https://media.malaymail.com/uploads/articles/2020/2020-05/0205_20200502YM08.jpg
A worker checks the body temperature of a customer at Khulafa Restaurant in Shah Alam May 2, 2020. — Picture by Yusof Mat Isa

MCMC warns businesses not to misuse personal data collected for Covid-19 contact tracing

KUALA LUMPUR, May 29 — All business premises allowed to operate during the Conditional movement control order (CMCO) must comply fully with the operating procedures with regards to the collection, processing and storing of personal data, as set by the Communications and Multimedia Ministry (KKMM).

KKMM in a statement today said the standard procedures had been approved in a special ministerial committee meeting on the implementation of the movement control order (MCO) on May 21.

According to the statement, only the customer’s or visitor’s name, contact number, date and time of visit, should be recorded and it was up to the premises owners to implement either manual or electronic recording.

In addition, a notice must be displayed and easily seen to inform visitors or customers on the purpose of the personal data and that the data is used only for the purpose of contact tracing in accordance with the Prevention and Control of Infectious Diseases Act 1988 (Act 342).

The business premises must also ensure that the data obtained are accurate, complete and not misleading and the information could only be kept up to six months after the Conditional MCO ends, after which all data must be destroyed and deleted.

Non-compliance of the procedures is an offence, and if convicted, premises owners could be fined up to RM300,000 or jailed for two years or both, under the Personal Data Protection Act 2010 (Act 7090.

However, the procedures are subject to changes, as and when new rulings are introduced by the government, the statement said.

“As such the public need not worry about sharing their personal data at any business premises for the purpose of Covid-19 contact tracing as KKMM would conduct continuous monitoring,” it added.

Any complaints regarding the implementation of this advisory may be filed through the Personal Data Protection System (SPDP) at this link. — Bernama