................................... 70
79. Advisory Committee may invite others to attend meetings ... 70
80. Minutes ................................................................................... 71
81. Procedure ................................................................................ 71
82. Members to devote time to business of Advisory Committee .......................................................... 71
Part VII : Appeal Tribunal
83. Establishment of Appeal Tribunal .......................................... 71
84. Powers of Appeal Tribunal ..................................................... 71
85. Members of Appeal Tribunal .................................................. 73
86. SecretarytoAppealTribunalandotherofficers,etc. ............. 73
87. Tenureofoffice ....................................................................... 74
88. Resignation and revocation of appointment ........................... 74
89. Temporary exercise of functions of Chairman ....................... 74
90. Vacationofoffice .................................................................... 75
91. Allowances ............................................................................. 76
92. Disclosure of interest .............................................................. 76
93. Appeal to Appeal Tribunal ...................................................... 77
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
vi
Section
94. Record of decision of Commissioner ..................................... 78
95. Stay of decision pending appeal ............................................. 78
96. Composition of Appeal Tribunal ............................................ 79
97. Sitting of Appeal Tribunal ...................................................... 79
98. Procedure of Appeal Tribunal ................................................. 79
99. Decision of Appeal Tribunal ................................................... 79
100. Enforcement of decision of Appeal Tribunal .......................... 80
Part VIII : Inspection, Complaint and Investigation
101. Inspection of personal data system ......................................... 80
102. Relevant data user, etc., to be informed of result of inspection ............................................................. 81
103. Reports by Commissioner ...................................................... 81
104. Complaint ............................................................................... 82
105. Investigation by Commissioner .............................................. 82
106. Restriction on investigation initiated by complaint ................ 83
107. Commissioner may carry out or continue investigation initiated by complaint notwithstanding withdrawal of complaint ......................................................... 85
108. Enforcement notice ................................................................. 85
109. Variation or cancellation of enforcement notice ..................... 88
Part IX : Enforcement
110. Authorizedofficers ................................................................. 88
111. Authority card ......................................................................... 88
112. Power of investigation ............................................................ 89
113. Search and seizure with warrant ............................................. 89
114. Search and seizure without warrant ........................................ 91
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
vii
Section
115. Access to computerized data .................................................. 91
116. Warrant admissible notwithstanding defects .......................... 92
117. List of computer, book, account, etc., seized .......................... 92
118. Release of computer, book, account, etc., seized ................... 93
119. No cost or damages arising from seizure to be recoverable ..................................................................... 94
120. Obstruction to search .............................................................. 94
121. Power to require production of computer, book, account, etc. ................................................. 95
122. Power to require attendance of persons acquainted with case .................................................. 95
123. Examination of persons acquainted with case ........................ 96
124. Admission of statements in evidence ..................................... 97
125. Forfeiture of computer, book, account, etc., seized ................ 98
126. Joinder of offences ................................................................ 100
127. Power of arrest ...................................................................... 100
Part X : Miscellaneous
128. Register ................................................................................. 100
129. Transfer of personal data to places outside Malaysia ........... 101
130. Unlawful collecting, etc., of personal data ........................... 104
131. Abetment and attempt punishable as offences...................... 105
132. Compounding of offences..................................................... 106
133. Offences by body corporate .................................................. 107
134. Prosecution ........................................................................... 108
135. Jurisdiction to try offences.................................................... 108
136. Service of notices or other documents .................................. 108
