Malaysia is planning to amend its data protection laws to introduce a data breach notification regime and a wide expansion of the rights of data subjects. Once in effect, companies are required to, among other things, 1) provide detailed summaries of data breaches to the Malaysian Personal Data Protection Commissioner (the Commissioner), including the type and amount of personal data compromised; 2) implement containment and control measures and outline in detail the measures taken to minimize the impact of the breach; 3) notify the Commissioner within 72 hours of becoming aware of a breach, providing details on the method in which the company is notifying the affected data subjects and the advice it is giving to those subjects; and 4) instill data protection training programs and provide details to the Commissioner about the content of those programs, including whether company employees received training in the last 24 months.
The Communications and Multimedia Minister has stressed the need for a refresh of the legislation, in a process that should take the EU’s General Data Protection Regulation (GDPR) into consideration. The proposed amendments could mean wide-scale alterations to business practices and the need to adopt practices similar to those required by the GDPR.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers.
Attorney Advertising—Sidley Austin LLP, One South Dearborn, Chicago, IL 60603. +1 312 853 7000. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships, as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP