Malaysia legislation
Section 23
Section 23
(a)
on its own initiative; or
(b)
upon request by the Commissioner.
(2)
The data user forum shall, in preparing a code of practice under subsection (1), consider matters including—
(a)
the purpose for the processing of personal data by the data user or class of data users;
(b)
the views of the data subjects or groups representing data subjects;
(c)
the views of the relevant regulatory authority, if any, to which the data user is subject to; and
(d)
that the code of practice, upon having regard to all of the matters in paragraphs (a), (b) and (c) and any other matters, offers an adequate level of protection for the personal data of the data subjects concerned.
(3)
The Commissioner may register the code of practice prepared pursuant to subsection (1), if the Commissioner is satisfied that—
(a)
the code of practice is consistent with the provisions of this Act; and
(b)
the matters as set out in subsection (2) have been given due consideration.
(4)
The code of practice under subsection (1) shall take effect on the date of registration of the code of practice by the
Commissioner in the Register of Codes of Practice.
(5)
If the Commissioner refuses to register the code of practice, the Commissioner shall notify the relevant data user forum of his decision in writing and provide the reasons for it.
Personal Data Protection 29
(6)
If the Commissioner neither registers nor refuses to register a code of practice within thirty days from the date of receipt of the code of practice by him for registration, he shall be deemed to have refused the registration of the code of practice.
(7)
The Commissioner may register different codes of practice for different classes of data users.
(8)
The Commissioner and data user shall make available to the public any code of practice registered under subsection (3).
Commissioner may issue code of practice