Cyber Law; Personal Data Protection

Cyber Law on E-Commerce

CYBER LAW ON E-COMMERCE

PERSONAL DATA PROTECTION

Legislative acts COMPARED

Table OF CONTENTS

1.0INTRODUCTION

2.0PERSONAL DATA PROTECTION ACT 2010

2.1Application

2.2Principles

2.2.1General Principle

2.2.2Notice & A ; Choice Principle

2.2.3Disclosure Principle

2.2.4Security Principle

2.2.5Retention Principle

2.2.6Data Integrity Principle

2.2.7Access Principle

2.3Right of Datas Subject

2.4Penalties

3.0DATA PROTECTION ACT 1998

3.1Application

3.2Principles

3.2.1Processed Fairly & A ; Lawfully

3.2.2Obtained merely for One/ More Specified & A ; Lawful Purposes

3.2.3Adequate, Relevant & A ; Not Excessive

3.2.4Accurate & A ; Where Necessary, Kept Up to Date

3.2.5Processed Data Not Kept for Longer Than is Necessary

3.2.6Processed in Accordance with Rights of Datas Subject

3.2.7Taking Appropriate Measures Against Unauthorised/Unlawful Processing & A ; Against Loss/Damage

3.2.8Personal Data shall Not be Transferred to Countries outside of EEA without Adequate Level of Protection

3.3Rights of Data Subject

3.4Penalties

4.0SIMILARITIES BETWEEN PDPA 2010 AND DPA 1998

5.0EXAMPLE OF CASES

5.1Malaysia

5.2United Kingdom

6.0REFERENCES

7.0APPENDIX

1.0INTRODUCTION

With the promotion and edification of today’s engineerings, the universe is no longer safe from privateness. Worst of all, there is no jurisprudence that is able to regulate or support against informations privateness or personal informations in the Cyberworld. As a consequence, hackers/perpetrators breach into the privateness of victims, stealing valuable and personal information without victim’s cognition for assorted intents, normally to perpetrate frauds. With the rise of cybercrimes and informations frauds, protection of personal information and information becomes more important. Therefore, a legislative act was proposed in Malaysia and was named the Personal Data Protection Act 2010 ( PDPA ) that seeks to modulate processing of personal informations of persons that are involved in commercial minutess. More significantly, it was drafted to supply protection to any individual’s personal informations. The act was gazetted in the twelvemonth June 2010 but was non put into force until November 2013.

On the other manus, there are other states that already have regulating legislative acts to protect personal informations since a long clip ago. As such, the United Kingdom has amended such an act to safeguard the information for the involvements of persons. The act was called Data Protection Act 1998 ( DPA ) . It was foremost composed in 1984 and was updated in 1998. Since the jurisprudence of Malaysia is chiefly based on the common jurisprudence legal system, both Acts of the Apostless might portion similarities which will be farther elaborated in the ulterior subdivisions.

2.0PERSONAL DATA PROTECTION ACT 2010

The Malaysia PDPA 2010 has of import inside informations that should be noted and elaborated in this assignment. First of all, PDPA is applicable through certain scenarios that must be fulfilled to hold the personal informations be protected. Furthermore, the processing of personal informations should besides follow with PDPA 2010 7 rules which are the General Principle, Notice & A ; Choice Principle, Disclosure Principle, Security Principle, Retention Principle, Data Integrity Principle and Access Principle. Besides that, cognizing the rights of informations topic is of import as a mean to protect the involvement and confidentiality of the informations topic. Last, failure to adhere or follow with the act leads to effects and punishments which will besides be described here.

2.1Application [ 1 ]

The act is merely applicable to:

  1. anyone who processes, or has mandate of the processing any personal informations for any commercial minutess.
  2. anyone who in non established in Malaysia but uses equipment in Malaysia to treat personal informations otherwise than for intents of theodolite through Malaya

However, there are certain exclusions where the act does non use to such as:

  1. Federal Government & A ; State Governments for legal administrative intents
  2. personal informations that is processed outside of Malaysia unless informations is to be farther processed in Malaya

2.2Principles [ 2 ]

2.2.1General Principle

This rule disallows the informations user from treating personal informations unless the information topic has given permission to the informations user to make so. Still, this rule is exempted from certain state of affairss such as public presentation of a contract where information topic is involved, protecting critical involvements of informations topic, disposal of justness many more.

