Compliance with Malaysian Personal Data Protection Act 2010 by banking and financial institutions, a legal survey on privacy policies

ABSTRACT The sensitivity and value of personal information, especially financial data concerning the increasing threats, particularly in the online domain, make it urgent to assess how far financial companies are serious about respecting and protecting individuals’ information privacy. The recent incidents and cases in Malaysia indicate this necessity. To date, there is not any official report or study concerning this issue in Malaysia. The purpose of the research was to assess the out-put of the Malaysian Personal Data Protection Act 2010 through evaluating the privacy policies of the Banks and Financial Institutions. In this qualitative research, the compliance assessment is delimited to compliance with specific requirements, especially the Notice and Choice Principle and individuals’ rights through document study. We proposed an evaluation model based on the standards of the PDPA. The qualitative analysis of the results showed a non-compliance with the requirements of the Act by the financial sector. Hence, suggestions and solutions are provided in line with a standard privacy policy for these types of companies.