Master Class #57-Personal Data Protection Act (PDPA) by Noriswadi Ismail

Noriswadi Ismail (Noris) of the Malaysian Data Protection Academy (DPA), and Co-Founder/Managing Consultant of Quotient Consulting shared on our FREE webinar the practical overview of PDPA, its 7 data protection principles and issues to manage, within and after, the sunrise period.



Up Close & Personal with Noris

Noris, Please tell us more about yourself ?

noris4

Pictured in National Costume (During Syawal celebration at the Malaysian High Commissioner’s Residence, London)

I am the Co-Founder and Managing Consultant of Quotient Consulting, a 360-degree data protection boutique consulting firm based in Kuala Lumpur and London. I am also the Executive Director/Head of Data Protection Academy Advisory Board, Malaysia; and Co-Founder/Global Privacy Strategist of Intuitive Asset, a dynamic app solution provider, based in the Golden Triangle, Kuala Lumpur. My team & I consult, advise, research and train on 360-degree data privacy matters. My clients and affiliates include; governmental agencies, multinational companies, government-linked companies, local and global universities, start-up companies, non-profit organisations, entrepreneurs and global professional advisers.

noris1

Passion in running – Noris has completed 12 Half Marathons and 1 full Marathon. He is still running..

I am a proud member of the International Association of Privacy Professionals and alumni of two prestigious scholarship schemes; the British Chevening (the United Kingdom Government Scholarship) and the Association for Overseas Technical Scholarship (Ministry of Economy, Trade and Industry, Japan).

During the spring and summer of 2011, I was a visiting data protection researcher in the University of Oxford’s Centre for Socio-Legal Studies at the Faculty of Law and the Centre for Health, Law and Emerging Technologies, Department of Public Health. On 28th December 2012, I was appointed as the Privacy by Design Ambassador by Dr. Ann Cavoukian, the Information & Privacy Commissioner of Ontario, Canada.

I authored two books. ‘Understanding Personal Data Protection Law’ and the Lead Editor of ‘Beyond Data Protection, Strategic Case Studies and Practical Guidance’ – both published by LexisNexis and Springer in 2013. As at July-September 2013, I manage to complete 12 half marathons. On 21st April 2013, I completed my first full marathon in Virgin London Marathon 2013 for Cancer Research UK.

I recently passed the prestigious Practitioner Certificate in Data Protection, managed & administered by PDP, supported by the The United Kingdom Information Commissioner’s Office (ICO) and accredited by the Law Society of England and Wales and The Bar Council, England and Wales. I was happy to receive the results on 17 January 2014. 🙂

I hold an LLB (Hons) from Ahmad Ibrahim Kulliyyah of Laws, International Islamic University Malaysia and LLM (Information Technology & Telecommunications Laws) University of Strathclyde, United Kingdom. Besides English, I can speak fluently in Bahasa Malaysia, Bahasa Indonesia and basic Arabic. 😀

noris5

Greeted by the Malaysian Personal Data Protection Commissioner – Tuan Haji Abu Hassan during “Understanding Personal Data Protection Law” Book Launch. Accompanied by Ella Wang, Managing Director, LexisNexis Southeast Asia.

How did you start your business ?

After more than a decade working in legal firms and in-house (as the General Counsel/Company Secretary) of a leading ICT listed company in Malaysia, I decided to follow my passion; aiming for organic growth, brand and legacy. It proves to be complex and challenging. I learned a lot of mistakes throughout the start-up process and that makes me stronger. My previous corporate and industry experience whether at the operational, industry and board level helped me partly to sustain and survive.

Having based in London shaped my thinking process differently. I learned the global best practices from the best business partners. I observed marketplace reactions and solutions pertaining to 360-degree sophisticated data protection matters (ranging from regulations, business, technology and sociological aspects). And I developed useful networks across London and Europe.

What motivates you daily to build your business?

noris3

Leading a PDPA Masterclass Workshop for a leading utility, highway and waste management company.

Business is akin to DNA in life. It partly akin to unpredictable weather and marketplace’s reactions. I eat, breathe, live, hate, love, sleep and wake up with data protection. It’s the passion, drive and commitment to proffer 360-degree data protection consulting, training and certification that endlessly motivates me to sustain.

