KUALA LUMPUR – The Communications and Digital Ministry is conducting a review on whether to increase the compound rate or fine that can be imposed on parties involved in personal data breaches.
Deputy minister Teo Nie Ching said the current compound rate imposed under the Personal Data Protection Act 2010 (Act 709) does not match the seriousness of the offence.
“We are examining and also reviewing the penalty and fines under Act 709, so that the compounds or fines to be imposed on data breach cases can be increased further and the companies and agencies involved are aware that they have to bear a greater responsibility.”
She said this in response to a supplementary question from Datuk Seri Dr Wan Azizah Wan Ismail (Bandar Tun Razak-PH) who wanted to know the steps that can be taken by the government to improve cyber security during Minister’s Question Time (MQT) in Dewan Rakyat.
Teo said based on Cyber Security Malaysia records, there were 19 cases of personal data breach recorded in 2020, 28 cases in 2021, and 50 cases in 2022, while from January to February this year 49 cases were recorded.
She said so far seven cases have been charged in court under Section 5 of Act 709 – with total compounds amounting to RM200,000 – and eight cases under Section 16, with compounds totaling RM81,000.
“As such, we intend to look into Act 709 and one of the proposals is to further increase the rate of fines and compounds that can be imposed.
“We want a punishment that is justified... for example if the offender has leaked not only the names but also the phone and identity card numbers, we want a more appropriate punishment according to the offences that were committed,” she said.
She said the ministry plans to table an amendment to Act 709 in Dewan Rakyat within a year – in addition to a cyber-security-related act which is currently at the engagement stage with the relevant parties and expected to be presented to Parliament soon. – Bernama, March 7, 2023
.jpg)
