The Communication and Multimedia Ministry on Tuesday announced that the Personal Data Protection Act 2010 came into force on Nov 15.

The Act was introduced specifically for the purpose of preventing the misuse of people's personal data for commercial purposes, said Minister Datuk Seri Ahmad Shabery Cheek.

Those categorised as users of data had until Feb 15 next year to register with the Personal Data Protection Department, he said, adding that it was an offence to disclose personal data to third parties without the consent of the owner.

Ahmad Shabery said the Act ensured information security, network reliability and integrity of data protection in the country.

He said Malaysia was the first country among the Asean nations which had enforced such an act, and thus would make a reality of the objective of the transformation of Malaysia into a developed country.

"Protecting personal data is a huge social responsibility as the Big Data industry in Malaysia is growing rapidly, and it also encompasses the question of personal data and other important information of an organisation," he told a news conference at the ministry.

Shabery said he estimated that 25,000 institutions in the country were categorised as data users and had to be registered under the Act.

Answering a question about the seriousness of problems related to leakage of personal data, he said he learned that every month Cyber ​​Security received 800 to 1,000 complaints of personal information being distributed to those who were not supposed to get it.

Shabery also announced the appointment of the Personal Data Protection Department director-general Abu Hassan Ismail as the first Personal Data Protection Commissioner.

Meanwhile, in a media release, the department defined data users as those who processed personal data or had control over such data or authorised the processing of personal data.

It listed 11 sectors classified as data users, encompassing the communication, banking and financial institutions, insurance, health, tourism and hospitality, transport, education, direct selling, services, real estate and utilities sectors.

It also listed the various offences and penalties under the act, including a fine of up to RM500,000 or a jail term of up to three years for processing personal data without a certificate of registration or after the registration had been revoked.

Meanwhile, Attorney-General Tan Sri Abdul Gani Patail said the Personal Data Protection Act 2010 regulated the collection, holding, processing and use of personal data in a commercial environment to ensure that the data subjects were protected.

He said the freedom of exchanging data and easy access to information in the IT world had exposed the public and made them vulnerable in the sense that their data was easily acquired and possibly misused to commit crime.

"A data user or processor would be criminally liable if the personal data is not handled in the manner as denoted in the legislation," he said when delivering his keynote address on 'Transforming the Legal Landscape: Public Safety Initiative' at the Judicial and Legal Training Institute (Ilkap) National
Law Conference 2013, here.

Abdul Gani said the Personal Data Protection Department was established with the primary responsibility to regulate the processing of personal data of individuals involved in commercial transactions by data users so that the data would not be misused by interested parties.

"The security of individuals' personal data would be protected to prevent any form of abuse of personal data in Malaysia in commercial transactions in pursuant to the act," he said.