KUALA LUMPUR, March 7 — The Communications and Digital Ministry is reviewing to increase the compound rate or fine that can be imposed on parties involved in personal data breaches.
Its Deputy Minister Teo Nie Ching said currently the compound rate imposed under the Personal Data Protection Act 2010 (Act 709) does not commensurate with the seriousness of the offence.
“We are examining and also reviewing the penalty and fines under Act 709, so that the compounds or fines to be imposed on data breach cases can be increased further and the companies and agencies involved are aware that they have to bear a greater responsibility.”
She said this in response to a supplementary question from Datuk Seri Dr Wan Azizah Wan Ismail (PH-Bandar Tun Razak) who asked on the steps that can be taken by the government to improve cyber security in the country during the Minister’s Question Time (MQT) in the Dewan Rakyat.
Teo said based on Cyber Security Malaysia (CSM) records, there were 19 cases of personal data breaches recorded in 2020, 28 cases (2021) and 50 cases (2022) while from January to February this year, a total of 49 cases were recorded.
She said so far, seven cases have been charged in court under Section 5, Act 709 with total compounds amounting to RM200,000 and eight cases under Section 16, with compounds totalling RM81,000.
“As such, we intend to look into Act 709 and one of the proposal is to further increase the rate of fines and compounds that can be imposed.
“We want a punishment that is justified…for example if the offender has leaked not only the names but also the phone and identity card numbers, we want a more appropriate punishment according to the offences that were committed,” she said.
She said the ministry plans to table an amendment to Act 709 in the Dewan Rakyat within a year in addition to a cyber security related act which is currently at the engagement stage with the relevant parties and expected to be presented to Parliament soon.