Personal Data Protection Act 2010 -Part 2
49. Powers of Commissioner
(1) The Commissioner shall have all such powers to do all things necessary or expedient for or in connection with the performance of his functions under this Act.
(2) Without prejudice to the generality of subsection (1), the powers of the Commissioner shall include the power--
(a) to collect such fees as may be prescribed by the Minister;
(b) to appoint such agents, experts, consultants or any other persons as he thinks fit to assist him in the performance of his functions;
(c) to formulate human resource development and cooperation programmes for the proper and effective performance of his functions;
(d) to enter into contracts;
(e) to acquire, purchase, take, hold and enjoy any movable or immovable property of every description for the performance of his functions, and to convey, assign, surrender, yield up, charge, mortgage, demise, transfer or otherwise dispose of, or deal with such property or any interest therein vested in him;
(f) to perform such other functions as the Minister may assign from time to time; and
(g) to do all such things as may be incidental to or consequential upon the performance of his functions.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/50.Appointment of Deputy Commissioners and Assistant Commissioners
(1) The Commissioner may, with the approval of the Minister, from time to time, appoint such number of public officers as Deputy Commissioners and such number of persons as Assistant Commissioners as are necessary to assist the Commissioner in the performance of his functions and the exercise of his powers under this Act.
(2) The Deputy Commissioners and Assistant Commissioners appointed under subsection (1) shall hold office for such periods, receive such remuneration, allowances or benefits, and shall be subject to such terms and conditions of service as the Commissioner, with the approval of the Minister, may determine.
(3) The Deputy Commissioners and Assistant Commissioners appointed under subsection (1) shall be subject to the supervision, direction and control of the Commissioner.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/51.Appointment of other officers and servants
The Commissioner may employ on such terms and conditions as he thinks desirable such officers and servants as may be necessary to assist him in the performance of his functions and the exercise of his powers under this Act.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/52.Loans and advances to officers and servants
The Commissioner may grant loans and advances to the officers and servants under section 51 for such purposes and on such terms and conditions as the Commissioner may determine.
Subject to such conditions as may be specified in his instrument of appointment, the Commissioner shall, unless he sooner resigns or vacates his office or his appointment is sooner revoked, hold office for a term not exceeding three years and may be eligible for reappointment.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/54.Revocation of appointment and resignation
(1) The Minister may at any time revoke the appointment of the Commissioner and shall state the reason for such revocation.
(2) The Commissioner may at any time resign his office by giving a written notice addressed to the Minister fourteen days prior to the intended date of resignation.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/55.Temporary exercise of functions and powers of Commissioner
(1) The Minister may temporarily appoint a Deputy Commissioner to perform the functions and powers of the Commissioner for the period when--
(a) the Commissioner is by reason of illness, leave of absence or any other cause unable to perform his functions for any substantial period; or
(b) the office of the Commissioner is vacant.
(2) A person appointed under subsection (1) shall, during the period in which he is performing the functions and exercising the powers of the Commissioner under this section, be deemed to be the Commissioner.
The office of the Commissioner shall be vacated--
(a) if he dies;
(b) if there has been proved against him, or he has been convicted of, a charge in respect of--
(i) an offence involving fraud, dishonesty or moral turpitude;
(ii) an offence under any law relating to corruption; or
(iii) any other offence punishable with imprisonment (in itself only or in addition to or in lieu of a fine) for more than two years;
(c) if his conduct, whether in connection with his duties as a Commissioner or otherwise, has been such as to bring discredit on the office of the Commissioner;
(d) if he becomes bankrupt;
(e) if he is of unsound mind or is otherwise incapable of discharging his duties;
(f) if his appointment is revoked by the Minister; or
(g) if his resignation is accepted by the Minister.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/57.Remuneration and allowances
The Commissioner shall be paid such remuneration and allowances as the Minister may determine after consultation with the Minister of Finance.
(1) The Commissioner may, subject to such conditions, limitations or restrictions as he may think fit to impose, delegate any of his functions or powers imposed or conferred upon him under this Act, except his power of delegation, to the Deputy Commissioners or Assistant Commissioners, and any function or power so delegated may be performed and exercised by the officer in the name and on behalf of the Commissioner.
(2) The delegation under subsection (1) shall not preclude the Commissioner himself from performing or exercising at any time the delegated functions or powers.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/59.Direction by Minister
(1) The Commissioner shall be responsible to the Minister.
(2) The Minister may give to the Commissioner directions of a general character consistent with the provisions of this Act relating to the performance of the functions and powers of the Commissioner and the Commissioner shall give effect to such directions.
60. Returns, reports, accounts and information
(2) Without prejudice to the generality of subsection (1), the Commissioner shall, as soon as practicable after the end of each financial year, cause to be made and transmitted to the Minister and if so directed by the Minister to any other public authority, a report dealing with the activities of the Commissioner during the preceding financial year, and the report shall be in such form and shall contain such information relating to the proceedings and policies of the Commissioner as the Minister may specify.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/61.Establishment of Fund
(1) For the purposes of this Act, a fund to be known as the "Personal Data Protection Fund" is established.
(2) The Fund shall be controlled, maintained and operated by the Commissioner.
(3) The Fund shall consist of--
(a) such sums as may be provided by Parliament for the purposes of this Act from time to time;
(b) fees, costs and any other charges imposed by or payable to the Commissioner under this Act;
(c) all monies derived from the sale, disposal, lease, hire or any other dealings with the movable or immovable property vested in or acquired by the Commissioner;
(d) all monies as may be paid to the Commissioner from time to time for loans given by the Commissioner; and
(e) all other monies or property which may in any manner become payable to or vested in the Commissioner in respect of any matter incidental to his functions and powers.