137. Public Authorities Protection Act 1948 ................................ 109
138. Public servant ....................................................................... 109
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
viii
Section
139. Protection against suit and legal proceedings ....................... 109
140. Protection of informers ......................................................... 110
141. Obligation of secrecy ............................................................ 111
142. Things done in anticipation of the enactment of this Act ..... 111
143. Power to make regulations ................................................... 112
144. Prevention of anomalies ....................................................... 113
Part XI : Savings and Transitional Provisions
145. Personal data processed before the date of coming into operation of this Act ............................................................. 113
146. Registration of persons who process personal data before the date of coming into operation of this Act ............ 114
Government Gazettes A. Personal Data Protection Regulations 2013 ......................... 115
B. Personal Data Protection (Class of Data Users) Order 2013 ............................................................................ 125
C. Personal Data Protection (Registration of Data User) Regulations 2013 .................................................................. 133
D. Personal Data Protection (Fees) Regulations 2013 .............. 141
E. Appoint of Date of Coming into Operation .......................... 147
F. Appointment of Personal Data Protection Commissioner .... 151
********
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
ix
Susunan Seksyen .................................................................. 157
Bahagian I : Permulaan
Seksyen
1. Tajuk ringkas dan permulaan kuat kuasa .............................. 165
2. Pemakaian ............................................................................. 165
3. Ketidakpakaian ..................................................................... 167
4. Tafsiran ................................................................................. 167
Bahagian II : Perlindungan Data Peribadi
Penggal 1Prinsip Perlindungan Data Peribadi
5. Prinsip Perlindungan Data Peribadi ...................................... 173
6. Prinsip Am ............................................................................ 174
7. Prinsip Notis dan Pilihan ...................................................... 175
8. Prinsip Penzahiran ................................................................ 177
9. Prinsip Keselamatan ............................................................. 177
10. Prinsip Penyimpanan ............................................................ 179
11. Prinsip Integriti Data ............................................................ 179
12. Prinsip Akses ........................................................................ 179
Akta Perlindungan Data Peribadi 2010(Akta 709)
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
x
Penggal 2Pendaftaran
Seksyen
13. Pemakaian Penggal ini .......................................................... 179
14. Pendaftaran pengguna data ................................................... 180
15. Permohonan untuk pendaftaran ............................................ 180
16. Perakuan pendaftaran ........................................................... 181
17. Pembaharuan perakuan pendaftaran ..................................... 182
18. Pembatalan pendaftaran ........................................................ 182
19. Penyerahan perakuan pendaftaran ........................................ 183
20. Daftar Pengguna Data ........................................................... 184
Penggal 3Forum pengguna data dan tataamala
21. Forum pengguna data ........................................................... 184
22. Daftar Forum Pengguna Data ............................................... 185
23. Tataamalan ............................................................................ 185
24. Pesuruhjaya boleh mengeluarkan tataamalan ....................... 187
25. Tataamalan yang terpakai ..................................................... 189
26. Pembatalan, dsb., tataamalan ................................................ 190
27. Pengemukaan tataamalan yang baru oleh forum pengguna data .................................................... 191
28. Daftar Tataamalan ................................................................. 191
29. Ketidakpatuhan tataamalan ................................................... 192
Penggal 4Hak subjek data
30. Hak untuk mengakses data peribadi ..................................... 192
31. Pematuhan permintaan mengakses data ............................... 193
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
xi
Seksyen
32. Hal keadaan yang pengguna data boleh enggan mematuhi permintaan mengakses data .................... 194
33. Pemberitahuan mengenai keengganan mematuhi permintaan mengakses data ................................. 196
34. Hak untuk membetulkan data peribadi ................................. 197
35. Pematuhan permintaan pembetulan data .............................. 198
36. Hal keadaan yang pengguna data boleh enggan mematuhi permintaan pembetulan data ................... 200
37. Pemberitahuan mengenai keengganan untuk mematuhi permintaan pembetulan data ...................... 202
38. Penarikan balik persetujuan untuk memproses data peribadi ...................................................... 203
