Ali Alibeigi, Abu Bakar Munir, Adeleh Asemi

Abstract - The massive and implausible advancements in the fields of information and communications technology, and especially the internet, have increased both the value and threats to the information privacy of individuals. The Malaysian Personal Data Protection Act 2010 (PDPA) was a governmental endeavour to protect the information privacy of the citizens. However, the Act;s output and the level of compliance by the data user are in a halo of ambiguity. This qualitative study using the document analysis aimed to find out to what extent the communications companies comply with the Act. Hence, the privacy policies of these companies were evaluated in line with the requirements of the Act. The results indicated that more or less all samples failed to satisfy the PDPA requirements. The solutions provided by this research can be used as practical guidelines to draft a Standard Privacy Policy. The suggestions also would benefit the Personal Data Protection Commissioner in performing his duties and fuctions.

Keywords: data protection officer, data user, Malaysia, PDPA, personal data, privacy