62. Expenditure to be charged on Fund
(a) paying any expenditure lawfully incurred by the Commissioner;
(b) paying any expenses incurred for organizing campaigns, research, studies and publication of materials for the protection of personal data;
(c) paying the remuneration, allowances, benefits and other expenses of the Commissioner, Deputy Commissioners, Assistant Commissioners, members of the Advisory Committee, members, officers and servants of the Appeal Tribunal and officers and servants of the Commissioner, including the granting of loans and advances, superannuation allowances, retirement benefits and gratuities;
(d) paying any other expenses, expenditure, fees and costs, including fees for the engagement of consultants, and legal fees and costs, properly incurred or accepted, or deemed fit by the Commissioner in the performance of his functions and the exercise of his powers;
(e) purchasing or hiring equipment and materials, acquiring land and any assets, and carrying out any other works and undertakings in the performance of his functions and the exercise of his powers; and
(f) generally, paying any expenses for carrying into effect the provisions of this Act.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/63.Conservation of Fund
It shall be the duty of the Commissioner to conserve the Fund by so performing his functions and exercising his powers under this Act as to secure that the total revenues of the Commissioner are sufficient to meet all sums properly chargeable to its revenue account, including depreciation and interest on capital, taking one year with another.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/64.Reserve fund
The Commissioner shall establish and maintain a reserve fund within the Fund.
The financial year of the Commissioner shall begin on 1 January and end on 31 December of each year.
66. Limitation on contracts
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/67.Bank accounts
The Commissioner shall open and maintain an account or accounts with such financial institution or financial institutions in Malaysia as the Commissioner, after consulting with the Minister, thinks fit; and every such account shall be operated upon as far as practicable by cheques signed by such persons as may be authorized by the Minister.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/68.Accounts and audit
The Commissioner shall cause proper accounts to be kept and maintained in respect of the Fund and in compliance with the provisions of the Statutory Bodies (Accounts and Annual Reports) Act 1980 [Act 240].
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/69.Expenditure and preparation of estimates
(1) The expenditure of the Commissioner up to such amount as may be authorized by the Minister for any one year shall be defrayed out of the Fund.
(2) Before 1 June of each year, the Commissioner shall submit to the Minister an estimate of the expenditure for the following year in such form and containing such particulars as the Minister may direct.
(3) The Minister shall, before 1 January of the following year, notify the Commissioner of the amount authorized for expenditure generally or of the amounts authorized for each description of expenditure based on the estimate prepared under subsection (2).
(4) The Commissioner may at any time submit to the Minister a supplementary estimate of its expenditure for any one year and the Minister may allow the whole or any part of the additional expenditure to be included in the supplementary estimate.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/70.Establishment of Advisory Committee
There is established a Personal Data Protection Advisory Committee.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/71.Functions of Advisory Committee
(1) The functions of the Advisory Committee shall be--
(a) to advise the Commissioner on all matters relating to personal data protection, and the due administration and enforcement of this Act; and
(b) to advise the Commissioner on any matter referred by him to the Advisory Committee.
(2) The Commissioner shall not be bound to act upon the advice of the Advisory Committee.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/72.Members of Advisory Committee
The Advisory Committee shall consist of the following members to be appointed by the Minister:
(a) a Chairman;
(b) three members from the public sector; and
(c) at least seven but not more than eleven other members.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/73.Tenure of office
A member appointed under section 72 shall, unless he sooner resigns or vacates his office or his appointment is sooner revoked, hold office for such period not exceeding three years as the Minister may determine at the time of his appointment, and shall be eligible for reappointment; but no member shall hold office for more than two consecutive terms.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/74.Revocation of appointment and resignation
(1) The Minister may at any time revoke the appointment of any member of the Advisory Committee and shall state the reason for such revocation.
(2) A member of the Advisory Committee appointed under section 72 may at any time resign from his office by giving a written notice addressed to the Minister fourteen days prior to the intended date of resignation.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/75.Temporary exercise of functions of Chairman
(a) the Chairman is by reason of illness, leave of absence or any other cause unable to perform his functions for any substantial period; or
(b) the office of the Chairman is vacant.
(2) A member appointed under subsection (1) shall, during the period in which he is performing the functions of the Chairman under this section, be deemed to be the Chairman
76. Vacation of office
(a) if he dies;
(b) if there has been proved against him, or he has been convicted of, a charge in respect of--
(i) an offence involving fraud, dishonesty or moral turpitude;
(ii) an offence under any law relating to corruption; or
(iii) any other offence punishable with imprisonment (in itself only or in addition to or in lieu of a fine) for more than two years;
(c) if his conduct, whether in connection with his duties as a member of the Advisory Committee or otherwise, has been such as to bring discredit on the Advisory Committee;
(d) if he becomes bankrupt;
(e) if he is of unsound mind or is otherwise incapable of discharging his duties;
(f) in the case of the Chairman, if he absents himself from a meeting of the Advisory Committee without leave in writing of the Minister;
(g) in the case of a member of the Advisory Committee other than the Chairman, if he absents himself from three consecutive meetings of the Advisory Committee without leave in writing of the Chairman;
(h) if his appointment is revoked by the Minister; or
(i) if his resignation is accepted by the Minister.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/77.Allowances
The Chairman and all other members of the Advisory Committee may be paid such allowances as the Minister may determine after consultation with the Minister of Finance.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/78.Time and place of meetings
(1) The Advisory Committee is to hold as many meetings as are necessary for the efficient performance of its functions and such meetings are to be held at such places and times as the Chairman may decide, provided that the Chairman shall not allow more than two months to lapse between meetings.
(2) The Chairman shall call for a meeting if requested to do so in writing by the Minister or by at least four members of the Advisory Committee.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/79.Advisory Committee may invite others to attend meetings
(1) The Advisory Committee may invite any person to attend any meeting or deliberation of the Advisory Committee for the purpose of assisting it on any matter under discussion.
(2) A person invited under subsection (1) shall be paid such allowances as may be determined by the Commissioner.
80. Minutes
(2) Minutes made of meetings of the Advisory Committee shall, if duly signed, be admissible in evidence in all legal proceedings without further proof.
