Latest news with #PDPA
New Straits Times
20 hours ago
- Business
- New Straits Times
Gobind: Malaysia must think global on digital security
KUALA LUMPUR: The government is accelerating efforts to build a robust digital security ecosystem, with a dual focus on grooming homegrown cybersecurity talent and crafting regulatory guardrails for artificial intelligence (AI). Digital Minister Gobind Singh Deo said Malaysia must think beyond its borders when it comes to digital security, as cybersecurity challenges and solutions are increasingly global in nature. "We want our talent to be recognised internationally and equipped to meet global standards," he said at the launch of the Certified Chief Information Security Officer (C|CISO) programme on Tuesday. He said bolstering the local talent pool will be critical as Malaysia prepares to implement the long-awaited Cyber Security Act and the amended Personal Data Protection Act (PDPA).
New Straits Times
a day ago
- Business
- New Straits Times
NST Leader: Of PDPA and DPOs
"Give us time, give us time", is a refrain we often hear from Malaysian employers when the government introduces a new law or regulation. The amendment to the Personal Data Protection Act (PDPA) that makes the appointment of data protection officers (DPO) mandatory for companies processing more than 20,000 individual personal data or 10,000 sensitive personal data entries, is no exception, with the Small and Medium Enterprises Association of Malaysia, the Malaysian Employers Federation and the Federation of Malaysian Manufacturers complaining that the rule on DPOs is vague and they need more time. Are employers right? No, according to lawyer Arik Zakri. Malaysia, he says, ranks high on the list of countries where online fraud and personal data leaks are common occurrences. To him, there is no valid reason to delay the enforcement of the PDPA. Plus, nine months have elapsed since the Dewan Negara passed the amendment bill on July 31, 2024. Given that three public consultation papers have been issued since January last year, time shouldn't be an issue. As Arik points out, the employers would be missing a good legal defence if they delay the appointment of the DPOs. DPOs, being experts in their field, help companies safeguard personal data, which can serve as a defence in law if they are charged for offences under the act. The directors of the companies can claim they took every reasonable measure possible. Perhaps the employers are misreading the PDPA as amended. Not all companies are required to appoint DPOs. A good question for employers to ask is does this business require DPOs? The answer will be obvious: only companies that hit the 20,000 individual personal data or 10,000 sensitive personal data entries threshold need to do so. Companies that handle that number of personal data are into economies of scale to make higher profits, argues Arik. They should consider the money spent on appointing DPOs as a cost of doing that kind of business. Let's be blunt. Scams and data leakages in Malaysia have reached appalling levels. Malaysia's jurisprudence has not reached a stage where litigation based on breaches of data protection is widespread. We have yet to see big cases where punitive fines and jail terms being imposed on large corporations, such as telcos and financial institutions, for breaches of customers' personal data. The government is right in making the appointment of DPOs mandatory. Let's not forget that the PDPA was passed in 2013 and that is enough time for our employers to have prepared their businesses for this eventuality. Employers should adopt a more positive attitude and march in step with the government's efforts to protect the personal data of the people. It is also in the interest of the employers to hurry with the appointment of the DPOs because it can help mitigate the litigation risks that the companies may be up against. Employers should not underestimate the impact of a data breach suit; it can be so damaging — should the data subjects be numerous — that it can put an entity out of business. True, we haven't had such a case in Malaysia, but it doesn't mean it will never happen.
