IV. Privacy issues
The National identity card (MyKad) is issued to all citizens who apply for them and the minimum age for obtaining a MyKad is 12. The MyKad is a mandatory form of identification: there is a duty to carry and produce the MyKad, and failure to do so is punishable by sanctions such as fines, or even imprisonment. Most official transactions require the MyKad to be furnished. Biometric information is contained within the MyKad.
Medical Privacy and Health Management
The Private Healthcare Practitioners Act, public health laws, and insurance laws all touch on privacy in the access of medical and health care services.
There are no requirements to disclose or collect information, such as HIV registration. There is, however, a move towards digitising health records. Two hospitals in Malaysia have already gone paperless; one primary healthcare facility also has an electronic health record and does not maintain a paper record. In addition, in 1985 a Teaching Hospital in Kuala Lumpur developed a Health Information Management Administration System (HIMAS) using an IBM mainframe computer covering patient admission, transfer, and separation (ATS), appointment scheduling and a medical records tracing system.
The PDPA does not meet the standards set out by Article 29 of the European Union Working Party, which means Malaysia would not be able to process any transaction involving personal data coming out of the EU.
Banks in Malaysia are required to have a copy of the customer's MyKad information, including card number, customer's name, age, sex, race, address, and email.The Banking and Financial Institutions Act 1989 requires banks to report suspicious transactions to the Bank Negara (Central Bank).
The Inland Revenue Board can access financial information with a court order. The same applies to the Police and the Securities Commission when investigating white collar crimes like fraud, insider trading and other finance-related crimes.
Although consumer privacy is an issue in Malaysia, particularly with respect to advertising through mobiles phones, it has not garnered any significant public attention. There has yet to be a case litigated on this subject, consumer issues are addressed in the Data Protection Act.
In the context of sex offence, Malaysian Courts often hold trials on camera, with strict injunctions barring media from mentioning the names of persons of interest in the case. The media too exercises discretion by not running the victim's name and picture. However, this remains a discretion and is not legislated.
However, there was a case in 2009 where a female politician's intimate pictures were distributed online in what was clearly a violation of privacy, but there was never any prosecution carried out of the alleged perpetrator or efforts made to bring him back from Indonesia where he reportedly fled after the pictures were distributed on Malaysian blogs. This created a public uproar, underscoring the need for a privacy law.
Similarly, another politician was forced to resign from a major political party after footage illegally made of him and his partner made the rounds on the Internet. Similarly, this case did not result in a prosecution and scant attention was paid to the fact that the politician's right to privacy was violated.