mylaw.my

Malaysia legislation

Section 40

of PERSONAL DATA PROTECTION ACT 2010

Section 40

(a)

the data subject has given his explicit consent to the processing of the personal data;

(b)

the processing is necessary—

(i)

for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data user in connection with employment;

(ii)

in order to protect the vital interests of the data subject or another person, in a case where—

(A)

consent cannot be given by or on behalf of the data subject; or the data user cannot reasonably be expected to obtain the consent of the data subject;

Act 709

(iii)

in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;

(iv)

for medical purposes and is undertaken by—

(A)

a healthcare professional; or a person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a healthcare professional;

(v)

for the purpose of, or in connection with, any legal proceedings;

(vi)

for the purpose of obtaining legal advice;

(vii)

for the purposes of establishing, exercising or defending legal rights;

(viii)

for the administration of justice;

(ix)

for the exercise of any functions conferred on any person by or under any written law; or

(x)

for any other purposes as the Minister thinks fit;

or

(c)

the information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.

(2)

The Minister may by order published in the Gazette exclude the application of subparagraph (1)(b)(i), (viii) or (ix)

in such cases as may be specified in the order, or provide that, in such cases as may be specified in the order, the condition in subparagraph (1)(b)(i), (viii) or (ix) is not to be regarded as satisfied unless such further conditions as may be specified in the order are also satisfied.

Personal Data Protection 43

(3)

A person who contravenes subsection (1) commits an offence and shall, on conviction, be liable to a fine not exceeding two hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.

(4)

For the purposes of this section—

“medical purposes” includes the purposes of preventive medicine, medical diagnosis, medical research, rehabilitation and the provision of care and treatment and the management of healthcare services;

“healthcare services” has the meaning assigned to it in the

Private Healthcare Facilities and Services Act 1998 [Act 586];

“healthcare professional” means a medical practitioner, dental practitioner, pharmacist, clinical psychologist, nurse, midwife, medical assistant, physiotherapist, occupational therapist and other allied healthcare professionals and any other person involved in the giving of medical, health, dental, pharmaceutical and any other healthcare services under the jurisdiction of the Ministry of Health.

Repeated collection of personal data in same circumstances

Read in full context — PERSONAL DATA PROTECTION ACT 2010