(3) Every meeting of the Advisory Committee in respect of the proceedings of which minutes have been so made shall be deemed to have been duly convened and held and all members thereat to have been duly qualified to act.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/81.Procedure
The Advisory Committee may regulate its own procedure.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/82.Members to devote time to business of Advisory Committee
The members of the Advisory Committee shall devote such time to the business of the Advisory Committee as is necessary to discharge their duties effectively.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/83.Establishment of Appeal Tribunal
83. Establishment of Appeal Tribunal
84. Powers of Appeal Tribunal
(a) to summon parties to the proceedings or any other person to attend before it to give evidence in respect of an appeal;
(b) to procure and receive evidence on oath or affirmation, whether written or oral, and examine all such persons as witnesses as the Appeal Tribunal considers necessary;
(c) where a person is so summoned, to require the production of any information, document or other thing in his possession or under his control which the Appeal Tribunal considers necessary for the purposes of the appeal;
(d) to administer any oath, affirmation or statutory declaration, as the case may require;
(e) where a person is so summoned, to allow the payment for any reasonable expenses incurred in connection with his attendance;
(f) to admit evidence or reject evidence adduced, whether oral or documentary, and whether admissible or inadmissible under the provisions of any written law relating to the admissibility of evidence;
(g) to adjourn the hearing of an appeal from time to time, including the power to adjourn to consider its decision; and
(h) generally to direct and do all such matters as may be necessary or expedient for the expeditious decision of the appeal.
(2) The Appeal Tribunal shall have the powers of a subordinate court with regard to the enforcement of attendance of witnesses, hearing evidence on oath or affirmation and punishment for contempt.
85. Members of Appeal Tribunal
(a) a Chairman; and
(b) at least two other members, or such greater number of members as the Minister thinks necessary.
(3) The appointment of the members of the Appeal Tribunal shall be published by notification in the Gazette.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/86.Secretary to Appeal Tribunal and other officers, etc.
(1) The Minister shall appoint a Secretary to the Appeal Tribunal on such terms and conditions as he thinks desirable.
(2) The Secretary to the Appeal Tribunal shall be responsible for the administration and management of the functions of the Appeal Tribunal.
(3) The Minister may appoint such number of officers and servants as the Minister thinks fit to assist the Secretary to the Appeal Tribunal in carrying out his functions under subsection (2).
(4) The Secretary to the Appeal Tribunal shall have the general control of the officers and servants of the Appeal Tribunal.
(5) For the purposes of this Act, the Secretary to the Appeal Tribunal and the officers appointed under subsection (3) shall be deemed to be officers of the Appeal Tribunal.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/87.Tenure of office
(a) hold office for a term not exceeding three years; and
(b) shall be eligible for reappointment upon the expiry of his term of office, but shall not be appointed for more than two consecutive terms.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/88.Resignation and revocation of appointment
(1) The Minister may at any time revoke the appointment of a member of the Appeal Tribunal and shall state the reason for such revocation.
(2) A member of the Appeal Tribunal appointed under subsection 85(1) may at any time resign from his office by giving a written notice addressed to the Minister fourteen days prior to the intended date of resignation.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/89.Temporary exercise of functions of Chairman
(1) The Minister may temporarily appoint any member of the Appeal Tribunal to act as the Chairman for the period when--
(a) the Chairman is by reason of illness, leave of absence or any other cause unable to perform his functions for any substantial period; or
(b) the office of the Chairman is vacant.
(2) A member appointed under subsection (1) shall, during the period in which he is performing the functions of the Chairman under this section, be deemed to be the Chairman.
90. Vacation of office
(a) if he dies;
(b) if there has been proved against him, or he has been convicted of, a charge in respect of--
(i) an offence involving fraud, dishonesty or moral turpitude;
(ii) an offence under any law relating to corruption; or
(iii) any other offence punishable with imprisonment (in itself only or in addition to or in lieu of a fine) for more than two years;
(c) if his conduct, whether in connection with his duties as a member of the Appeal Tribunal or otherwise, has been such as to bring discredit on the Appeal Tribunal;
(d) if he becomes bankrupt;
(e) if he is of unsound mind or otherwise incapable of discharging his duties;
(f) if he fails to comply with his obligations under section 92;
(g) if his performance as a member of the Appeal Tribunal has been unsatisfactory for a significant period of time;
(h) if his appointment is revoked by the Minister; or
(i) if his resignation is accepted by the Minister.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/91.Allowances
(1) The Chairman of the Appeal Tribunal appointed under paragraph 85(1)(a) shall be paid such fixed allowances and other allowances as the Minister may determine.
(2) The other members of the Appeal Tribunal appointed under paragraph 85(1)(b) shall be paid--
(a) daily sitting allowances during the sitting of the Appeal Tribunal; and
(b) lodging, travelling and subsistence allowances, as the Minister may determine.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/92.Disclosure of interest
(1) A member of the Appeal Tribunal shall disclose, as soon as practicable, to the Chairman any interest, whether substantial or not, which might conflict with the member's duties as a member of the Appeal Tribunal in a particular matter.
(2) If the Chairman is of the opinion that the member's interest is in conflict with his duties as a member of the Appeal Tribunal, the Chairman shall inform all the parties to the matter of the conflict.
(3) If none of the parties to the matter objects to the conflict, the member may continue to execute his duties as a member of the Appeal Tribunal in relation to that matter.
(4) If a party to the matter objects to the conflict, the member of the Appeal Tribunal shall not continue to execute his duties as a member of the Appeal Tribunal in relation to that matter.
(5) The failure by the member to disclose his interest under subsection (1) shall--
(a) invalidate the decision of the Appeal Tribunal, unless all parties agree to be bound by the decision; and
(b) subject the member to the revocation of his appointment under section 88.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/93.Appeal to Appeal Tribunal
(1) Any person who is aggrieved by the decision of the Commissioner under this Act relating to matters, including--
(a) the registration of a data user under Division 2 of Part II;
(b) the refusal of the Commissioner to register a code of practice under subsection 23(5);
(c) the failure of the data user to comply with a data access request or data correction request under Division 4 of Part II;
(d) the issuance of an enforcement notice under section 108;
(e) the refusal of the Commissioner to vary or revoke an enforcement notice under section 109; and
(f) the refusal of the Commissioner to carry out or continue an investigation initiated by a complaint under Part VIII, may appeal to the Appeal Tribunal by filing a notice of appeal with the Appeal Tribunal.
(2) The notice of appeal shall be made in writing to the Appeal Tribunal within thirty days from the date of the decision of the Commissioner, or in the case of an enforcement notice, within thirty days after the enforcement notice is served upon the relevant data user, and the appellant shall serve a copy of the notice of appeal upon the Commissioner.
Unannatated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/94.Record of decision of Commissioner
(1) The aggrieved person referred to in subsection 93(1) may, on his own initiative, request in writing from the Commissioner a statement of the grounds for his decision.