Have you ever failed at anything? If so, how did you handle it and what did you learn?

Failures are invaluable lessons at the start-up stage. It’s a natural progression in business. Most of the business failures – operationally and financially – considered as imperfections. But, these imperfections make the business perfect.

What services or products is your company offering ?

I drive and co-lead 2 business arms …

Company #1 Quotient Consulting (QC)

Quotient Consulting (QC) offers an array of data protection & privacy business package to stakeholders (start-ups, semi medium sized enterprises, private limited and public limited/listed companies, government linked companies, universities and research institutions, non-governmental organisations and to the Malaysian / ASEAN governments).

Consulting services include: data protection & privacy diagnosis, privacy impact assessment, privacy by design advisory & review, data protection & privacy strategy, management and monitoring, internal controls review relating to data protection & privacy.

Research consultations include: potential responses to public consultation papers from Malaysian Data Protection Commissioner, European Commission (Article 29 Working Party on Data Protection) and the Federal Trade Commission (US) and Asia Pacific Economic Cooperation Privacy matters (under the Electronic Commerce Steering Group).

noris2

with Eddie Law (elawyer.com.my)

Company #2 Data Protection Academy (DPA)

Mission

  • To lead data protection knowledge dissemination in Malaysia and beyond
  • To champion data protection thought leadership, training and consulting for all
  • To embrace data protection through strategic collaboration and partnership in Malaysia and beyond

Vision

  • To be your premier data protection certification provider
  • To deliver a world class data protection education in Malaysia, ASEAN and beyond
  • To groom data protection professional talents via ethicability and trustability

Noris, What’s next for your companies ?

After 3 years (since 2011 to date), I am humbled with the organic growth of QC. Strategically, the first 3 years focused on brand building and visibility (coined as Wave 1); Wave 2 aims to commoditize potential profit and revenue derived from Wave 1.

I’ll be sharing on FounderMethod FREE webinar the practical overview of PDPA, its 7 data protection principles and issues to manage, within and after, the sunrise period. I’ll also be partnering with FounderMethod to start an online training series on Data Protection somewhere in March or April 2014. Key in Your details and we’ll inform you once the training is LIVE. Those that key in will get our special Pre-Launch Price. 

Click Below to View Webinar Replay of Noris and get all notes 

Webinar Replay on Personal Data Protection Act 2010 Presenter (Noris from Data Protection Academy) Host (Evanna Phoon)

If you enjoyed this article, subscribe to our email list to get FREE email updates on free webinars or tips

Subscribe to our mailing list

* indicates required


5 Comments

  • JEONG CHUN PHUOC

    Reply Reply May 7, 2014

    RSS
    Like us on Facebook
    BPO @Twitter
    UB @Twitter
    BPO Gallery
    Google+
    YouTube
    CONTACT US
    ADVERTISE
    CAREERS
    BOOKMARK US

    [Borneo Post Online]
    Site Last Updated 11:47 am, Wednesday

    Home
    News
    Biz
    Sports
    Utusan Borneo
    thesundaypost
    Columns
    seeds.theborneopost.com

    Home – News – Sarawak
    Personal Data Protection Act to reduce digital harassment

    by Lim How Pim, reporters@theborneopost.com. Posted on January 3, 2014, Friday

    Details on Personal Data Protection Act 2010 available in here.

    Wong King Wei

    Su Chua Phin

    KUCHING: The Personal Data Protection Act (PDPA) 2010 will cut down digital harassment if not wipe it out altogether, said lawyer of 15 years, Su Chua Phin.

    Enforced last November, the Act would protect the information and privacy of consumers and citizens as a whole while guaranteeing peace of mind, he said.

    “It is good and timely. How many times have we received unwanted SMSes, emails and calls? Somehow, you feel uneasy about how much information they have about us when they send us promotional materials.

    “I think it is tantamount to digital harassment, and hope this act will put an end to, or at least reduce it,” he said when contacted here yesterday.

    He was asked to comment on PDPA 2010, which required data users in the country to register with the Personal Data Protection Department to comply with the principles under the act.

    Su was unable to give a professional view as he has yet to obtain a copy of the act.

    He said with the law in place, violation of personal data or its processing would be an offence, and the authorities would act if the report filed warranted it.

