JULY Personal data protection. law

Similar documents
JULY Foreign exchange administration. law

Competition Laws In ASEAN Overview Of The Main Prohibitions

COMMENTARY JONES DAY. 1) To clarify the legal interpretation of the Act. As

A New Law on Public-Private Partnerships

THAILAND. Chapter 40 INTRODUCTION

Singapore s new personal data protection legislation and how it compares to data protection legislation in other jurisdictions

PROFESSIONAL INDEPENDENT ADVISERS LTD 1 CONFLICTS OF INTEREST AND PERSONAL ACCOUNT DEALING POLICY VERSION: JAN 11

Personal Data Protection Act 2010

Commercial' Presence'

ASEAN ECONOMIC COMMUNITY: OPPORTUNITIES AND CHALLENGES FOR INSURERS

THE FOREIGN EXCHANGE ACT

Click here to advance to the next slide.

Myanmar. Lex Mundi Global Anti-Corruption Compliance Guide. Submitted by Tilleke & Gibbins, the Lex Mundi member firm for Thailand / 27 Nov 2018

THE FOREIGN EXCHANGE ACT

MONEY LAUNDERING AND TERRORISM (PREVENTION) (AMENDMENT) ACT, 2013 ARRANGEMENT OF SECTIONS

INVESTIGATIVE POWER IN PRACTICE - Contribution from Korea

Form C1 Declaration Form (General Insurance Agent)

FROM HIRING TO FIRING

INFORMATION AND CYBER SECURITY POLICY V1.1

PRC Data Privacy Laws in a Nutshell

Going with the flows? ASEAN and liberalisation in Thailand

Transfer Pricing breakfast briefing Committed to your success See Jee Chang, Tax Partner, Transfer Pricing Leader, Deloitte Singapore

SCCCI Personal Data Protection Policy

04 LAW ON FOREIGN EXCHANGE OPERATIONS

GOVERNMENT GAZETTE OF THE REPUBLIC OF NAMIBIA. N$4.00 WINDHOEK - 29 December 2015 No. 5911

Recent Developments in E-hailing Services

LABOR CODE UPDATES 19 July 2018

THEMATIC COMPILATION OF RELEVANT INFORMATION SUBMITTED BY THE RUSSIAN FEDERATION ARTICLE 12 UNCAC PRIVATE SECTOR AND PUBLIC-PRIVATE PARTNERSHIPS

HIPAA PRIVACY AND SECURITY AWARENESS

GENERAL TERMS AND CONDITIONS

Law of the People's Republic of China on Donations for Public. Welfare

Money Laundering Control Act

Chapter 1 General Provisions

LAW OF MONGOLIA ON AUDITING CHAPTER ONE GENERAL PROVISIONS. Article 1. Purpose of the law

Legal News. Deloitte Legal Representing tomorrow. Legal News. Issue 22 May Inside this issue :

TAX NEWSLETTER MAY/JUNE

Proposed Regulations for Reporting of OTC Derivatives

Bank Finance and Regulation Survey. CYPRUS Dr. K. Chrysostomides & Co LLC

Reform in the Malaysian Corporate Landscape Key Highlights under the New Companies Act

CAMBODIA REPORT. Compiled by: The American Chamber of Commerce (AmCham) in Singapore 1 Scotts Road #23-03/04/05 Shaw Centre Singapore AND

GUIDELINES ON AGENT BANKING FOR BANKS AND FINANCIAL INSTITUTIONS,

APPENDIX 2 CODE OF CONDUCT

Myanmar Workshop #1 Rules and Regulations

CHIPS Rules and Administrative Procedures Effective January 1, 2018

Deloitte TaxMax- the 42 nd series

Trademarks Law. Chapter 1 General Provisions

INSIDER POLICY AND GUIDELINES

13. What banking business in foreign currency is permitted to use foreign currency?

LAW OF MONGOLIA ON COMBATING MONEY LAUNDERING AND TERRORISM FINANCING. Chapter one General provisions

Calgon Carbon Corporation. Code of Business Conduct and Ethics

THE ASEAN BUSINESS OUTLOOK SURVEY 2011

Broadbean Technology Limited - Data Processing Agreement (25th May 2018)

ASEAN Bankers Association

The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees

749/2012. Act on the Book-entry System and Clearing Operations 1(44) Issued in Helsinki on 14 December 2012

COMMONWEALTH OF DOMINICA

Are Individuals Who Work for Sharing Economy Businesses Employees or Independent Contractors?

