Category: PDPA (Page 2 of 4)

PDPA Training – Tropicana Medical Centre

tropicana-medical-center-logo

We had the privilege recently to conduct our PDPA Assessment Training to Tropicana Medical Centre – to almost 40 people over 2 sessions. We touched on several topics, including a live demonstration of using software for hacking and personal data collection through the internet. Furthermore, we went through the Personal Data Protection Act – and more importantly how to implement into companies.

Each companies have different implementation – each has different DNA and risk profile. The important thing is not to just use PDPA Act as a blanket implementation, but tie the requirements of PDPA (or the spirit of it, as we say) to known standards – the General Accepted Privacy Principles (GAPP) from AICPA and the Health Insurance Portability and Accountability Act (HIPAA), as well as the well known ISO27001 and PCI-DSS for IT controls.

IT Controls are generally important to the implementation of PDPA due to the fact that in most companies, information has been digitised and stored in some database or some logical storage (as opposed to metal cabinets as days of old).

Aside from those, we went through a very useful demonstration of Alien Vault, as a way to control assets, secure the network and monitor traffic to ensure information is not breached.

Personal Data Protection Act Training

personal-data-protection-act

We recently provided PDPA training to a public listed company. Unlike the normal awareness training or the dragging-through-the-entire-Act training that we are accustomed to, we have made this specifically for internal auditors on how to build an audit program surrounding PDPA (utilising AICPA GAAP and several other programs), as well as demonstration of some tools to hack/gather personal information and also some tools to prevent/monitor people hacking/gathering personal information.

The full training program is here

Assessing Compliance of PDPA in Your Organization

 

PKF Avant Edge is now HRDF certified training company

hrdf

We are now a HRDF certified training company.

We have several training that is SBL claimable that includes training materials and certificate of attendance:

1) PCI-DSS Foundation Training (PCIP Led, QSA developed materials), certificate of training from PKF and our vendor QSA Control Case International

2) PCI-DSS Implementor Training (PCIP Led, QSA developed materials), certificate of training from PKF and joint QSA vendor Control Case International

3) GST Malaysia Training (Led by RMCD Certified Trainer)

3) Introduction to Technology Audit (Led by Certified Auditor and Certified Information Security Professional – CISA,CISSP)

5) Project Management Level 1: Foundations (Led by Project Management Professional Certified)

6) Project Management Level 2: Advance (Led by Project Management Professional Certified)

7) Personal Data Protection Act Training (Led by Certified Auditor and Certified Information Security Professional)

Stay tuned for more details. Our training site has been updated at http://www.pkfavantedge.com/training-programs/

If you need more information, please send your enquiries to training@pkfmalaysia.com.

PDPA Data User Classifications

Almost a year in since PDPA was enforced last year, we are still faced with slow adoption by many of our clients. We are still getting questions on whether they need to ‘register’ or not, and if they don’t, they assume they are exempted from the Act.

Registration and compliance are two different matters. Registration applies to the 11 categories of industries, while compliance applies to every organisation dealing with personal information for commercial purpose, including HR.

As for easier reference, the data user classifications and details, once more, as follows:

Class Description
Communications Licensees under the Communications and Multimedia Act 1998

Licensees under the Postal Act 2012

Banking and Financial Institutions Banks and investment banks licensed under the Financial Services Act 2013

Islamic banks and international Islamic banks licensed under the Islamic

Financial Services Act 2013

Development financial institutions under the Development Financial Institution Act 2002

Insurance Insurers licensed under the Financial Services Act 2013

Takaful operators and international takaful operators licensed under the

Islamic Financial Services Act 2013

Health Licensees, and holders of a certificate of registration of a private medical clinic or a private dental clinic, under the Private Healthcare Facilities and Services Act 1998

A body corporate registered under the Registration of Pharmacists Act 1951

Tourism and Hospitality Persons carrying on or operating tourism training institutions, licensed tour operators, licensed travel agents or licensed tourist guides under the Tourism Industry Act 1992

Persons carrying on or operating a registered tourist accommodation premises under the Tourism Industry Act 1992.

Transportation Malaysian Airlines (MAS), Air Asia, MAS Wings, Air Asia X, Firefly, Berjaya Air and Malindo Air
Education Private higher educational institutions registered under the Private Higher Educational Institutions Act 1996

Private schools or private educational institutions registered under the Education Act 1996

Direct Selling Licensees under the Direct Sales and Anti-Pyramid Scheme Act 1993
Services Companies or persons in a partnership carrying on businesses in connection with legal, audit, accountancy, engineering or architecture services ;

Companies or persons in a partnership conducting retail dealing and  wholesale dealing as defined under the Control Supplies Act 1961;

Companies or persons in a partnership carrying on the business of a private employment agency under the Private Employment Agencies Act 1981

Real Estate Licensed housing developers under: the Housing Development (Control and Licensing) Act 1966; the Housing Development (Control and Licensing) Enactment 1978, Sabah; and the Housing Development (Control and Licensing) Enactment 1993, Sarawak.
Utilities Tenaga Nasional Berhad, Sabah Electricity Sdn Bhd, Sarawak Electricity, Supply Corporation, SAJ Holding Sdn Bhd, Air Kelantan Sdn Bhd, LAKU Management Sdn Bhd, Perbadanan Bekalan Air Pulau Pinang Sdn Bhd, Syarikat Bekalan Air Selangor Sdn Bhd, Syarikat Air Terengganu Sdn Bhd, Syarikat Air Melaka Sdn Bhd, Syarikat Air Negeri Sembilan Sdn Bhd, Syarikat Air Darul Aman Sdn Bhd, Pengurusan Air Pahang Berhad, Lembaga Air Perak, Lembaga Air Kuching and Lembaga Air Sibu.
« Older posts Newer posts »

© 2024 PKF AvantEdge

Up ↑