New Straits Times
3 days ago
- Business
- New Straits Times
Data protection officer rule creates SME compliance woes
KUALA LUMPUR: An association representing more than 5,000 small- and medium-scale enterprises (SMEs) has voiced concerns about the lack of clarity on the government's requirement for certain businesses to employ data protection officers (DPOs). Last July, the Personal Data Protection Act (PDPA) was amended, requiring, among other things, the appointment of DPOs for companies processing more than 20,000 individual personal data entries and 10,000 sensitive personal data entries. The amended PDPA comes into effect today, but the Small and Medium Enterprises Association of Malaysia (Samenta) said many companies are in the dark over policy specifics. "Most SMEs are struggling to interpret what is expected of them, including the criteria for determining who qualifies as a DPO, the scope of responsibilities, and the consequences of non-compliance," Samenta president Datuk William Ng said. He said while SMEs understood the importance of data protection, there is a need to be realistic about the capacity of smaller companies to absorb additional costs linked to the rule. "Many SMEs subject to PDPA are using bare-bones templates for their policy statements. "The new rule requiring a data protection officer will raise costs and compliance requirements." He said the creation of such a role would set an SME back by RM45,000 to RM60,000 a year. Ng called on the government to extend the deadline for compliance. "We need the government to provide clearer, more detailed guidelines on the DPO role, including responsibilities, compliance expectations and enforcement mechanisms." The New Straits Times has reached out to the Digital Ministry for comment and clarification about the DPO role, enforcement plans and industry player concerns, but has not received a response. While the Personal Data Protection Commissioner's Office has released guidelines on the appointment of DPOs, employers say the guidelines lack clarity and specificity. According to the FAQ on the commission's website, no minimum requirements have been set for DPOs, although employers must ensure that appointed officers receive adequate training to perform their duties. It also states that DPOs must be knowledgeable about PDPA and have a sound understanding of data security. The FAQ said there is no directive on the duration of courses or training that DPOs must attend. "However, it is recommended that such courses or training be completed within a reasonable timeframe, and organisations should determine an appropriate duration based on the course content and their needs." Malaysian Employers Federation president Datuk Syed Hussain Syed Husman has called for the publication of detailed guidelines on the minimum qualifications required for DPOs. "The government should outline minimum competency standards to ensure consistency. "Without this standard, enforcement may be arbitrary, and employers acting in good faith may face penalties." "Without guidelines on credentials, employers face uncertainty when hiring and appointing DPOs." Syed Hussain said MSMEs, in particular, would struggle with role allocation, especially if the DPO role is part time or combined with other responsibilities. "For large employers, DPO responsibilities may be absorbed within the legal, compliance or IT departments. "But most SMEs will find it difficult to manage this as a separate requirement. "We need to be realistic in our execution and not rely on a textbook approach." He urged the government to consider extending the compliance deadline. "Additional time will allow employers to prepare and build the necessary infrastructure for sustained compliance and effective data protection governance." Federation of Malaysian Manufacturers president Tan Sri Soh Thian Lai said hiring a full-time DPO would significantly increase salary and benefit costs for companies. "Annual salaries for an in-house DPO range from RM40,000 to RM150,000, depending on the company's size, the size and complexity of the data handled, and the talent's experience." Soh said a short extension period should be given to companies struggling to comply with the regulation. He said the government should provide additional guidance and support, such as training programmes and clearer communication about the requirements. Jobstreet by SEEK estimates that 27,000 DPOs are needed to fulfil the government's requirements, its managing director Nicholas Lam said. "There is no public estimate for thenumber of practising DPOs in Malaysia. "However, industry feedback on our platform indicates that while organisations recognise the importance of data protection, many do not yet have a dedicated DPO role." Lam said DPO job listings have been relatively unchanged since 2021 despite the new requirements. UiTM Associate Professor of Cybersecurity and Information Safety Dr Muhamad Khairulnizam Zaini said university programmes at the bachelor's and master's levels and even certificates were sufficient to supply such talent. "The Human Resources Development Corporation's Data Privacy and Privacy by Design course is also applicable to develop the skills needed." Khairulnizam, however, said there would be a temporary shortage of DPOs as the June deadline looms. "We are on the right track. Preparedness is a challenge due to a lack of talent." He said that the government's mandate has aligned Malaysia more closely with international standards. He added that having qualified personnel will reduce data breaches and cybersecurity risks, and encourage companies to be more accountable in maintaining cyber hygiene.
Daily Record
4 days ago
- Sport
- Daily Record
Florian Hempel launches scathing attack on PDPA as German star claims 'that's how it feels'
PDC ace Joe Cullen recently questioned the purpose of the organisation and the German has now backed him up German star Florian Hempel reckons he's no chance of understanding the role of the Professional Darts Players Association. PDC ace Joe Cullen recently questioned the purpose of the organisation which the game's participants help to fund with a small percentage of their prize money. Speaking on the Game On podcast. Hempel says the troops on the circuit are struggling to acknowledge the purpose of the PDPA. He said: 'None of us 128 Tour Card holders actually know what they do. If Joe Cullen, who's been in the game for 15 years, doesn't know what they do, then I certainly don't either. "There are always a few guys from the PDPA around, like Peter Manley or Jamie Caven. "Former players who seem to have landed a post-career role, just so they don't need to find other work. "At least, that's how it feels. They each seem to have some small job, but none of them appear to have any real responsibilities. "Jamie Caven just sits behind a laptop typing things in. "He comes around once a year to talk to us, but it's never clear what it's about and it's never much.' Hempel laughed at one anecdote as he added: 'Peter Manley once scolded me for posting something on Twitter that he thought was inappropriate. "It was about a situation involving Mike de Decker. And I thought to myself, Peter Manley, the biggest bully darts has ever seen, is telling me what I can and can't post online. The irony was rich.'