Furthermore, the rule besides states that personal informations can be processed merely if the information is processed for legal intent related to an activity of the informations user, or treating the information is necessary for that mentioned intent and that the personal information is merely plenty and non inordinate for the intent.

2.2.2Notice & A ; Choice Principle

This rule requires the informations user to advise the informations capable via written signifier as a consent to the information topic. The contents of the written signifier would be:

  1. recognition that the information subject’s personal information is being processed
  2. description every bit good as intent of that information will be provided to the informations topic
  3. informations subject’s right to bespeak entree and rectification of informations with contact inside informations of informations user
  4. reference of 3rd parties whom the information user has exposed the personal informations to
  5. picks and agencies offered by informations user to informations topic to restrict the personal informations that is to be processed
  6. inquiry to data capable whether information to be supplied is obligatory or voluntary
  7. effects of informations topic should he/she neglect to provide the informations
ALSO READ  Storage Virtualisation Evolution In Modern Data Centers Information Technology Essay

The written signifier to be sent to the informations topic must be written in English and Bahasa Malaysia. Furthermore, a clear and readily accessible agencies shall be provided to the informations topic to do a pick in both the linguistic communications.

2.2.3Disclosure Principle

With the recognition of the information topic, the personal informations can be revealed to parties and for intents that has been granted by informations capable merely. The exclusion where revelation can be done are:

  1. with purpose to forestall or observe a offense
  2. informations user has the right in jurisprudence to unwrap the personal informations to other people
  3. revelation is in public involvement which is decided by the Minister

2.2.4Security Principle

Precaution and necessary stairss are to be taken by the informations user to protect the informations from any loss, maltreatment, alteration, unauthorised entree, revelation or devastation when the informations user processes the information. The information user has to take into consideration of:

  1. where the information is stored
  2. the effect of the informations due to protection failure
  3. security steps taken to procure equipment where information is stored
  4. guaranting that forces holding entree to informations is trusty and dependable
  5. stairss taken to guarantee the safety of transportation of personal informations [ 3 ]

2.2.5Retention Principle

Under this rule, it is stated that processed personal informations for any intent is non allowed to be kept longer than necessary for the completion of the intent. The information user will be responsible to carry on steps to guarantee that information is deleted for good once the information is no longer required.

2.2.6Data Integrity Principle

The informations user is required to verify and do certain that the information maintains its unity that the information is still integral, up-to-date and has non changed. This manner, informations that is disclosed to other 3rd parties is the same to avoid any farther confusion. Not merely that, it becomes an duty for the informations user besides to obtain updates from the informations topic on a regular footing for informations unity.

2.2.7Access Principle

Under this rule, the information topic has the right to entree his/her ain personal informations that is held by the informations user. In the event that the personal information might be incorrect or inaccurate, the informations topic is able to change and rectify the information. However, there are certain exclusions in the Act where the informations user may decline the right to entree under certain fortunes such as an component of confidentiality involved.

2.3Right of Datas Subject [ 4 ]

As a personal information belongs to a information topic, the informations topic is entitled to several rights to the informations.

  1. Rights to entree personal informations

The informations user needs to inform the informations topic whether the information is being processed. A requestor ( can be the informations topic ) may compose to the informations user to do a information entree petition upon payment of a fee. From at that place, a transcript of the personal informations can be sent to the requestor.

  1. Right to rectify personal informations

In the event that the requestor considers that the transcript of informations supplied to the requestor is inaccurate, non up-to-date or uncomplete, the requestor may do a information rectification petition to the informations user to do the necessary rectification to the personal informations.

  1. Right to withdrawal of consent

A information topic has the rights to retreat his consent to the processing of his personal informations. This can be done by composing a notice to the informations user to inform of the consent where the informations user shall discontinue the processing upon having the notice.

