DAP welcomes government decision to introduce Data Protection legislation and calls for the appointment of a national data protection agency to protect rights of ordinary citizens in an information society

Last week, the government revealed that apart from the first batch of the four cyberlaws passed by Parliament, namely the Computer Crimes Act 1997, the Digital Signature Act 1997, the Telemedicine Act 1997 and the Copyright (Amendment) Act 1997, three other cyberlaws are being drafted. They are the Multimedia Convergence Bill, which is expected to be tabled in Parliament next month and the Electronic Government Bill and the Data Protection Bill.

During the Parliamentary debate in April on the first batch of cyberlaws in Malaysia, I had expressed great disappointment that a Data Protection Bill had not been drafted which showed the woeful lack of consumer or user perspective in the framing of cyberlaws in the country.

I had called on the Cabinet to give Data Protection legislation top priority as with increasing computerisation in our society, there is an urgent need for a law and a mechanism to regulate electronic or computerised data processing, where an individual have the right to access personal data about himself, to get data corrected or erased and to ensure that there is no misuse or abuse in the obtaining, holding or use of personal data.

As in other countries, Malaysians are entitled to worry that personal information will be collected and misused by unknown parties: credit card numbers, transaction data, preferences disclosed by the sites they choose to visit or the products they elect to buy, medical and insurance records, personnel files, even data kept on their personal computers.

Many countries have not only Data Privacy and Security legislation, but also national data protection agencies to oversee these laws and systems.

In the United Kingdom, for instance, the Data Protection Act protects individuals about whom information is recorded on computer. This is done by giving such individuals rights to the personal data held about them by others, such as:

• the right to a copy of the information which forms the personal data held about them by a data user;
• the right to take action for compensation if the individual is damaged by inaccurate personal data or by loss or unauthorised destruction or disclosure of personal data;
• the right to take action to have inaccurate personal data amended or erased;
  
• the right to complain to the Registrar for Data Protection for any contravention of the Act.

It is most commendable that the government has accepted the proposal for a Data Protection laws in Malaysia, but I would call on the Government to adopt a more open and participatory process in the formulation of new legislation, by involving the public, in particular those who have special concern in the respective fields related to the proposed legislatiohn, to give their inputs and feedback before the bill reached the final stage of presentation in Parliament.

The Government should for instance be prepared to present Green Papers about the cyberlaws it proposes to introduce in Parliament, their main features and purposes, and invite public views and comments to aid in the formulation of the best cyberlaws to suit Malaysian conditions.

(8/9/97)