Deloitte TaxMax- the 42 nd series

Standard contractual clauses for the transfer of personal data to third countries - Frequently asked questions

CLOUDINARY DATA PROCESSING ADDENDUM

LAW OF THE REPUBLIC OF INDONESIA NUMBER 21 OF 2011 ON FINANCIAL SERVICES AUTHORITY BY THE BLESSINGS OF ALMIGHTY GOD

OTC Derivatives Reporting And Clearing Legislation Takes Effect

ANTI-CORRUPTION POLICY

THE ASEAN BUSINESS OUTLOOK SURVEY 2011

ANNEX 1 MODALITY FOR TARIFF REDUCTION AND ELIMINATION FOR TARIFF LINES PLACED IN THE NORMAL TRACK

The Microfinance Business Law (The Pyidaungsu Hluttaw Law No. 13 /2011 ) The 5th Waxing Day of Nadaw 1373 M.E. ( 30th November, 2011 ) The Pyidaungsu

SEPTEMBER Arbitration in ASEAN. law

Enforcement Rules of Regulations for Transaction Participants

GLOBAL DATA PROTECTION POLICY URUP

THE GAMBIA FREE ZONES ACT 2001

ASEAN Disclosure Standards Scheme for Securities Offerings

VETERINARY FACILITIES ACT, B.E (1990)

TAX ADMINISTRATION (BUDGET AMENDMENT) BILL 2018 (BILL NO. 11 OF 2018)

MUTUAL ADMINISTRATIVE ASSISTANCE IN TAX MATTERS (AMENDMENT) ACT 2017 ARRANGEMENT OF SECTIONS

Finance 1 LAWS OF MALAYSIA. Act 702 FINANCE ACT 2010

(Signed by the President) as amended by

ASEAN CUSTOMS TRANSIT SYSTEM (ACTS) Conditions for Authorised Transit Traders (ATT) one vision one identity one community

Company Vehicle Policies and Procedures

New Zealand Business Number Act 2016

Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)

MALAYSIA REPORT. Compiled by: The American Chamber of Commerce (AmCham) in Singapore 1 Scotts Road #23-03/04/05 Shaw Centre Singapore AND

CREDIT REPORTING BILL, 2017

Anti-Money Laundering Act (No.2), B.E (2008) Translation

NATURAL GAS MARKET LAW (LAW ON THE NATURAL GAS MARKET AND AMENDING THE LAW ON ELECTRICITY MARKET) Law No Adoption Date: 18.4.

The Controller and Processor Data Protection Binding Corporate Rules of BMC Software

SINGAPORE REPORT. Compiled by: The American Chamber of Commerce (AmCham) in Singapore 1 Scotts Road #23-03/04/05 Shaw Centre Singapore AND

PARLIAMENT OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA

Annual. Review. A dedicated jurisdictional REVIEW. Published in conjunction with:

RISK FACTOR ACKNOWLEDGEMENT AGREEMENT

INSIDER INFORMATION POLICY

Privacy Policy. Who we are. Definitions

Lao People s Democratic Republic Peace Independence Democracy Unity Prosperity

Payment Services Act 1)

INDONESIA REPORT. Compiled by: The American Chamber of Commerce (AmCham) in Singapore 1 Scotts Road #23-03/04/05 Shaw Centre Singapore AND

ASEAN LAW ASSOCIATION 25TH ANNIVERSARY SPECIAL COMMEMORATIVE SESSION NOVEMBER 2005, MAKATI SHANGRI-LA HOTEL, MANILA, PHILIPPINES

Data Processing Agreement and Privacy Policy (EU) Classification: PUBLIC March 2018

Outline of the System Reform Concerning. the Utilization of Personal Data

ANTI-BRIBERY BILL. Unofficial translation

The Malaysian Code on Corporate Governance 2017

Number 21 of Housing (Miscellaneous Provisions) Act 2014

Transcription:

JULY 2016 Personal data protection

ASEAN s data: protected? Since computing power became a commercial reality, the value of data, especially in bulk, has escalated exponentially. Data today is a valuable asset on par with, and in some cases, far exceeding, hardware. With valuable data so easily transferable in this day and age, governments around the world have been compelled to move to protect individuals from the misuse or abuse of their personal information. This is also true of ASEAN. In the past few years, ASEAN has seen rigorous privacy developments. In keeping with global trends, ASEAN governments have begun to promulgate legislation in their respective countries to protect the personal information. Malaysia, Singapore and the Philippines have led the charge by enacting comprehensive legislation to protect personal data. Other ASEAN jurisdictions are not far behind most of these jurisdictions already have consumer protection s which cover data protection to some extent. Some of these s have consequences beyond the boundaries of the individual countries as they also cover the transmission or export of personal data obtained within those countries. Knowledge of what can or cannot be done is crucial to avoid the extensive penalties imposed for breaches of the statutorily imposed duties. ASEAN countries have previously agreed to develop best practices and guidelines on data protection by 2015 as part of their commitment to establish an integrated ASEAN Economic Community the AEC by the end of 2015. The indicators are clear. Data protection regulation in the region will increase in coming years. The ability to keep up with these changes may make or break business enterprises with regional ambitions. Paul P. Subramaniam Head of Risk, Knowledge Management & Training paul.p.subramaniam@zicoholdings.com