39. Takat penzahiran data peribadi ............................................. 204
40. Pemprosesan data peribadi sensitif ....................................... 205
41. Pengumpulan data peribadi secara berulang dalam hal keadaan yang sama ............................... 208
42. Hak untuk menghalang pemprosesan yang mungkin menyebabkan kerosakan atau distres .................... 209
43. Hak untuk menghalang pemprosesan bagi maksud pemasaran langsung ........................................ 211
44. Rekod disimpan oleh pengguna data .................................... 212
Bahagian III : Pengecualian
45. Pengecualian ......................................................................... 212
46. Kuasa untuk membuat pengecualian tambahan .................... 215
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
xii
Bahagian IV : Pelantikan, Fungsi dan Kuasa Pesuruhjaya
Seksyen
47. Pelantikan Pesuruhjaya ......................................................... 216
48. Fungsi Pesuruhjaya ............................................................... 216
49. Kuasa Pesuruhjaya ................................................................ 218
50. Pelantikan Timbalan Pesuruhjaya dan Penolong Pesuruhjaya .................................................... 219
51. Pelantikan pegawai lain dan pekhidmat ............................... 220
52. Pinjaman dan wang pendahuluan kepada pegawai dan pekhidmat ........................................................ 220
53. Tempoh jawatan .................................................................... 220
54. Pembatalan pelantikan dan peletakan jawatan ..................... 220
55. Penjalanan sementara fungsi dan kuasa Pesuruhjaya ........... 220
56. Pengosongan jawatan ........................................................... 221
57. Saraan dan elaun ................................................................... 222
58. Pewakilan fungsi dan kuasa Pesuruhjaya ............................. 222
59. Arahan oleh Menteri ............................................................. 222
60. Penyata, laporan, akaun dan maklumat ................................ 222
Bahagian V : Kumpulan Wang Perlindungan Data Peribadi
61. Penubuhan Kumpulan Wang ................................................ 223
62. Perbelanjaan yang hendaklah dipertanggungkan pada Kumpulan Wang ............................. 224
63. Pemeliharaan Kumpulan Wang ............................................ 225
64. Kumpulan wang rizab ........................................................... 225
65. Tahun kewangan ................................................................... 225
66. Batasan untuk berkontrak ..................................................... 225
67. Akaun bank ........................................................................... 226
68. Akaun dan audit .................................................................... 226
69. Perbelanjaan dan penyediaan anggaran ................................ 226
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
xiii
Bahagian VI : Jawatankuasa Penasihat Perlindungan Data Peribadi
Seksyen
70. Penubuhan Jawatankuasa Penasihat ..................................... 227
71. Fungsi Jawatankuasa Penasihat ............................................ 227
72. Anggota Jawatankuasa Penasihat ......................................... 227
73. Tempoh jawatan .................................................................... 227
74. Pembatalan pelantikan dan peletakan jawatan ..................... 228
75. Penjalanan sementara fungsi Pengerusi ................................ 228
76. Pengosongan jawatan ........................................................... 229
77. Elaun ..................................................................................... 230
78. Masa dan tempat mesyuarat ................................................. 230
79. Jawatankuasa Penasihat boleh mengundang orang lain untuk menghadiri mesyuarat ............................... 230
80. Minit ..................................................................................... 231
81. Tatacara ................................................................................. 231
82. Anggota hendaklah menumpukan masa kepada urusan Jawatankuasa Penasihat ................................ 231
Bahagian VII : Tribunal Rayuan
83. Penubuhan Tribunal Rayuan ................................................. 231
84. Kuasa Tribunal Rayuan ........................................................ 232
85. Keanggotaan Tribunal Rayuan ............................................. 233
86. Setiausaha Tribunal Rayuan dan pegawai lain, dsb. ............. 234
87. Tempoh jawatan .................................................................... 234
88. Peletakan jawatan dan pembatalan jawatan .......................... 235
89. Penjalanan sementara fungsi Pengerusi ................................ 235
90. Pengosongan jawatan ........................................................... 235
91. Elaun ..................................................................................... 237
92. Penzahiran kepentingan ........................................................ 237
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
xiv
Seksyen
93. Rayuan kepada Tribunal Rayuan .......................................... 238
94. Rekod keputusan Pesuruhjaya .............................................. 239
95. Penggantungan keputusan sementara menunggu rayuan ..... 240
96. Keanggotaan Tribunal Rayuan ............................................. 240
