The issue of privacy has come under the spotlight with the emergence of the Internet. Despite the fact that a significant amount of personal information is retained in online databases which are vulnerable to unauthorized access, Malaysia has no dedicated data protection laws. The draft Personal Data Protection Bill (see Overview (December 2001)), which was published by the government for public comment, has yet to be tabled in Parliament.

Certain laws govern particular industries that handle a vast amount of personal data. In particular, the Digital Signature Act and its regulations provide for the legal recognition of digital signatures.

In conducting their business, licensed certification authorities and certain repository and data/time stamp services have access to personal data. The act has express (but general) provisions permitting these authorities to collect personal data directly from the relevant individual, but only where necessary for the act's purposes. Data may be collected from third parties with their written consent.

The act does not oblige the authorities to destroy collated personal information after any length of time, but merely stipulates that their records be retained for at least 10 years from the last entry.

It is apparent that a uniform legislation on privacy regulating the collection, use, possession, processing and protection of information is necessary in order to address concerns that have arisen from the emergence of the digital economy. The government's recent initiative to introduce specific data protection laws to address privacy issues is welcomed. It will be interesting to see how the law, when passed, will ultimately apply.

For further information on this topic please contact Sharon Suyin Tan at Zaid Ibrahim & Co by telephone (+603 257 9999) or by fax (+603 254 4888) or by email ([email protected]).