  1. Right to forestall treating likely to do harm or hurt

For grounds that the personal informations belonging to the informations topic might do harm to himself or to another individual or cause harm that would be indefensible, the informations topic can compose a notice to the informations user to halt the processing of personal informations. However, this right shall non be applied for the same grounds that are stated in the freedoms of the General Principle such as the public presentation of a contract where information topic is involved.

  1. Right to forestall processing for intent of direct selling

If the personal information is processed for the intent of direct selling, the information topic has the rights to necessitate the informations user to hold the processing. The information topic, where he may be dissatisfied with the failure of the informations user to follow with the notice written to him, an application can be submitted to the Commissioner to asseverate the informations user to follow with the notice.

ALSO READ  Nhs Personal Statement - Essay Example

2.4Penalties

There are several penalties or liabilities that are enforced for certain offenses made. Each offense carry different badness of liability and/or penalty.

  1. Failure to follow with PDPA 2010 Principles [ 5 ]

The informations user is apt to a all right that does non transcend RM300,000 and/or imprisonment for a term of non more than 2 old ages.

  1. Failure of a informations user processing personal informations without certification of enrollment [ 6 ]

Fine of non more than RM500,00 and/or imprisonment for a term of non more than 3 old ages.

  1. Data user continues to treat personal informations after enrollment revoked [ 7 ]

Fine of non more than RM500,000 and/or imprisonment for a term of non more than 3 old ages.

  1. Failure of informations user to follow with codification of pattern [ 8 ]

Fine of non more than RM100,000 and/or imprisonment for a term of non more than 1 twelvemonth.

  1. Refusal to follow with commissioner’s demands to discontinue processing of personal informations that is likely to do harm or hurt [ 9 ]

Fine of non more than RM200,000 and/or imprisonment for a term of non more than 2 old ages.

3.0DATA PROTECTION ACT 1998

The Data Protection Act 1998 covers non merely personal informations but ‘data’ in general as a whole as compared to the PDPA 2010 which legislates personal informations entirely. Even so, DPA 1998 comes foremost before the PDPA 2010 was even drafted, the DPA 1998 would hold adequate Torahs to protect the personal information of the people of the United Kingdom ( UK ) . PDPA 2010 merely involves the information topic and information user/processer, this is nevertheless, different for DPA 1998 which consists of a information accountant, information processor and information topic. A information accountant is person who decides on the intents of the information that is to be processed whereas the information processor is an person who processes the informations on behalf of the informations accountant.

3.1Application [ 10 ]

The Act applies to a information accountant in 2 scenarios:

  1. merely if he is established in UK and that the informations are processed at that place
  2. established outside of UK and European Economic Area ( EEA ) province but uses equipment in UK for processing. A UK representative must be nominated in this instance for the intent of this Act.

Besides that, an invidual is considered as being established in UK through these several options:

  1. occupant of UK
  2. a organic structure under the any portion of the jurisprudence of UK
  3. a partnership/association that is formed under any portion of the jurisprudence of UK
  4. an office/branch/agency in UK and any EEA province
  5. executing pattern in UK and any EEA province

3.2Principles [ 11 ]

3.2.1Processed Fairly & A ; Lawfully

The First rule specifies that the processing of informations must be done reasonably and legitimately.

3.2.2Obtained merely for One/ More Specified & A ; Lawful Purposes

Every information that is collected and processed must hold its intent and its grounds which should be stated in a notice by the informations accountant to the information topic. With that, the informations can merely be processed for that stated intent and no other. The Commissioner is besides to be notified by the informations accountant sing the intent of the information processing.

3.2.3Adequate, Relevant & A ; Not Excessive

The information collected should merely be plenty and non more than necessary nor any less. As an illustration, make fulling up a signifier of rank card merely requires full name, race, reference, phone figure and designation figure. Other sensitive personal information that was non asked for such as birth designation figure, faith and others are non required.

3.2.4Accurate & A ; Where Necessary, Kept Up to Date

This rule requires that informations should be accurate at all times and should be invariably updated where necessary. Information obtained and recorded by the informations accountant from the informations topic should be accurate by holding respects that the informations accountant have taken sensible safeguards for the ensuring that the information is accurate. The informations topic may advise the informations accountant that the information is inaccurate with the informations in manus as cogent evidence and fact that it is inaccurate.