    On enforcement, Su said: “If they are serious in putting it into law, then the government must be serious in putting it into force, otherwise there is no point putting it into law.”

    Meanwhile, state DAP Youth chief Wong King Wei said the act was new in Malaysia as prior to this enactment, all personal data were not protected.

    He said under the act, data users or holders could not release any information to anyone without the consent of the data subject under the act.

    “Before this, the holder can release information without any hindrance. The law now imposes the duty by way of criminal offence, which means the police have to investigate,” said the Padungan assemblyman.

    Wong, who is also a lawyer by profession, said he had just received a material on the act. It requires time for him to study the book titled ‘Personal Data Protection — Cases and Commentary with Applied Syari’ah Principles’.

    An excerpt read: ‘Data users must comply with the seven principles enshrined in the PDPA 2010. Data users, unless exempted under the PDPA 2010, who contravene any of the Personal Data Protection Principles of the PDPA 2010 commit an offence.’

    The book also points out that not all countries have enacted similar PDPA Acts. And countries which have enacted some form of personal data protection do not share the same Section 5(2) offence, which carries a fine not exceeding RM300,000 or jail term not more than two years or both.

    The severity of a Section 5(2) offence differs from one jurisdiction to another and will not affect the Economic Gearing and Financial Liability Impact (EGFLi) Factor.

    Wong admitted that citizens in the country enjoy good laws but suffer from poor enforcement. He said good laws must be supplemented by efficient and impartial enforcement.

    On the police probe, he believed special skills need not be expected of the men in blue, given that investigation on infringement of personal data was no different from the usual investigative tasks.

    “It is like normal investigation which needs tracing. It means the police have to trace where the source of information comes from.”

    Last November, Communication and Multimedia Minister Datuk Seri Ahmad Shabery Cheek said an estimated 25,000 institutions in the country were categorised as data users and expected to register with the Personal Data Protection Department by Feb 15 this year.

    He revealed that Malaysia is the first nation among its Asean counterparts to enforce such an act to ensure information security, network reliability and integrity of data protection in the country.

    The department defines data users as those processing personal data or have control over such data, or authorise the processing of personal data.

    Sectors classified as data users include communication, banking and financial institutions, insurance, health, tourism, hospitality, transport, education, direct selling, services, real estate and utilities.
    Print Friendly
    Share this:

    Email
    Facebook16
    Twitter4
    Google

    <>
    We encourage commenting on our stories to give readers a chance to express their opinions; please refrain from vulgar language, insidious, seditious or slanderous remarks. While the comments here reflect the views of the readers, they are not necessarily that of Borneo Post Online. Borneo Post Online reserves the right not to publish or to remove comments that are offensive or volatile. Please read the Commenting Rules.

    Comments are closed.
    [Get BPO Android App on Google Play now!]

    Popular
    Latest

    Today Week Month All

    Taib calls for better public transport
    Woman complains of sexual harassment at home
    Application denied to import Christian books with word ‘Allah’
    Resort staff killed on way home
    Hilang kewarasan

    Weekly News Highlights
    Affiliates
    Supplement Downloads

    BPIEF 2014 Hourly Lucky Draw on 22.03.2014 (Full)
    BPIEF 2014 Hourly Lucky Draw on 23.03.2014 (Full)
    Perfect Wedding Supplement 2013
    Malaysia Day Supplement 2013
    New Year Supplement 2014
    Real Estate And Housing Supplement 2013
    STIDC Supplement 2013
    Legacy Of Leadership
    Ushering In A New Era
    BPIEF 2014 Supplement

    Member of
    [Malaysia Digital Association]
    [Subscribe to The Borneo Post, See Hua Daily, and Utusan Borneo Newspaper Now!]
    BPO SECTIONS

    Home
    News
    Business
    Sports
    Utusan Borneo
    thesundaypost
    Columns

    USEFUL LINKS

    BPO Commenting Rules & Regulations
    BPO News Archive
    Handy Contacts

    This service is provided on BorneoPost online standard Policies and Conditions. Copyright 2010-2014 BorneoPost Online. All Rights Reserved.