Indonesia Applicable Legislation Regulator Scope of Legislation The Electronic Information Law No. 11 of 2008 ( EIT Law ) regulates the use of personal data in electronic transactions. Note: In addition to the EIT, sectoral regulation such as the Banking Law No 7 of 1992 and the Capital Market Law No. 8 of 1995 contain data privacy provisions. With respect to the EIT Law, the Ministry of Communication and Information, empowered by the House of Representatives and the President of the Republic of Indonesia. Sectoral regulators such as the Financial Services Authority have authority to enforce banking and capital market. EIT Law applies to persons conducting electronic transactions that have a legal impact in Indonesia or are detrimental to the interests of Indonesia. Registration Requirement According to the EIT Law, registration requirement is mandatory for electronic system operators providing public services. Registration on personal data in banking and capital market sectors are dealt with under sectoral regulation. Restrictions On Cross- Border Transfers Under the EIT Law, cross border information transfers are allowed, provided that the individual whose data is being transferred has consented to the transfer. Sectoral regulation may however impose further restrictions on cross-border transfers of personal data by the relevant regulated parties. Restrictions On Marketing Restrictions On Outsourcing Arrangements Liabilities No. There is no particular regulation that restricts personal data collection for marketing. Sectoral regulation may however impose further restrictions on the relevant regulated parties on the use of personal data for purposes of marketing. EIT Law does not specifically restrict a person to outsource data processing in relation to electronic information and transactions to third parties (ie Electronic System Providers). Sectoral regulation may however impose further restrictions on outsourcing arrangements of personal data by relevant regulated parties. Any person who violates the EIT by altering, adding, reducing, transmitting, damaging, deleting, transferring, hiding any electronic information or electronic document of another person or of the public in any way, can be sentenced to imprisonment for a maximum 8 years and/ or fine amounting to a maximum of Rp 2,000,000,000. Penalties for breach of sectoral regulation include imprisonment, fines and administrative sanctions that may extend to shareholders, officers and affiliated parties of the regulated party who is in breach. Such regulated party may also be subject to civil claims from affected individuals. Laos Myanmar Thailand Cambodia Vietnam Laos does not have any comprehensive data protection in place. The Law on Electronic Transactions No. 20/NA, 7 December provides for ad-hoc protection of user personal information against abuse by digital signature certificate providers. The Lao Constitution has general principals Myanmar does not have specific data protection in place, but there are provisions relating to dealing of personal information/data in certain s such as the Telecommunications Law 2013 and the Electronic Transactions Law 2004. However, as part of its commitment as an ASEAN member There is no comprehensive legislation that regulates the processing and protection of personal data in Thailand. The Thai Civil and Commercial Code provide the right to privacy protection. Under the wrongful act principle, the affected person could seek compensation if it is proved that There is no comprehensive legislation that regulates the processing and protection of personal data in Cambodia. Cambodia s constitution does however provide for the rights of citizens to privacy. There is sectoral regulation with respect to certain information in certain industries. There is no comprehensive legislation that regulates the processing and protection of personal data in Vietnam. An individual s general right to privacy is protected under the Civil Code, according to which, mail, telephone, electronic mail and other forms of electronic information of an individual must be kept safely and confidential. Further, the collection and processing of information and data pertaining to an individual in certain sectors are subject to various respective legislations, including e-commerce, banking, insurance, information technology, telecommunication, and protection of consumers rights. Generally, prior consent must be obtained from the individual for the collection and publication of his information and data. Appropriate security measures must be taken for the collection and publication of personal data and the