3.2.5Processed Data Not Kept for Longer Than is Necessary

Once the information has served its intent, it must be disposed as it is no longer required and is non necessary. In concurrence to the 3rd rule, informations would be deemed inordinate as the information no longer has any intent.

ALSO READ  The Devastating Time During The Holocaust History Essay

3.2.6Processed in Accordance with Rights of Datas Subject

Any processing of informations conducted by the information accountant has to be regarded with the rights of the informations topic such as rights to entree personal informations, prevent automated determinations for processing of personal informations, forestalling the processing of personal informations for the intents of direct selling and others. There is a timescale where the responses to capable entree petitions have to be made within 40 yearss of the reception of petition. [ 12 ]

3.2.7Taking Appropriate Measures Against Unauthorised/Unlawful Processing & A ; Against Loss/Damage [ 13 ]

The information accountant must be cognizant of the injury that might ensue from the unauthorised or improper processing or loss or amendss that is done to the information. Therefore, it is of import to uphold facets of security to guarantee that information is non disclosed or altered in any manner. Since the information might hold been accessed by employees of the informations accountant, he has to do certain that the employees are dependable and trustable for the confidentiality of the information. Besides that, the information accountant has to pick a dependable information processor so that information is safe. Then, the information processor has to transport out the processing under a contract with the informations accountant and merely to move upon the instructions of the informations accountant.

3.2.8Personal Data shall Not be Transferred to Countries outside of EEA without Adequate Protection

As the Act is legislated in UK, protection towards the information is legit even in EEA. Once information is transferred outside of EEA, protection of the information is non guaranteed to be safe and may be abused for assorted intents whilst non protected under this Act. Consent should be given to informations capable beforehand for the sentiment on the informations being transferred outside of the EEA and UK.

3.3Rights of Data Subject [ 14 ]

  1. Right of Access to Personal Data

The information topic has the rights to entree personal informations that is stored by the informations accountant. Therefore, the informations accountant should provide any the personal information of the information topic, intent of the informations and parties who the information accountant has disclosed to. There is a little fee of a‚¤10 for providing the information to the information topic. A petition in authorship must be made to the informations accountant by the informations topic in order to be supplied with the needed information.

  1. Rights of Correction of Personal Data

Should at that place be any inaccuracy to the personal informations held by the informations accountant, the informations topic is entitled the right to coerce the informations accountant to rectify the errors in the information.

  1. Rights to Prevent Processing likely to Cause Damage/Distress

The information topic is entitled the power to compose a notice to the informations accountant to stop the processing of the personal informations for a specified intent and grounds such as the likely of the informations to do harm or hurt every bit good as doing damage/distress to other parties.

  1. Rights to Prevent Processing for Purposes of Direct Marketing

Personal informations that is used for direct selling efforts can be stopped by the informations topic. Likewise, a written notice necessitate to be sent to the informations accountant to discontinue the processing of the personal informations. With the failure of the informations accountant to follow, the tribunal can order him to take such stairss for following with the notice if the tribunal is satisfied and thinks tantrum.

  1. Rights to Prevent Automatic Decisions

The informations topic can stipulate to necessitate the informations accountant to guarantee that the determinations taken on behalf of the informations accountant is non done automatically towards the processing of the personal information. The informations accountant so has to compose a notice to the informations topic that specifies the stairss he intends to take to follow with the demand of the informations topic.

  1. Rights to Complain to Information Commissioner

If an issue between the informations topic and the informations accountant got out of manus, the informations topic can seek the Information Commissioner to reexamine the user of the personal informations belonging to the information topic. The Information Commissioner has the power to implement the opinion of DPA and punish the informations accountant under any offense that the information accountant has violated.

  1. Rights of Compensation

In the event that harm or dissatisfaction has invaded to the information topic, the information topic has the right to utilize the jurisprudence to obtain compensation for amendss that have been caused from inaccuracy, revelation or loss of the informations.

3.4Penalties [ 15 ]

4.0SIMILARITIES BETWEEN PDPA 2010 AND DPA 1998

5.0EXAMPLE OF CASES

5.1Malaysia

5.2United Kingdom

6.0REFERENCES

7.0APPENDIX

1