    Read more: http://www.theborneopost.com/2014/01/03/personal-data-protection-act-to-reduce-digital-harassment/#ixzz310YkyHmE

  • JEONG CHUN PHUOC

    Reply Reply May 7, 2014

    “SMES in MALAYSIA AND IMPACT OF PERSONAL DATA PROTECTION LAW”

    A good article on a difficult subject. Even at this point in time,SMES in MALAYSIA are not aware of the business impact and consequential liability under the PDPA 2010.

    JEONG CHUN PHUOC
    CONS EXT.ADV GEN CLI.SL.
    jeongchunphuoc@gmail.com

  • JEONG CHUN PHUOC

    Reply Reply September 18, 2014

    “NEW PDPA COMMISSIONER MALAYSIA”

    The writer thank the former PDPA COMMISSIONER for his service to PDPA protection and improved ease of doing business for American/EU companies here in Malaysia.

    It is hope that the new PDPA COMMISSIONER will further enhance and elevate PDPA to phase two of the PDPA implementation roadmap.

    ……………..
    Jeong Chun Phuoc
    Adv CLI. Big Compliance and Big LAw.
    He can be reached at jeongchunphuoc@gmail.com

  • JEONG CHUN PHUOC

    Reply Reply September 23, 2014

    “BIG COMPLIANCE IN THE AGE OF INNOVATION: PERSONAL DATA PROTECTION LAW IN MALAYSIA AND ASEAN REGION”

    Jeong Chun Phuoc.

    A. INTRODUCTION
    The PERSONAL DATA PROTECTION ACT 2010 (‘PDPA 2010’) was enforced within reasonable time by Malaysia commencing 15 Nov 2013. Despite its enforcement, the private sector is still in the dark. Many do not have in place any proper PDPA COMPLIANCE PROGRAM.

    The PDPA enforcement position adopted by Singapore is a good move in the right direction as well.

    B. COMPLIANCE ASSESSMENT
    Despite potential serious fines and penalties for PDPA violations and PDPA non-compliance, the attitude remains lackadaisical.

    C. PHASE 2 ENFORCEMENT
    In Phase 2 of the COMPLIANCE & ENFORCEMENT MODEL, strict enforcement and audit measures will be taken to enforce COMPLIANCE.

    D. CONCLUSION.
    Megatrend in PDPA protection will see full adoption and enforcement of PDPA protection within ASEAN region in particular, commencing ASEAN ECONOMIC COMMUNITY (AEC) 2015 and beyond.

    E. COMPLIANCE PROGRAM
    Organisations are strongly advised to establish an effective COMPLIANCE PROGRAM to ensure full compliance
    with PDPA ACT 2010 to avoid serious fines and penalties for non-compliance/violations under the PDPA 2010.

    ………………………………..
    JEONG CHUN PHUOC
    Adv CLI. Big Compliance and Big Law.
    He may be reached at jeongchunphuoc@gmail.com
    (this is his personal view)

  • JEONG CHUN PHUOC

    Reply Reply October 27, 2014

    PDPA MEGATREND UPDATES OCTOBER 2014.

    “BIG COMPLIANCE : PERSONAL DATA PROTECTION IN ASIA-PACIFIC”
    27 october 2014. monday. JEONG CHUN PHUOC

    1. DATA SNAPVIEW.

    CLOUD DATA and SERVICES can be contentious if not properly addressed according to BIG COMPLIANCE framework understanding. This is complicated by Chinese data protection law versus Western data protection requirements within the context of global data trade. XIAOMI’s act of transferring CLOUD SERVICES out of CHINA is a case in point.

    2. COMPLIANCE GAME.

    Moving CLOUD SERVICES and parking them at a Data Protection friendly jurisdiction (DPF) will neither exempt nor exclude the company in question from LIABILITY.

    3. BIG COMPLIANCE

    BIG COMPLIANCE FRAMEWORK advocates that there is a need for an INTEGRATED and COMPREHENSIVE COMPLIANCE to bridge data protection differences between East and West. This is just the beginning.

    4. COMPLIANCE AGENCY

    One better way forward is to set up a global watchdog called COMPLIANCE AGENCY perhaps under the UNITED NATIONS to ensure equitable and practical compliance at both local and international data trade levels.

    …………………………….
    JEONG CHUN PHUOC
    Adv in Big Compliance
    He can be reached at jeongchunphuoc@gmail.com

Leave A Response

* Denotes Required Field