Malaysia The Personal Data Protection Act 2010 ( PDPA ), which came into force in Malaysia on the 15th of November 2013. Singapore The Personal Data Protection Act (governs the collection, use, and disclosure of personal data by organizations); and Order 103 of the Rules of Court. The Department of Personal Data Protection, an agency under the Ministry of Communications and Multimedia. The Singaporean Personal Data Protection Commission. Territorial Jurisdiction: The PDPA applies to persons established in Malaysia; and persons not established in Malaysia but uses equipment in Malaysia for processing the personal data, otherwise than for the purposes of transit through Malaysia. Commercial Transactions: The PDPA only applies to personal data processed in respect of commercial transactions. A data user who belongs to any class of data users under the Personal Data Protection (Class of Data Users) Order 2013 are required to register. Classes of data users include: communication, banking and financial institutions, insurance, health, tourism and hospitality, transportation, education, direct selling, property and utility sectors. The purpose of the PDPA is to govern the collection, use and disclosure of personal data by organizations in a manner that recognizes both the right of individuals to protect their personal data and the need of organizations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances. None. Those not categorised as data users under the Order are advised to take necessary compliance measures, including to provide, review and improve the existing policy, procedure, process and system related to personal data processing, so that it will be in line with the Act. Yes. Generally, personal data may not be transferred to a place outside Malaysia unless such place has been specified by the Minister of Information, Communications and Culture. There are prescribed exemptions to this restriction, e.g. where the individual has consented to such transfer of his personal data. Yes. An individual may at any time require a data user to cease or not begin processing his personal data for purposes of direct marketing. There is a Proposal Paper offering guidance on direct marketing, but is yet to be issued as a formal Guideline. None. However, the data user shall, for the purpose of protecting the personal data, provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out, and take reasonable steps to ensure compliance with those measures. Breach of the PDPA 2010 can attract penalties of up to RM 500,000 or imprisonment of up to 3 years or both, depending on the offence. Directors and officers can be charged severally and jointly with the body corporate. An organization may transfer personal data to a country outside Singapore, provided that such organization adheres to a comparable standard of protection (as set out in the PDPA ) in relation to the personal data being transferred. Yes. This includes the prohibition against sending messages for the purposes of marketing to a Singapore telephone number that is contained in the Do Not Call register. None. Breach of the PDPA can attract penalties of up to S$ 100,000 or imprisonment of up to 12 months or both, depending on the offence. Directors, officers, and members of an organization in breach of the PDPA can be held liable for the breaches of that organization. Personal data protection respecting the right of privacy. Laotian Director-General of the Department of Import and Export, Koun Southammakot announced on 9 July 2013 that, A number of s are being revised to be stronger and in line with international standards. New s need to be introduced to enable future trade initiatives like the electronic transactions and data protection s. to establish an integrated ASEAN Economic Community (AEC) by 2015, Myanmar has agreed to develop best practices or guidelines on data protection by then. Although there does not appear to be any plans to introduce a data protection at present, it is an area to watch. There is no comprehensive legislation that regulates the processing and protection of personal data in Myanmar. the damage was caused by the wrongful act regarding his personal data. Certain sectoral legislation does regulate the collection and use of personal information. There have been instances where these sectoral regulators have exerted control over their regulatees in relation to their handling of personal data. A Personal Data Protection Bill has been proposed to the Office of the Council of State. For example: Under the Press Law, official, commercial and financial documents must be kept confidential from the press; The Code of Conduct for certain professions (e.g. yers), public and private institutions impose duties of confidentiality; and Confidentiality agreements are recognized and upheld. personal data obtained must be used for the purposes as agreed with the data owner only. Infringement of an individual s privacy is subject to administrative or criminal penalty: Administrative penalties : fines, confiscation, suspension of licenses and certificates. Criminal penalties : fines, non-custodial reform, imprisonment. Offenders may also be banned from holding certain posts, practicing certain occupations or doing certain jobs for one to five years.

A timeline of Data Privacy enactments in ASEAN ASEAN adopts its first regional declaration concerning data privacy. Art. 21 of the ASEAN Declaration on Human Rights : Every person has the right to be free from arbitrary interference with his or her privacy, family, home or correspondence including personal data, or to attacks upon that person s honour and reputation. 1997 Thailand passes its Official Information Act. The Act did not cover regulation of the private sector, though a Personal Data Protection Bill has been proposed to the Office of the State Council. The Senate of the Philippines passes the Data Protection Act, protecting individual personal information in the government and private sectors. 2009 Though the Act did not come into force until 2013, Malaysia was the first ASEAN member to legislate in relation to the private sector. Laos passes Law on Electronic Transactions to provide ad-hoc protection of personal data. 2010 Vietnam passes consumer rights protection covering most aspects of the private sector to supplement sectoral s that pertain to the collection and processing of personal information. Indonesia enacts a governmental Regulation to add a data privacy component to its existing Law on Electronic Information & Transactions 2009. Singapore passes its Personal Data Protection Law which came into force by January 2013. All rights reserved. No part of this document may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without our prior written permission. This ASEAN Insiders Series represents the state of the as at 1 May 2015. Information about Singapore was obtained from public sources. The information contained in this publication is only to provide a general oversight and does not serve as a substitute for legal advice. If you require any advice or further information, please contact us.

ASEAN INSIDERS, by origin and passion ZICO is a network of leading independent local firms focused on the ASEAN region. With a presence in 15 cities in 8 out of 10 ASEAN countries, our 270 yers enable our clients to enjoy value-added legal services by leveraging on a combination of local expertise and regional insights. ZICO is part of ZICO, an integrated network of multidisciplinary firms helping organizations and individuals succeed in ASEAN. CAMBODIA I INDONESIA I LAOS I MALAYSIA I MYANMAR I SINGAPORE I THAILAND I VIETNAM www.zico.com

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback