Data Privacy Practices of Private Higher Education Institutions in Malaysia: A Preliminary Study

Authors

  • Surianom Miskam Faculty of Syariah and Law Universiti Islam Selangor (UIS) Author
  • Nawal Sholehuddin Faculty of Syariah and Law Universiti Islam Selangor (UIS) Author
  • Farah Mohd Shahwahid Faculty of Syariah and Law Universiti Islam Selangor (UIS) Author
  • Tuan Nurhafiza Raja Abdul Aziz Faculty of Syariah and Law Universiti Islam Selangor (UIS) Author
  • Naqibah Mansor Faculty of Syariah and Law Universiti Islam Selangor (UIS) Author

DOI:

https://doi.org/10.53840/myjict8-2-99

Keywords:

Data privacy, private higher education institutions, personal data protection, Code of Practice, data user

Abstract

Private higher education institutions as data users are subjected to the requirements of the Personal Data Protection Act 2010 (PDPA). These institutions process employee data as well as data of potential students, active students and alumni. They also deal with data of third parties such as vendors, visitors and contractors. Ten years after the coming into effect of the PDPA in 2013, the education sector has yet to develop their personal data protection code of practice as required by the Act. The General Code of Practice (CoP) of Personal Data Protection was introduced in December 2022 with the objective to provide guidelines to the Class of Data Users who have not prepared a Code of Practice and there is no data user forum to develop the relevant Code of Practice for the Class of Data Users. As the General CoP is legally binding, it is an offence punishable under the Act for any data user for failure to comply with any provision of this General CoP. As data users, private higher education institutions need to introduce certain mechanisms to adhere to the requirements such as privacy policy and procedure. This paper aims to compare the data privacy practices of private higher education institutions in Malaysia in order to determine to what extent the law has been complied with. Being a qualitative study, this paper applies content analysis technique. Data privacy policies of four private higher education institutions in Malaysia were examined to attain the objective. The four private higher education institutions are Universiti Tenaga Nasional (UNITEN), Universiti Teknologi PETRONAS (UTP), Taylor’s University and University of Nottingham Malaysia. The data privacy policies of the four institutions are accessible on the official website of the institutions. The study indicates that in the absence of a personal data protection code of practice for the education sector as a guideline, the data privacy practices of the institutions vary from one to another. While some of the privacy policies contain provisions which are general in nature which may lead to confusion to the data subjects, the data privacy policies show that the four institutions have, to a certain extent, complied with the requirements of the PDPA in general.

Downloads

Download data is not yet available.

References

Addae, J.H., Brown, M., Sun, X., Towey, D. & Radenkovic, M. (2017). Measuring attitude towards personal data for adaptive cybersecurity. Information and Computer Security, Vol. 25 No. 5, pp. 560-579.

Ataei, M., Degbelo, A., Kray, C. & Santos, V. (2018). Complying with Privacy Legislation: From Legal Text to Implementation of Privacy-Aware Location-Based Services. ISPRS Int. J. Geo-Inf. 2018, 7, 442.

Fernandes, J., Machado, C. & Amaral, L. (2022). Identifying critical success factors for the General Data Protection Regulation implementation in higher education institutions. Digital Policy, Regulation and Governance, Vol. 24 No. 4, pp. 355-379.

Katulić, A., Katulić, T. & Hebrang Grgić, I. (2022). Application of the principle of transparency in processing of European national libraries patrons' personal data. Digital Library Perspectives, Vol. 38 No. 4, pp. 399-411.

Leng, O. T. S., Vergara, R. G., & Khan, S. (2021). Digital Tracing and Malaysia’s Personal Data Protection Act 2020 amid the COVIS-19 Pandemic. Asian Journal of Law and Policy, Vol. 1 No. 1 (July 2021).

Moore, D. S., & McCabe, G. P. (2005). Introduction to the Practice of Statistics (5th ed.). New York, NY: W.H. Freeman & Company.

Noor Sureani, N., Awish Qarni, A. S., Azman, A. H., Othman, M. B. & Zahari, H. S. The Adequacy of Data Protection Laws in Protecting Personal Data in Malaysia. Malaysian Journal of Social Sciences and Humanities, Volume 6, Issue 10 page 488 – 495.

Pelteret, M. & Ophoff, J. (2016). A review of information privacy and its importance to consumers and organi- zations. Informing Science: The International Journal of an Emerging Transdiscipline, 19, 277-301.

Sudarwanto, A.S. & Kharisma, D.B.B. (2022). Comparative study of personal data protection regulations in Indonesia, Hong Kong and Malaysia. Journal of Financial Crime, Vol. 29 No. 4, pp. 1443-1457.

Westin, A.F. (2003). Social and political dimension of privacy. J. Soc. Issues. 2003, 59, 431-459

Statute, Standard and Guidelines

Personal Data Protection Act 2001

Personal Data Protection (Class of Data Users) Amendment 2013

Personal Data Protection (Class of Data Users) Order 2013

Personal Data Protection (Compounding of Offences) Regulations 2013

Personal Data Protection (Fees) Regulations 2013

Personal Data Protection (Registration of Data User) Regulations 2013

Personal Data Protection Regulations 2013

Personal Data Protection Standard 2013

Published

09-07-2024

Issue

Section

Articles

How to Cite

Data Privacy Practices of Private Higher Education Institutions in Malaysia: A Preliminary Study. (2024). Malaysian Journal of Information and Communication Technology (MyJICT), 8(2), 88-99. https://doi.org/10.53840/myjict8-2-99