(2) Subject to subsection (3), the Commissioner shall, upon receiving the written request under subsection (1), provide to the aggrieved person, upon the payment of a prescribed fee, a copy of a statement of the grounds for his decision.
(3) Where a notice of appeal has been filed with the Appeal Tribunal under subsection 93(1), the Commissioner shall, if he has not already written the grounds for his decision in respect of the matter stated in the notice under subsection 93(1), record in writing the grounds for his decision, and the written grounds shall form part of the record of proceedings before the Appeal Tribunal.
95. Stay of decision pending appeal
(2) An aggrieved person may apply in writing to the Appeal Tribunal for a stay of the decision of the Commissioner on or after the notice of appeal has been filed with the Appeal Tribunal.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/96.Composition of Appeal Tribunal
(1) Every proceeding of the Appeal Tribunal shall be heard and disposed of by three members or such greater uneven number of members of the Appeal Tribunal as the Chairman may in any particular case determine.
(2) In the absence of the Chairman, the senior member of the Appeal Tribunal shall preside.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/97.Sitting of Appeal Tribunal
(1) The Appeal Tribunal shall sit on such dates and at such places as the Chairman may appoint.
(2) The Chairman may cancel or postpone any sitting of the Appeal Tribunal or change the place of the sitting which has been appointed under subsection (1).
(3) The Secretary to the Appeal Tribunal shall by written notice inform the parties to the appeal of any change to the date or place of any sitting of the Appeal Tribunal.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/98.Procedure of Appeal Tribunal
The Appeal Tribunal may regulate its own procedure.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/99.Decision of Appeal Tribunal
(1) The decision of the Appeal Tribunal on any matter shall be decided on a majority of members of the Appeal Tribunal.
(2) A decision of the Appeal Tribunal shall be final and binding on the parties to the appeal.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/100.Enforcement of decision of Appeal Tribunal
A decision given by the Appeal Tribunal may, by leave of the Sessions Court, be enforced in the same manner as a judgment or order to the same effect, and where leave is so given, judgment may be entered in terms of the decision.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/101.Inspection of personal data system
101. Inspection of personal data system
(a) any personal data system used by data users for the purpose of ascertaining information to assist the Commissioner in making recommendations to the relevant data user relating to the promotion of compliance with the provisions of this Act, in particular the Personal Data Protection Principles, by the relevant data user; or
(b) any personal data system used by data users belonging to a class of data users for the purpose of ascertaining information to assist the Commissioner in making recommendations to the class of data users to which the relevant data user belongs relating to the promotion of compliance with the provisions of this Act, in particular the Personal Data Protection Principles, by the class of data users to which the relevant data user belongs.
(2) For the purposes of this section--
includes a data processor;
"personal data system"
means any system, whether automated or otherwise, which is used, whether in whole or in part, by a data user for the processing of personal data, and includes the record maintained under section 44 and any document and equipment forming part of the system.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/102.Relevant data user, etc., to be informed of result of inspection
Where the Commissioner has completed an inspection of a personal data system, he shall in such manner and at such time as he thinks fit inform the relevant data user or class of data users to which the relevant data user belongs of--
(a) the results of the inspection;
(b) any recommendations arising from the inspection that the Commissioner thinks fit to make relating to the promotion of compliance with the provisions of this Act, in particular the Personal Data Protection Principles, by the relevant data user or the class of data users to which the relevant data user belongs; and
(c) such other comments arising from the inspection as he thinks fit.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/103.Reports by Commissioner
(1) The Commissioner may, after completing the inspection of any personal data system used by data users belonging to a class of data users, publish a report--
(a) setting out any recommendations arising from the inspection that the Commissioner thinks fit to make relating to the promotion of compliance with the provisions of this Act, in particular the Personal Data Protection Principles, by the class of data users to which the relevant data users belong; and
(b) in such manner as he thinks fit.
(2) A report published under subsection (1) shall be so framed as to prevent the identity of any individual from being ascertained.
Any individual or relevant person may make a complaint in writing to the Commissioner about an act, practice or request--
(a) specified in the complaint;
(b) that has been done or engaged in, or is being done or engaged in, by the data user specified in the complaint;
(c) that relates to personal data of which the individual is the data subject; and
(d) that may be a contravention of the provisions of this Act, including any codes of practice.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/105.Investigation by Commissioner
(1) Where the Commissioner receives a complaint under section 104, the Commissioner shall, subject to section 106, carry out an investigation in relation to the relevant data user to ascertain whether the act, practice or request specified in the complaint contravenes the provisions of this Act.
(2) Where the Commissioner has reasonable grounds to believe that an act, practice or request has been done or engaged in, or is being done or engaged in, by the relevant data user that relates to personal data and such act, practice or request may be a contravention of the provisions of this Act, the Commissioner may carry out an investigation in relation to the relevant data user to ascertain whether the act, practice or request contravenes the provisions of this Act.
(3) The provisions of Part IX shall apply in respect of investigations carried out by the Commissioner under this Part.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/106.Restriction on investigation initiated by complaint
(a) the complaint, or a complaint of a substantially similar nature, has previously initiated an investigation as a result of which the Commissioner was of the opinion that there has been no contravention of the provisions of this Act;
(b) the act, practice or request specified in the complaint is trivial;
(c) the complaint is frivolous, vexatious or is not made in good faith; or
(d) any investigation or further investigation is for any other reason unnecessary.
(2) Notwithstanding the generality of the powers conferred on the Commissioner by this Act, the Commissioner may refuse to carry out or continue an investigation initiated by a complaint--
(i) the complainant; or
(ii) in the case where the complainant is a relevant person in relation to a data subject, the data subject or relevant person, as the case may be, has had actual knowledge of the act, practice or request specified in the complaint for more than two years immediately preceding the date on which the Commissioner received the complaint, unless the Commissioner is satisfied that in all the circumstances of the case it is proper to carry out or continue the investigation;
(b) if the complaint is made anonymously;
(c) if the complainant cannot be identified or traced;
(d) if the Commissioner is satisfied that the relevant data user has not been a data user for a period of not less than two years immediately preceding the date on which the Commissioner received the complaint; or
(e) in any other circumstances as he thinks fit.
