Latest Posts
Search for:
In Data Privacy

Malaysia Introduces Alternative to Prosecution of Data Protection Breaches

by 3 Mins Read

Malaysia has introduced a new mechanism for sanctioning data protection breaches. Under section 132 of the Personal Data Protection Act 2010 supplemented by the Personal Data Protection (Compounding of Offences) Regulations 2016 (“the Regulations”), enacted on 16 March 2016, certain data protection offences may be “compounded” instead of being formally prosecuted. In other words, offenders may be given the option to pay a certain amount of money and in return no prosecution will be instituted against them in relation to that offence.

How Does The New Regime Work?

Under the new regime, the Data Protection Commissioner may – with the consent of the public prosecutor – make an offer to an alleged offender to compound a compoundable offence. The offer may be made any time after the offence has been committed and before any prosecution has been instituted in relation to it.  The Commissioner may determine the amount to be paid by the offender which amount must not exceed 50% of the maximum fine for the relevant offence. The alleged offender may then accept or reject the offer. If and when an offence has been compounded, no prosecution may be instituted against the alleged offender in respect of that offence.

Which Offences Are Compoundable?

Schedule 1 of the Regulations sets out the offences that may be compounded. These include, for example:

·        contraventions of data protection principles;

·        processing personal data without a valid registration;

·        failure to cease processingafter receiving notice that a data subject has withdrawn its consent to such processing;

·        failure to process sensitive data in accordance with applicable restrictions;

·        failure to comply with an enforcement notice; or

·        failure to cease processing personal data for purposes of direct marketing in accordance with directions from the Commissioner.

Comments

Malaysia is not alone in using a compounding mechanism in lieu of prosecution. A similar mechanism can also be found in Singapore data protection legislation. It is also generally not uncommon for compounding mechanisms to be used in lieu of prosecution in Malaysia. This mechanism is frequently used in legislation governing a wide range of sectors such as financial services, telecommunications and public transportation as a means of enforcement.

The new compounding mechanism is expected to ease the current backlog of data protection prosecution cases and may signal the start of a stronger enforcement of Malaysian data protection legislation.

Contributors: Adeline Lew and Kherk Ying Chew

 

Categories:
Tags:
Author

Kherk Ying Chew heads the Intellectual Property and Dispute Resolution Practice Groups of Wong & Partners. She has decades of experience in IP, commercial litigation, corporate compliance, information technology and Internet regulatory issues. Ms. Chew has been named among the Commended External Counsels of the Year 2017 by the In-House Community. She is also one of two Malaysians ranked in Top 250 Women in IP 2017 by Managing IP. She is ranked in the first tier of IP practitioners in Malaysia by Chambers Asia and Asia Pacific Legal 500. According to Chambers Asia Pacific, Ms. Chew is "an acclaimed figure in the sector, drawing praise as a lawyer who is 'really commercial, very practical' and 'knows her subject impressively well'". Asia Pacific Legal 500 had previously commented that she is "highly respected for contentious and non-contentious work" and has won "an important precedent-setting case for Malaysian software copyright law.”

Related Posts