97. Persidangan Tribunal Rayuan ............................................... 240
98. Tatacara Tribunal Rayuan ..................................................... 241
99. Keputusan Tribunal Rayuan ................................................. 241
100. Penguatkuasaan keputusan Tribunal Rayuan ....................... 241
Bahagian VIII : Pemeriksaan, Aduan dan Penyiasatan
101. Pemeriksaan sistem data peribadi ......................................... 241
102. Pengguna data yang berkaitan, dll., hendaklah dimaklumkan mengenai keputusan pemeriksaan ................. 242
103. Laporan oleh Pesuruhjaya .................................................... 243
104. Aduan .................................................................................... 244
105. Penyiasatan oleh Pesuruhjaya ............................................... 244
106. Sekatan terhadap penyiasatan yang dimulakan melalui aduan ...................................................... 245
107. Pesuruhjaya boleh menjalankan atau meneruskan penyiasatan yang dimulakan melalui aduan walaupun aduan itu ditarik balik ................... 247
108. Notis penguatkuasaan ........................................................... 247
109. Perubahan atau pembatalan notis penguatkuasaan ............... 250
Bahagian IX : Penguatkuasaan
110. Pegawai diberi kuasa ............................................................ 251
111. Kad kuasa ............................................................................. 251
112. Kuasa penyiasatan ................................................................ 251
113. Penggeledahan dan penyitaan dengan waran ....................... 251
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
xv
Seksyen
114. Penggeledahan dan penyitaan tanpa waran .......................... 254
115. Capaian kepada data berkomputer ........................................ 254
116. Waran boleh diterima walaupun cacat .................................. 255
117. Senarai komputer, buku, akaun, dsb., yang disita ................ 255
118. Pelepasan komputer, buku, akaun, dsb., yang disita ............ 256
119. Tiada kos atau ganti rugi yang berbangkit daripada penyitaan boleh didapatkan ................................... 257
120. Halangan terhadap penggeledahan ....................................... 257
121. Kuasa untuk menghendaki pengemukaan komputer, buku, akaun, dsb. ................................................. 258
122. Kuasa untuk menghendaki kehadiran orang yang mempunyai pengetahuan tentang kes .......................... 259
123. Pemeriksaan orang yang mempunyai pengetahuan tentang kes ....................................................... 259
124. Kebolehterimaan pernyataan sebagai keterangan ................. 260
125. Pelucuthakan komputer, buku, akaun, dsb., yang disita ....... 261
126. Percantuman kesalahan ......................................................... 264
127. Kuasa menangkap ................................................................. 264
Bahagian X : Pelbagai
128. Daftar .................................................................................... 264
129. Pemindahan data peribadi ke tempat di luar Malaysia ......... 265
130. Pengumpulan, dsb., data peribadi yang menyalahi undang-undang .................................................... 268
131. Pensubahatan dan cubaan boleh dihukum sebagai kesalahan .................................................. 270
132. Pengkompaunan kesalahan ................................................... 271
133. Kesalahan oleh pertubuhan perbadanan ............................... 272
134. Pendakwaan .......................................................................... 273
135. Bidang kuasa untuk membicarakan kesalahan ..................... 273
Personal Data Protection Act 2010Akta Perlindungan Data Peribadi 2010
xvi
Seksyen
136. Penyampaian notis atau dokumen lain ................................. 274
137. Akta Perlindungan Pihak Berkuasa Awam 1948 .................. 274
138. Pekhidmat awam ................................................................... 275
139. Perlindungan terhadap guaman dan prosiding undang-undang ..................................................... 275
140. Perlindungan pemberi maklumat .......................................... 275
141. Obligasi kerahsiaan ............................................................... 276
142. Benda yang dilakukan dalam menjangkakan Akta ini akan diperbuat ......................................................... 277
143. Kuasa untuk membuat peraturan-peraturan .......................... 278
144. Pencegahan anomali ............................................................. 279
Bahagian XI : Peruntukan Kecualian dan Peralihan
145. Data peribadi yang diproses sebelum tarikh permulaan kuat kuasa Akta ini .............................................. 279
146. Pendaftaran orang yang memproses data peribadi sebelum tarikh permulaan kuat kuasa Akta ini ..................... 280
Warta Kerajaan A. Peraturan-Peraturan Perlindungan Data Peribadi 2013 ........ 281
B. Perintah Perlindungan Data Peribadi (Golongan Pengguna Data) 2013 ............................................................ 291
C. Peraturan-Peraturan Perlindungan Data Peribadi (Pendaftaran Pengguna Data) 2013 ...................................... 299
D. Peraturan-Peraturan Perlindungan Data Peribadi (Fi) 2013 ................................................................. 309
E. Penetapan Tarikh Permulaan Kuat Kuasa ............................. 315
F. Pelantikan Pesuruhjaya Perlindungan Data Peribadi ............ 319