(3) Where the Commissioner refuses under this section to carry out or continue an investigation initiated by a complaint, he shall, as soon as practicable but in any case not later than thirty days after the date of receipt of the complaint, by notice in writing served on the complainant inform the complainant of the refusal and of the reasons for the refusal.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/107.Commissioner may carry out or continue investigation initiated by complaint notwithstanding withdrawal of complaint
Where the Commissioner is of the opinion that it is in the public interest so to do, he may carry out or continue an investigation initiated by a complaint notwithstanding that the complainant has withdrawn the complaint and, in any such case, the provisions of this Act shall apply to the complaint and the complainant as if the complaint had not been withdrawn.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/108.Enforcement notice
(1) Where, following the completion of an investigation about an act, practice or request specified in the complaint, the Commissioner is of the opinion that the relevant data user--
(a) is contravening a provision of this Act; or
(b) has contravened such a provision in circumstances that make it likely that the contravention will continue or be repeated, then the Commissioner may serve on the relevant data user an enforcement notice--
(A) stating that he is of that opinion;
(B) specifying the provision of this Act on which he has based that opinion and the reasons why he is of that opinion;
(C) directing the relevant data user to take such steps as are specified in the enforcement notice to remedy the contravention or, as the case may be, the matters occasioning it within such period as is specified in the enforcement notice; and
(D) directing, where necessary, the relevant data user to cease processing the personal data pending the remedy of the contravention by the relevant data user.
(3) The steps as specified in the enforcement notice to remedy the contravention or matter to which the enforcement notice relates may be framed-
(a) to any extent by reference to any approved code of practice; or
(b) so as to afford the relevant data user a choice between different ways of remedying the contravention or matter.
(4) The period specified in the enforcement notice under subsection (1) for taking the steps specified in it shall not expire before the end of the period specified in subsection 93(2) within which an appeal against the enforcement notice may be made and, if such an appeal is made, those steps need not be taken pending the determination or withdrawal of the appeal.
(a) he may include a statement to that effect in the enforcement notice together with the reasons why he is of that opinion; and
(b) where such a statement is so included, subsection (4) shall not apply but the enforcement notice shall not require those steps to be taken before the end of the period of seven days from the date on which the enforcement notice was served.
(6) An appeal may be made to the Appeal Tribunal against an enforcement notice by the relevant data user in accordance with section 93.
(a) forms an opinion referred to in subsection (1) in respect of the relevant data user at any time before the completion of an investigation; and
(b) is also of the opinion that, by reason of special circumstances, an enforcement notice should be served on the relevant data user as a matter of urgency, he may so serve the enforcement notice notwithstanding that the investigation has not been completed and, in any such case--
(A) the Commissioner shall, without prejudice to any other matters to be included in the enforcement notice, specify in the enforcement notice the reasons as to why he is of the opinion referred to in paragraph (b); and
(B) the other provisions of this Act, including this section, shall be construed accordingly.
(8) A person who fails to comply with an enforcement notice commits an offence and shall, on conviction, be liable to a fine not exceeding two hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.
109. Variation or cancellation of enforcement notice
The Commissioner may, on his own initiative or on the application of a relevant data user, vary or cancel the enforcement notice served under subsection 108(1) by notice in writing to the relevant data user if the Commissioner is satisfied with the action taken by the relevant data user to remedy the contravention.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/110.Authorized officers
110. Authorized officers
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/111.Authority card
(1) The Commissioner shall issue to each authorized officer an authority card which shall be signed by the Commissioner.
(2) Whenever the authorized officer exercises any of the powers of enforcement under this Act, he shall produce on demand to the person against whom the power is being exercised the authority card issued to him under subsection (1).
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/112.Power of investigation
(1) An authorized officer may investigate the commission of any offence under this Act.
(2) For the avoidance of doubt, it is declared that for the purposes of this Act, the authorized officer shall have all or any of the special powers of a police officer of whatever rank in relation to police investigations in seizable cases as provided for under the Criminal Procedure Code [Act 593], and such powers shall be in addition to the powers provided for under this Act and not in derogation thereof.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/113.Search and seizure with warrant
(1) If it appears to a Magistrate, upon written information on oath from the authorized officer and after such inquiry as the Magistrate considers necessary, that there is reasonable cause to believe that--
(a) any premises has been used for; or
(b) there is in any premises evidence necessary to the conduct of an investigation into, the commission of an offence under this Act, the Magistrate may issue a warrant authorizing the authorized officer named in the warrant at any reasonable time by day or night and with or without assistance, to enter the premises and if need be by force.
(2) Without affecting the generality of subsection (1), the warrant issued by the Magistrate may authorize the search and seizure of--
(a) any computer, book, account, computerized data or other ocument which contains or is reasonably suspected to contain information as to any offence suspected to have been committed;
(b) any signboard, card, letter, pamphlet, leaflet or notice representing or implying that the person is registered under this Act; or
(c) any equipment, instrument or article that is reasonably believed to furnish evidence of the commission of the offence.
(3) An authorized officer conducting a search under subsection (1) may, for the purpose of investigating into the offence, search any person who is in or on the premises.
(5) Whenever it is necessary to cause a woman to be searched, the search shall be made by another woman with strict regard to decency.
(6) If, by the reason of its nature, size or amount, it is not practicable to remove any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized under this section, the authorized officer shall by any means seal such computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article in the premises or container in which it is found.
(7) A person who, without lawful authority, breaks, tampers with or damages the seal referred to in subsection (6) or removes any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article under seal or attempts to do so commits an offence and shall, on conviction, be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding six months or to both.
114. Search and seizure without warrant
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/115.Access to computerized data
(1) An authorized officer conducting a search under sections 113 and 114 shall be given access to computerized data whether stored in a computer or otherwise.
(2) For the purposes of this section, "access"--
(a) includes being provided with the necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of computerized data; and
(b) has the meaning assigned to it by subsections 2(2) and (5) of the Computer Crimes Act 1997 [Act 563].
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/116.Warrant admissible notwithstanding defects
A search warrant issued under this Act shall be valid and enforceable notwithstanding any defect, mistake or omission therein or in the application for such warrant, and any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized under such warrant shall be admissible in evidence in any proceedings under this Act.
117. List of computer, book, account, etc., seized
(a) shall prepare--
(i) a list of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized and shall sign the list; and
(ii) a written notice of the seizure containing the grounds for the seizure and shall sign the notice; and
(b) shall as soon as practicable serve a copy of the list of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized and the written notice of the seizure to the occupier of the premises which have been searched, or to his agent or servant at those premises.
(2) The written notice of the seizure shall not be required to be served in pursuance of paragraph (1)(b) where the seizure is made in the presence of the person against whom proceedings under this Act are intended to be taken, or in the presence of the owner of such property or his agent, as the case may be.
(3) If the premises are unoccupied, the authorized officer shall post a copy of the list of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized conspicuously on the premises.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/118.Release of computer, book, account, etc., seized
(1) If any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article has been seized under this Act, the authorized officer who effected the seizure may, after referring to the Public Prosecutor, release the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article to the person as he determines to be lawfully entitled to it, if the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article is not liable to forfeiture under this Act, and is not otherwise required for the purpose of any proceedings under this Act or for the purpose of any prosecution under any other written law, and in such event neither the authorized officer effecting the seizure, nor the Federal Government, Commissioner or any person acting on behalf of the Federal Government or Commissioner shall be liable to any proceedings by any person if the seizure and the release of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article had been effected in good faith.
(2) A record in writing shall be made by the authorized officer effecting the release of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article under subsection (1) specifying in detail the circumstances of and the reason for the release, and he shall send a copy of the record to the Public Prosecutor within seven days of the release.
119. No cost or damages arising from seizure to be recoverable
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/120.Obstruction to search
120. Obstruction to search
(a) refuses any authorized officer access to any premise which the authorized officer is entitled to have under this Act or in the execution of any duty imposed or power conferred by this Act;
(b) assaults, obstructs, hinders or delays any authorized officer in effecting any entry which the authorized officer is entitled to effect under this Act, or in the execution of any duty imposed or power conferred by this Act; or
(c) refuses any authorized officer any information relating to an offence or suspected offence under this Act or any other information which may reasonably be required of him and which he has in his knowledge or power to give, commits an offence and shall, on conviction, be liable to imprisonment for a term not exceeding two years or to a fine not exceeding ten thousand ringgit or to both.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/121.Power to require production of computer, book, account, etc.
An authorized officer shall, for the purposes of the execution of this Act, have the power to do all or any of the following
(a) to require the production of any computer, book, account, computerized data or other document kept by the data user or any other person and to inspect, examine and to download from them, make copies of them or take extracts from them;
(b) to require the production of any identification document from any person in relation to any act or offence under this Act;
(c) to make such enquiries as may be necessary to ascertain whether the provisions of this Act have been complied with.
122. Power to require attendance of persons acquainted with case
(2) If any person refuses or fails to attend as so required, the authorized officer may report such refusal or failure to a Magistrate who shall issue a summons to secure the attendance of such person as may be required by the order made under subsection (1).
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/123.Examination of persons acquainted with case
(1) An authorized officer making an investigation under this Act may examine orally any person supposed to be acquainted with the facts and circumstances of the case and shall reduce into writing any statement made by the person so examined.
(2) Such person shall be bound to answer all questions relating to the case put to him by the authorized officer:
Provided that such person may refuse to answer any question the answer to which would have a tendency to expose him to a criminal charge or penalty or forfeiture.
(3) A person making a statement under this section shall be legally bound to state the truth, whether or not such statement is made wholly or partly in answer to questions.
(4) The authorized officer examining a person under subsection (1) shall first inform that person of the provisions of subsections (2) and (3).
(5) A statement made by any person under this section shall, whenever possible, be taken down in writing and signed by the person making it or affixed with his thumb print, as the case may be, after it has been read to him in the language in which he made it and after he has been given an opportunity to make any corrections he may wish.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/124.Admission of statements in evidence
(1) Except as provided in this section, no statement made by any person to an authorized officer in the course of an investigation made under this Act shall be used in evidence.
(2) When any witness is called for the prosecution or for the defence, other than the accused, the court shall, on the request of the accused or the prosecutor, refer to any statement made by that witness to the authorized officer in the course of the investigation under this Act and may then, if the courts thinks fit in the interest of justice, direct the accused to be furnished with a copy of it and the statement may be used to impeach the credit of the witness in the manner provided by the Evidence Act 1950 [Act 56].
(3) Where the accused had made a statement during the course of an investigation, such statement may be admitted in evidence in support of his defence during the course of the trial.
(4) Nothing in this section shall be deemed to apply to any statement made in the course of an identification parade or falling within section 27 or paragraphs 32(1)(a), (i) and (j) of the Evidence Act 1950.
(5) When any person is charged with any offence in relation to--
(a) the making; or
(b) the contents, of any statement made by him to an authorized officer in the course of an investigation made under this Act, that statement may be used as evidence in the prosecution's case.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/125.Forfeiture of computer, book, account, etc., seized
(1) Any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized shall be liable to forfeiture.
(2) An order for the forfeiture of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized and liable to forfeiture under this Act shall be made by the court before which the prosecution with regard thereto has been held if it is proved to the satisfaction of the court that an offence under this Act has been committed and that the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized was the subject matter of or was used in the commission of the offence, notwithstanding that no person has been convicted of such offence.
(3) If there is no prosecution with regard to any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized under this Act, such computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article shall be taken and deemed to be forfeited at the expiration of a period of one calendar month from the date of service of a notice to the last-known address of the person from whom the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article was seized indicating that there is no prosecution in respect of such computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article, unless before the expiration of that period a claim thereto is made in the manner set out in subsections (4), (5) and (6).
(4) Any person asserting that he is the owner of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article referred to in subsection (3) and that it is not liable to forfeiture may, personally or by his agent authorized in writing, give written notice to the authorized officer in whose possession such computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article is held that he claims the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article.
(5) On receipt of the notice under subsection (4), the authorized officer shall refer the matter to a Magistrate for his decision.
(6) The Magistrate to whom the matter is referred under subsection (5) shall issue a summons requiring the person asserting that he is the owner of the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article and the person from whom it was seized to appear before the Magistrate, and upon their appearance or default to appear, due service of the summons having been proved, the Magistrate shall proceed to the examination of the matter and, on proof that an offence under this Act has been committed and that the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized was the subject matter of or was used in the commission of such offence, the Magistrate shall order the computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article to be forfeited, and shall, in the absence of such proof, order its release.
(7) Any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article forfeited or deemed to be forfeited shall be delivered to the Commissioner and shall be disposed of in such manner as the Commissioner thinks fit.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/126.Joinder of offences
Notwithstanding anything contained in section 164 of the Criminal Procedure Code, where a person is accused of more than one offence under this Act, he may be charged with and tried at one trial for any number of such offences committed within the space of any length of time.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/127.Power of arrest
(1) An authorized officer or police officer may arrest without warrant any person whom he reasonably believes has committed or is attempting to commit an offence under this Act.
(2) An authorized officer making an arrest under subsection (1) shall without unnecessary delay make over the person so arrested to the nearest police officer or, in the absence of a police officer, take such person to the nearest police station, and thereafter the person shall be dealt with as is provided for by the law relating to criminal procedure for the time being in force as if he had been arrested by a police officer.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/128.Register
128. Register
(1) The Commissioner shall maintain in both physical and electronic forms a register as required under this Act.
(2) A person may on payment of the prescribed fee--
(a) inspect the register; or
(b) make a copy of or take extracts from an entry in the register.
(3) Where a person requests that a copy of an entry in the register be provided in an electronic form, the Commissioner may provide the relevant information by way of electronic means.
129. Transfer of personal data to places outside Malaysia
(2) For the purposes of subsection (1), the Minister may specify any place outside Malaysia if
(a) there is in that place in force any law which is substantially similar to this Act, or that serves the same purposes as this Act; or
(b) that place ensures an adequate level of protection in relation to the processing of personal data which is at least equivalent to the level of protection afforded by this Act.
(3) Notwithstanding subsection (1), a data user may transfer any personal data to a place outside Malaysia if--
(b) the transfer is necessary for the performance of a contract between the data subject and the data user;
(c) the transfer is necessary for the conclusion or performance of a contract between the data user and a third party which--
(i) is entered into at the request of the data subject; or
(ii) is in the interests of the data subject;
(d) the transfer is for the purpose of any legal proceedings or for the purpose of obtaining legal advice or for establishing, exercising or defending legal rights;
(e) the data user has reasonable grounds for believing that in all circumstances of the case--
(i) the transfer is for the avoidance or mitigation of adverse action against the data subject;
(ii) it is not practicable to obtain the consent in writing of the data subject to that transfer; and
(iii) if it was practicable to obtain such consent, the data subject would have given his consent;
(f) the data user has taken all reasonable precautions and exercised all due diligence to ensure that the personal data will not in that place be processed in any manner which, if that place is Malaysia, would be a contravention of this Act;
(g) the transfer is necessary in order to protect the vital interests of the data subject; or
(h) the transfer is necessary as being in the public interest in circumstances as determined by the Minister.
(4) Where the Commissioner has reasonable grounds for believing that in a place as specified under subsection (1) there is no longer in force any law which is substantially similar to this Act, or that serves the same purposes as this Act--
(b) the data user shall cease to transfer any personal data of a data subject to such place with effect from the time as specified by the Minister in the notification.
(5) A data user who contravenes subsection (1) commits an offence and shall, on conviction, be liable to a fine not exceeding three hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.
130. Unlawful collecting, etc., of personal data
(a) collect or disclose personal data that is held by the data user; or
(b) procure the disclosure to another person of personal data that is held by the data user.
(2) Subsection (1) shall not apply to a person who shows--
(i) was necessary for the purpose of preventing or detecting a crime or for the purpose of investigations; or
(ii) was required or authorized by or under any law or by the order of a court;
(b) that he acted in the reasonable belief that he had in law the right to collect or disclose the personal data or to procure the disclosure of the personal data to the other person;
(c) that he acted in the reasonable belief that he would have had the consent of the data user if the data user had known of the collecting or disclosing of personal data or procuring the disclosure of personal data and the circumstances of it; or
(d) that the collecting or disclosing of personal data or procuring the disclosure of personal data was justified as being in the public interest in circumstances as determined by the Minister.
(3) A person who collects or discloses personal data or procures the disclosure of personal data in contravention of subsection (1) commits an offence.
(5) A person who offers to sell personal data commits an offence if--
(a) he has collected the personal data in contravention of subsection (1); or
(b) he subsequently collects the personal data in contravention of subsection (1).
(6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale is an offer to sell the personal data.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/131.Abetment and attempt punishable as offences
(1) A person who abets the commission of or who attempts to commit any offence under this Act shall be guilty of that offence and shall, on conviction, be liable to the punishment provided for that offence.
(2) A person who does any act preparatory to or in furtherance of the commission of any offence under this Act shall be guilty of that offence and shall, on conviction, be liable to the punishment provided for the offence:
Provided that any term of imprisonment imposed shall not exceed one-half of the maximum term provided for the offence.
132. Compounding of offences
(2) An offer under subsection (1) may be made at any time after the offence has been committed but before any prosecution for it has been instituted, and if the amount specified in the offer is not paid within the time specified in the offer or such extended time as the Commissioner may grant, prosecution for the offence may be instituted at any time after that against the person to whom the offer was made.
(3) Where an offence has been compounded under subsection (1), no prosecution shall be instituted in respect of the offence against the person to whom the offer to compound was made, and any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article seized in connection with the offence may be released or forfeited by the Commissioner, subject to such terms and conditions as he thinks fit to impose in accordance with the conditions of the compound.
(4) All sums of money received by the Commissioner under this section shall be paid into the Federal Consolidated Fund.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/133.Offences by body corporate
(1) If a body corporate commits an offence under this Act, any person who at the time of the commission of the offence was a director, chief executive officer, chief operating officer, manager, secretary or other similar officer of the body corporate or was purporting to act in any such capacity or was in any manner or to any extent responsible for the management of any of the affairs of the body corporate or was assisting in such management--
(a) may be charged severally or jointly in the same proceedings with the body corporate; and
(b) if the body corporate is found to have committed the offence, shall be deemed to have committed that offence unless, having regard to the nature of his functions in that capacity and to all circumstances, he proves--
(i) that the offence was committed without his knowledge, consent or connivance; and
(ii) that he had taken all reasonable precautions and exercised due diligence to prevent the commission of the offence.
