The Implementation of Data Breach Consultation


The Malaysian Personal Data Protection Commissioner (Commissioner) has recently issued Public Consultation Paper No. 1/2018 (PCP) which aims to collect feedback on the Commissioner's proposal to implement data breach notification obligations for data users.

As part of the data breach notification, the PCP proposes the following:

  • data users must notify the Commissioner and any other regulatory bodies or law enforcement agencies within 72 hours of becoming aware of a data breach incident;
  • data users must provide a summary of the data breach incident and its circumstances, the type and amount of personal data involved and the approximated number of affected data subjects;
  • data users must provide information on any containment or control measures that are taken or will be taken to contain the incident and the potential harm, especially towards the affected data subjects;
  • data users must provide information on the method in which the data user notifies the affected data subjects and the advice given to such affected data subjects; and
  • data users must provide regular training to staff, which shall be no less than once every twenty-four (24) months, and detailed guidance on the processing of personal data.

Document Details

Document Type: 
Document Topic: 
Authoring Country: 
Year of Document: 
Date of Document: 
Tuesday, August 21, 2018
Document Authors: 
Personal Data Protection Commissioner

Legal Disclaimer: The content appearing on this site is for general information purposes only and made available on an "AS-IS" basis. The law is subject to change and no representation or warranty is made with regard to accuracy or fitness for a particular purpose.