The implementation of the Personal Data Protection Act 2010 (PDPA) meant to protect the privacy of personal data of Malaysians has been deferred repeatedly.
With the grace period ending on August 16, the actual date of implementation is expected to be further delayed if there are still changes to be made to the PDPA guidelines.
Personal Data Protection Department public relations officer Norhani told Sin Chew Daily that the Attorney General's Chambers is currently studying the relevant guidelines under the Act, and the Act will not be put into full implementation so long as there are still changes to be made.
She said if the AG Chambers' e-Federal Gazette does not publish the actual implementation date by tomorrow, the Act is likely to be further deferred again.
When asked to comment on the repeated deferment of the implementation of PDPA, Norhani said the Act had been delayed after consulting public views and understanding that businesses need more time to implement the guidelines.
"The PDPA can come into force any time, but involved companies need more time to map out their strategies and compile the data to make sure all customer particulars are up to date in order not to violate the Act.
"If the PDPA is to go into effect on the 16th of this month, communication and multimedia minister: Datuk Seri Ahmad Shabery Cheek will make the announcement on that day during a function in Kedah."
The Personal Data Protection Department is an agency established under the ministry of communication and multimedia to help protect the personal data of Malaysians. It is tasked with the responsibility of overseeing customer data flow during a commercial transaction to ensure that all parties conform to the rules and regulations.
Norhani said one of the principles of PDPA is to ensure that all user particulars are accurate, up-to-date and non-misleading.
The Personal Data Protection Department has since 2012 met some 200 telecommunication service providers and businesses, and most of them have had clear understanding of the Act.
Norhani pointed out that many businesses have expressed need for more time to conform to the seven principles laid down by the PDPA.
"Most larger companies have already informed their clients and updated their data although some smaller ones have yet to adapt themselves to the new law."
She reiterated that the PDPA would only come into effect where commercial transactions are involved. Upon the implementation of the Act, users can direct their complaints to email@example.com.
She explained that if the users receive any marketing phone calls or messages, they must first inform the senders they are not interested in their products or services and request that their personal particulars (phone numbers) are deleted from their systems.
"You still need to inform them if they send a second message. You can only initiate the complaint procedure after receiving a third similar marketing message from them."
Although Facebook is not under the jurisdiction of the PDPA, Norhani said users can still complain to the department if their particulars have been abused by others for commercial purposes.
For example, if someone takes the picture of a person and then uploads it onto FB for re-sale to third parties, complaints can be lodged against the person.