Personal Data Protection Act 2010

Personal Data Protection Act 2010

Objective /Benefits


WORKSHOP OVERVIEW

The purpose of conducting the Personal Data Protection Act 2010 (PDPA 2010) workshop / training is to create awareness on PDPA 2010 requirements among individuals who deal with customer’s personal data. This workshop will be providing the rules and regulations, coupled with do’s and don’ts with customer’s personal data in order to avoid or minimize the risk of the same being unlawfully used or disseminated. 
This workshop / training will also provide an insight on how personal data can be better protected, from a Risk Management perspective i.e:- by formulating prevention methodologies and risk mitigation plans.


WORKSHOP OBJECTIVE

After completing this course participants will be able to:
1.    Understand the application of the Personal Data Protection Act 2010 and its related offences as a result of non-compliance.
2.    To reorganize the practices and process at the respective work areas to support data protection in line with Personal Data Protection Act 2010
3.    Increase the data integrity and ensure business continuity without contamination and infringement. 
4.    Develop principles and mechanism to detect and prevent unauthorized management and dissemination of Personal Data.
5.    To develop and execute a Risk Based Compliance Inspection Plan to protect personal data.


METHODOLOGY

Highly Interactive Session, with a bilateral approach to the subject matter allowing participants to share incidences at respective work locations, Case Studies, Video Presentation, Mind Mapping and Recap Sessions, Mini Workshop Session – allowing participants to develop their own process and to support subject matter and work in synergy with other participants.

 


Program Outline

WORKSHOP OUTLINE

DAY 1
09:00 AM – 10:30 AM    
> The Underlying reason for the enactment of Personal Data Protection Act 2010
•    Increasing number of the following cases:- Identity Theft, Data Loss, Unauthorized dissemination of data, Fraudulent Activities
> Overview of Personal Data Protection Act 2010 
•    Regulates processing of personal data 
•    Only commercial transactions
•    Not data processed outside Malaysia 
•    7 Principles 
•    Criminal offences 
•    No civil remedies
•    Other supporting Regulations under PDPA 2010 

10:30 AM – 10:45 AM    Morning Tea Break

10:45AM – 01:00PM        
> Data User
•    Definition 
•    Categories
> Data Subject
•    Definition 
•    Categories
> Personal data 
•    What
is Personal Data and its express and implied definition
•    Forms of Personal Data: As long as it identifies a data subject .
•    Email – Whether it can be classified as personal data depends on the circumstances of the case.
•    IP address - Whether it can be classified as personal data depends on the manner in which it is disclosed.    
•    Employer and Employee relationship. Data collated as pre-employment checks; Data volunteered just prior to employment; Data obtained during the course of employment.
> Commercial Transaction – 
•    Any transaction of a commercial nature, whether contractual or not. 
•    What are the areas of commercial activity that falls under the purview of Commercial >
Transaction.
•    Contracts
> Sensitive personal data  
•    Definition and categories
•    Circumstances and conditions under which it can be processed or disseminated within the ambits of Personal Data Protection Act 2010
> Processing – What constitutes Processing
•        Collecting 
•        Recording 
•        Holding 
•        Storing 
•        Organizing 
•        Publishing on the Internet 
•        Making available 

01:00PM – 02:00PM        Lunch

02:00PM – 03:30PM        
> Classroom Activity & Mind Mapping
-    Participant’s perspective and view
> Principles of Data Protection 
For data to be processed lawfully in Malaysia, a data user shall comply with the following principles, namely
•    General Principle
•    Notice and Choice Principle 
•    Disclosure Principle
•    Security Principle
•    Retention Principle 
•    Data Integrity Principle
•    Access Principle

03:30 PM – 03:45PM        Afternoon Tea Break

03:45PM – 05:00PM    A detailed explanation coupled with examples and case studies of each principle will be shared with participants. The exception to the General Principle will also be discussed.
> In instances of crime prevention, the following principles must be upheld (at least):
•    General principle 
•    Notice & choice principle 
•    Disclosure principle 
•    Access principle. 

DAY 2
09:00AM – 10:30AM        
> Mind Mapping and Recap Of Day 1 Session
> Personal Data Protection Commissioner  
•    
Appointment under the PDPA 2010. 
•    Complaint Channel 
•    The rights to conduct investigations and audits
•    Whether decision of Commissioner appealable 
> Registration of Data User
•    Registration process
•    Approval
•    Renewability of registration

10:30AM – 10:45AM        Morning Tea Break

10:45AM – 01:00PM        
> Transfer of Data Overseas 
•    Who can authorise transfer
•    Circumstances under which Data User can effect transfer within the ambits of PDPA 2010

01:00PM – 02:00PM        Lunch

02:00PM – 03:30PM        
> Video Presentation on Personal Data Protection.
> Rights of data subject 
•    Right to access personal data 
•    Right to correct personal data 
•    Right to withdrawn consent 
•    Right to prevent processing likely to cause damage or distress 
•    Right to prevent processing for purpose of direct marketing 
> What Constitutes an Offence under the Personal Data Protection Act 2010
•    Summary of Offences
•    Case Study
> Liabilities under the Personal Personal Data Protection Act 2010
•    Liabilities within the ambit of the act and its related impact.
> Enforcement mechanism can consist of one or a combination of the followings:
•        Data protection commissioner 
•        Advisory committee 
•        Appeal tribunal 
•        Codes of practice 
•        Enforcement notice 
•        Prosecution 
•        Revocation of registration 

03:30 PM – 03:45PM        Afternoon tea break

03:45PM – 05:30PM    
> Classroom Activity – Participants divided into groups and to present their proposed plan
Eg:- How can an organization develop its own Data Protection Strategies within the ambits of Personal Data Protection Act 2010
> Information Security Policies
-    Clean Desk Policy,
Enforcement and Execution, Non-Disclosure requirement.
> Risk Management and Assessment Principles
-    With measurable KPIs and trigger factors
-    Establish SOPs
-    Close Loops Contracts
Wrap Up With Mind MappingSession.

Profile


TRAINER PROFILE - SURESH KUMAR

He is currently the Managing Director of Paradigm Resources (his own business entity), specialized in providing risk management / assessment services for internal / external associates; Consultation on Brand Standards / Management / Protection; Contract Management; Outsourcing & Subcontracting; and; Human Resources training and development programmes on various specialized topics, predominantly, Risk Management related subject matters, either on an one off  or Project basis.

With his background of a law degree, he is able to invoke legal implications in his programmes to make it more comprehensive and value added substance. In addition,  his fluency in English and Bahasa Malaysia enables him to conduct training programmes effectively in both languages.

> Infineon technologies (M) Sdn Bhd – Security Manager (Backend Manufacturing Plant, Melaka)
> Celcom Axiata Sdn Bhd – Manager, Head of Risk Management (Nationwide)
> Rennaisance Melaka Hotel (Marriott International) – Loss Prevention and Brand Standard Manager ( Melaka Hotel Facility)
> Flextronics Penang -  Loss Prevention Manager ( 5 Contract Manufacturing Sites in Penang)

Television interview by National Hong Kong Television (NHK TV) on Crisis Management of the missing Malaysian Aircraft (MH370)