(2) If any person would be liable under this Act to any punishment or penalty for his act, omission, neglect or default, he shall be liable to the same punishment or penalty for every such act, omission, neglect or default of any employee or agent of his, or of the employee of the agent, if the act, omission, neglect or default was committed--
(b) by the agent when acting on behalf of that person; or
(c) by the employee of the agent in the course of his employment by the agent or otherwise on behalf of the agent acting on behalf of that person.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/134.Prosecution
No prosecution for an offence under this Act shall be instituted except by or with the written consent of the Public Prosecutor.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/135.Jurisdiction to try offences
Notwithstanding any other written law to the contrary, a Sessions Court shall have jurisdiction to try any offence under this Act and to impose full punishment for any such offence under this Act.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/136.Service of notices or other documents
(1) Service of a notice or any other document upon any person shall be effected--
(a) by the delivering the notice or other document to the person;
(b) by leaving the notice or other document at the last-known address of residence or place of business of the person in a cover addressed to that person; or
(c) by forwarding the notice or other document by post in an A.R. registered letter addressed to the person at his last-known address of residence or place of business.
(2) Where the person to whom there has been addressed an A.R. registered letter containing any notice or other document which may be given under this Act is informed of the fact that there is an A.R. registered letter awaiting him at a post office, and such person refuses or neglects to take delivery of such A.R. registered letter, such notice or other document shall be deemed to have been served upon him on the date on which he was so informed.
137. Public Authorities Protection Act 1948
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/138.Public servant
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/139.Protection against suit and legal proceedings
No action, suit, prosecution or other proceedings shall lie or be brought, instituted or maintained in any court against--
(a) the Commissioner, Deputy Commissioner, Assistant Commissioner or any officer or servant of the Commissioner;
(b) any member of the Advisory Committee;
(c) any member, officer or servant of the Appeal Tribunal; or
(d) any authorized officer, in respect of any act or omission done or omitted by him or it in good faith in such capacity.
(1) Except as provided in subsections (2) and (3), no witness in any civil or criminal proceedings pursuant to this Act shall be obliged or permitted to disclose the name or address of any informer or the substance and nature of the information received from him or state any matter which might lead to his discovery.
(2) If any computer, book, account, computerized data or other document, signboard, card, letter, pamphlet, leaflet, notice, equipment, instrument or article which is in evidence or is liable to inspection in any civil or criminal proceedings whatsoever contains any entry in which any informer is named or described or which might lead to his discovery, the court shall cause all such entries to be concealed from view or to be obliterated in so far as may be necessary to protect the informer from discovery.
(3) If in a trial for any offence under this Act the court, after full inquiry into the case, is of the opinion that the informer wilfully made in his complaint a material statement which he knew or believed to be false or did not believe to be true, or if in any other proceedings the court is of the opinion that justice cannot be fully done between the parties in the proceeding without the discovery of the informer, the court may require the production of the original complaint, if in writing, and permit an inquiry and require full disclosure concerning the informer.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/141.Obligation of secrecy
(1) Except for any of the purposes of this Act or for the purposes of any civil or criminal proceedings under any written law or where otherwise authorized by the Minister--
(a) the Commissioner, Deputy Commissioner, Assistant Commissioner, any officer or servant of the Commissioner, any member of the Advisory Committee, any member, officer or servant of the Appeal Tribunal, any authorized officer or any person attending any meeting or deliberation of the Advisory Committee, whether during or after his tenure of office or employment, shall not disclose any information obtained by him in the course of his duties; and
(b) no other person who has by any means access to any information or documents relating to the affairs of the Commissioner shall disclose such information or document.
(2) A person who contravenes subsection (1) commits an offence and shall, on conviction, be liable to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding one year or to both.
All acts and things done by any person in preparation for or in anticipation of the enactment of this Act and any expenditure incurred in relation thereto shall be deemed to have been authorized under this Act, provided that the acts and things done are consistent with the general intention and purposes of this Act; and all rights and obligations acquired or incurred as a result of the doing of those acts or things including any expenditure incurred in relation thereto, shall on the coming into operation of this Act be deemed to be the rights and obligations of the Commissioner.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/143.Power to make regulations
(1) The Minister may make such regulations as may be necessary or expedient for the purpose of carrying into effect the provisions of this Act.
(2) Without prejudice to the generality of the powers conferred by subsection (1), the Minister may make regulations for all or any of the following purposes:
(a) to regulate all matters relating to the registration of data users under this Act, including to prescribe the registration fees and renewal fees;
(b) to regulate all matters necessary for the implementation of the Personal Data Protection Principles;
(c) to regulate procedures in respect of the inspection of personal data systems, investigation of complaints and issuance of enforcement notices, and all other matters related to it;
(d) to prescribe the offences which may be compounded and the forms to be used and the method and procedure for compounding the offences;
(e) to provide and prescribe for any fees payable in connection with the provision of any service or any matter under this Act;
(f) to prescribe any matter for which this Act makes express provision to be made by regulations;
(g) to prescribe all other matters as are necessary or expedient to be prescribed for giving effect to this Act.
(3) The regulations made under this section or any other subsidiary legislation made under this Act may prescribe for any act or omission in contravention of the regulations or other subsidiary legislation to be an offence and may prescribe for penalties of a fine not exceeding two hundred and fifty thousand ringgit or imprisonment for a term not exceeding two years or to both.
144. Prevention of anomalies
(2) The Minister shall not exercise the powers conferred by subsection (1) after the expiration of one year from the appointed date.
(3) In this section, "modifications" means amendments, additions, deletions and substitutions of any provisions of this Act.
Unannotated Statutes of Malaysia - Principal Acts/PERSONAL DATA PROTECTION ACT 2010 Act 709/PERSONAL DATA PROTECTION ACT 2010 ACT 709,,/145.Personal data processed before the date of coming into operation of this Act
145. Personal data processed before the date of coming into operation of this Act
146. Registration of persons who process personal data before the date of coming into operation of this Act
(2) Subsection (1) shall not apply to a data user who does not belong to the class of data users who shall be required to be registered as data users in pursuance of the provisions of Division 2 of Part II.