These slides consist the strategic talking points that are delivered in the Half-Day Public Seminar on Malaysian Personal Data Protection Act 2010 by Noriswadi Ismail of Quotient Consulting. (c) 2011 Quotient Consulting. For further academic enquiries, research and potential collaborations/consulting opportunities, please contact <noriswadi>

1. HALF-DAY PUBLIC SEMINAR ON MALAYSIAN PERSONAL DATA PROTECTION ACT (PDPA) 2010 25 July 2011, Monday, 9.30 am – 12 pm Legal Training Room, Menara SSM @ Sentral By Noriswadi Ismail Quotient Consulting 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

2. Vignette 1 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable Harimau Malaya, Malaysian, holds a Malaysian ID, passport, driving license, 3 Malaysian bank accounts, 2 mobile accounts and 5 loyalty membership cards. His details are also registered in 2 private clinics, 1 government hospital and 2 insurance companies. He has 1 bank account in London and Hong Kong respectively. He travels frequently for business and golfing. He is a director of 3 companies in Malaysia, London and Hong Kong. Also, an avid golfer of 3 golf clubs (Malaysia, Indonesia and Scotland).

3. Executive Summary Q: What is PDPA 2010? Q: Why we need to comply with PDPA 2010? Q: What are the 7 data protection principles? Q: Will PDPA 2010 kill my business operations? Q: To what extend PDPA 2010 affects your business operations? Q: We are a start-up and a semi medium sized company, how should we strategise? Q: When should we start? Q: Is there any additional compliance cost for this purpose? Q: How about formality and enforcement? Q: What’s next and the must-to-do list? Q: How to ensure such data protection & privacy management sustainable? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

4. What is PDPA 2010? ::: An Informational privacy legislation ::: 10 Parts (Preliminary, Personal Data Protection Principles, Registration, Data user forum and Code of practice, Rights of data subject, Exemption, Personal data Protection Fund, Personal Data Protection Advisory Committee, Appeal Tribunal, Inspection, Complaint and Investigation, Enforcement, Miscellaneous, Savings and Transitional Provisions) ::: 146 Sections ::: Jurisdiction: Malaysia 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

5. What is PDPA 2010? ::: Received Royal Assent on 2 June 2010 , and gazetted a week later ::: Compliance commences: 3 months from the date of enforcement ::: Application: To commercial transactions only , not applicable to Federal and State Governments ::: Cross reference to: Electronic Commerce Act 2006’s definition on commercial transactions “…any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking, insurance, but does not include a credit reporting business carried out by a credit reporting agency…” 07/23/11 (c) 2011 Quotient Consulting, Information is Invaluable.

6. What is PDPA 2010? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

7. What is PDPA 2010? *Regulator 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

8. What is PDPA 2010? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

9. What is PDPA 2010? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

10. Why We need to comply with PDPA 2010? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

11. What are the 7 data protection principles? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

12. Will PDPA 2010 kill my business operations? ::: Yes, if, your business operations are inconsistent and non compliance with the PDPA 2010’s 7 data protection principles; ::: Yes, if, your business operations do not have the necessary framework, control, management and monitoring of the 7 data protection principles’ requirements; ::: No, as PDPA 2010 enhances trust, value and reputation of your business; and ::: No, as PDPA 2010 seeks to safeguard all of your data 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

13. To what extend PDPA 2010 affects your business operations? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

14. To what extend PDPA 2010 affects your business operations? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

15. We are a start-up and a semi medium sized company, how should we strategise? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

16. We are a start-up and a semi medium sized company, how should we strategise? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

17. When should we start? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

18. Vignette 2 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable Keranamu is a Government Consultant who advises on strategic acquisition of certain stakes in Company 76, a public listed company, incorporated in Hong Kong. The proposed acquisition is channeled through a leading Government Investment arm. Company 76 appoints an European-based consultant to act on their behalf in the negotiations.

19. Is there any additional compliance cost for this purpose? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable ::: Yes , subject to the budget, resource planning & business plans ::: No, if it has been anticipated

20. How about formality and enforcement? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

21. How about formality and enforcement? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

22. Vignette 3 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable Truly Asia Travels & Tours has been appointed by some governmental agencies and private companies as their exclusive travel agent. The terms of reference include managing such flight, hotel, travel itinerary and related bookings. The amount of data processing of data subjects, transfers and sharing are done globally.

23. What’s next and the to-do-list? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable ::: Strategic planning ::: Resource planning ::: Dissemination planning

24. What’s next and the to-do-list? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable ::: Strategic planning

25. What’s next and the to-do-list? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable ::: Resource Planning

26. What’s next and the to-do-list? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable ::: Dissemination Planning

27. How to ensure such data protection & privacy management sustainable? 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable

28. Vignette 4 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable Hospitals A1, A2 & A3 are government hospitals. These hospitals deal with patients who mostly consist the public and engage with local and international consultants.

29. Vignette 5 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable Universities B1, B2 & B3 are public universities. These universities engage with local and international students, consultants, international academics and universities globally.

30. THANK YOU QC TM London. Kuala Lumpur. Jakarta Data Diagnosis | Privacy Impact Assessment | Data Protection & Privacy Strategy Training | Data Protection & Privacy Certification | Public & Private Consultations <noriswadi@googlemail.com> 07/23/11 (c) 2011 Quotient Consulting, Information Is Invaluable