Data protection Necessary for global trade

July 12, 2010

The current trend of global trade would give Malaysia no chance to backtrack, as personal data protection law is now a trade prerequisite recognized by international communities. In fact, adequate regulation on personal data is now a prerequisite by many countries for initiating or continuing bilateral trade.”

Heng said: “It is this adequacy requirement that has forced years of negotiation and contention between Brussels and Washington before safe harbor principles were finally agreed. This adequacy requirement will affect the trade in this region as the countries that constitute the Asia-Pacific Economic Cooperation (APEC) have also recognized the importance of this legal development.”

According to Professor Abu Bakar Munir at the University of Malaya’s Faculty of Law, countries in the region that have implemented comprehensive data protection legislation include Japan, Korea, Taiwan, Thailand, the Philippines, New Zealand and Australia. In the Middle East, only Israel has similar bills while Indonesia and China are in the process of drafting such legislation, said Abu Bakar, who was also a speaker at the conference.

He said EU nations, Chile, Argentina and Brazil were the other countries with comprehensive data protection legislation in place. In the United States, data protection is governed by the Privacy Act 1974 and 12 federal sectoral-based legislations and individual state laws, and the safe harbor provision, he noted.

Singapore , he added, was among the countries that have adopted a self-regulatory approach to personal data protection. However, the Singapore government has since acknowledged this approach is not effective and is contemplating plans for a comprehensive data protection law, said Abu Bakar. The professor was asked by the Malaysian government to assist in the drafting of the revised bill.

In the absence of a data protection act, he said various parties in Malaysia including developers, local and foreign banks had been selling their customers’ personal information or allowed the data to be used by third parties.

“Currently, it is not illegal because we don’t have personal data protection legislation, but [the banks] should be observing international best practices that prohibit such practices,” he noted. “Hopefully, this new law will put a stop to all such practices.”

According to Abu Bakar, the revised bill contains provisions for a data protection commissioner who will have investigative powers and responsibility for enforcing it.

He said the proposed act would allow individuals to take civil action to seek redress if they feel their personal data have been compromised.