KUALA LUMPUR: Some companies will soon be required to have a Data Protection Officer (DPO) equipped to use a Data Breach Notification (DBN) in the event of a data breach.
On Friday, Communications Deputy Minister Teo Nie Ching said Malaysia has introduced a DBN system for immediate reporting and mitigation of data leaks.
The DBN, she said, must be submitted by data users who experience personal data leakage incidents, including hacking threats.
Personal Data Protection Department (JPDP) director-general Prof Dr Mohd Nazri Kama said the DBN requirement is part of amendments being made to the Personal Data Protection Act.
"Only companies that fulfil certain criteria will be required to appoint a DPO", Nazri said when reached by the New Straits Times.
He said that the criteria are still being developed, as is the DBN, and will be further explained in subsidiary regulations under the PDPA.
Nazri said that this development is expected to be completed sometime early next year.
Nazri said that there will be enforcement provisions, which, if not followed, will result in fines, imprisonment, or both.
Universiti Teknologi MARA information security lecturer Muhamad Khairulnizam Zaini welcomed the DBN system.
"It is good because, with it, a DPO can alert data subjects and the authorities. That's good because it leads to a fast response to data breaches," he told the New Straits Times.
Elaborating on the role of a DPO, Khairulnizam said that in general, a DPO would oversee data protection strategies and ensure compliance with the law.
"Data breaches have grave implications for the organisation and society, so a DPO is crucial in this context," he said.
On Wednesday (July 31), Digital Minister Gobind Singh Deo said that amendments to the Personal Data Protection Act are needed due to rapid technological advancements.