Digital and Cyber Laws (HS 101)

2. Introduction to
Cyber Laws in
Malaysia
Introduction
• The Nature of Cyberspace
“Previously people considered cyberspace as a
consensual hallucination that felt and looked like a
physical space but was actually a computer
generated construction representing abstract data.
People could plug into data systems and networks
and have the sense they were actually entering a
place that had no correlation in physical reality. In
this setting, people carried out business
transactions, communicated with one another,
worked, played and as they have done in every
other place they had occupied, broke the law.”
- Neuromancer , Gibson.W (1984)
• In short, the term “ cyber space” refers to the internet and the
computer network
• Cyber law for example, governs the matters in relation to the
cyber space.
Definition of Law

“A body of enforcement rules governing

relationships among individuals and
between individuals and their society.”
Definition of cyber Law
• Literal definition: Cyber laws refer to any laws relating to
protecting the Internet and other online communication
technologies.
Classifications of Law (based on type of
law)
• Substantive Law & Procedural Law
– Substantive Law :
Law that defines, describes, regulates, and creates legal rights and
obligations.

– Procedural Law :
Law that establishes the methods of enforcing the rights established by
the substantive law.

Acts/statutes can be divided into substantive and procedural

– Example of substantive act: Malaysian Penal Code, Computer Crimes Act
– Example of procedural act: Criminal Procedural Code, Rules of Court.
Classifications of Law (based on nature
of law)
• Private & Public Law
– Private Law :
governs relationship between one individual with another
individual.
– The main goal is to claim for compensation
– E.g : Law of Contract, Law of Tort, etc.

– Public Law :
governs relationship between an individual and society.
– The main goal is to punish the wrongdoer.
– E,g : Criminal Law
 Cyber law in general..
• Cyber Law is not really a classification of law. It is an informal
term used to describe how traditional classification of law,
such as civil law and criminal law are being applied to online
activities.
– E.g : Cyberspace contracting – Law of Contract (so it is a private law)
– : defamation in social media – law of tort (so it is a private law)*

– Cyber terrorism – Criminal Law ( so it is public law)

• In other words, cyber law may fall under both classification of

law, i.e: private law and public law

• Cyber law is also known as computer law or IT law.

 *Example of legislations related to
defamatory offence

Defamation

Criminal Civil
Defamation. Defamation.

The Penal The

Sedition Malaysian
Code. Act 1948. Defamation The Rules
Communica Act 1957. of the High
(section (section tion and
499 & 500) Court 1980.
3&4) Multimedia
Act 1998. (Order-78)
(se 211&
233)
Needs for cyber law
1.Integrity and 2.Security of
Security of Government
Information Data
CYBER
LAW
5.Legal Status 3.Intellectual
of Online 4.Privacy and Property
Transactions Confidentially Rights
of Information
Examples of cyber law
acts/statutes/legislations
• Digital Signature Act 1997
• Telemedicine Act 1997
• Communication and Multimedia Act 1998
• Computer Crimes Act 1997
• Personal Data Protection Act 2010
Digital Signature Act 1997

• Secures electronic communications especially on

the internet.
• Digital Signature is an identity verification standard
using encryption techniques to protect against e-
mail forgery. The encrypted code consists of the
user’s name and a hash of all the parts of the
message.
• By attaching the digital signature, one can ensure
that nobody can eavesdrop, intercept or temper
with transmitted data. By doing so, a more secure
and safe electronic communication could be
done.
The Digital Signature Act 1997 cont’d..
• Enforced on the 1st October 1998, this act is an
enabling law that allows for the development of,
among others, e-commerce by providing an avenue
for secure and legally recognized on-line transaction
through the use of digital signatures. The Act provides a
framework for the licensing and regulation of
Certification Authorities, and the recognition of digital
signatures as a means of authenticating and ensuring
the integrity of electronic documents
Computer Crimes Act 1997

• Protection against the misuses of computers and computer

criminal activities are ensured by the Computer Crimes Act 1997.
Such as unauthorized use of programs, illegal transmission of
data or messages over computers and hacking and cracking of
computer systems and networks are banned by this law,
therefore to those who disobey this law can be charged on the
court.
• By implementing the Computer Crimes Act 1997, computer users
can now protect their rights to privacy and build trust in the
computer system. On top of that, this act also enable the
government to track the illegal activities, thus reducing the
cyber crimes cases.
The Computer Crimes Act 1997 cont’d..
• The Act penalizes various activities relating to the
misuse of the computers. Amongst other things, it deals
with unauthorized access to computer material,
unauthorized access with intent to commit other
offences and unauthorized modification of computer
contents. It also makes provisions to facilitate
investigations for the enforcement of the Act. The
Computer Crimes Act 1997 was brought into effect on
the 1st June 2000.
Telemedicine Act 1997

• In Telemedicine Act 1997 stated that only qualified medical

practitioners can use telemedicine and that their patient's rights
and interests are protected.
• This act provides the future development and delivery of
healthcare in Malaysia. In other word, it is used to ensure all
activities done through telemedicine are safe and not risky.
The Telemedicine Act 1997 cont’d..
• The Act provides a framework enabling licensed medical
practitioners to provide telemedical services using audio, visual
and data communications.
Communication and Multimedia Act
1998
• By the implementation of Communication and
Telecommunication Act 1998 ensures that information is secure,
the network is safe, reliable and the service is affordable all over
Malaysia. In Malaysia, you can also use this act for any cases
regarding your internet service provider and see whether they
got accused of part of this law.
• This act also ensures high level of user's confidence in the
information and communication technology industry.
The Communications and Multimedia Act
1998 cont’d..
• The Act which came into effect on the 1st April 1999,
provides a regulatory framework to cater convergence
of the communications, broadcasting and computing
industries, which the objective of, amongst other things,
making Malaysia a major global hub for
communications and multimedia information and
content services. The Act repealed the
Telecommunications Act 1950 and the Broadcasting
Act 1988.
Personal Data Protection Act
2010

•On 15 November 2013, the Personal Data Protection

Act 2010 (PDPA) was Gazetted to come into force. This
Act regulates all companies who process personal
data in commercial transactions.
What is personal data?
Any data which can identify a person is
considered personal data. There are 2
categories of personal data as follows:
Personal Data Sensitive Personal Data
 Name  Physical health or condition
 Address  Mental health or condition
 Tel No  Political views
 Email  Religious or other similar
beliefs
 Gender
 Criminal records
 Date of birth
 Any other information deemed
 Photos
by the Minister to be sensitive
 Videos, etc personal data
7 Principles of Personal Data
Protection under the PDPA
1. General Principle
Person whose data is to be
processed must consent.
3. Disclosure Principle
Personal data cannot be used
except for purpose stated, and
cannot be disclosed except to
disclosed third parties.
2. Notice and Choice Principle
Person must be notified his
personal data will be processed
and how. He must also be
given the choice to limit the
right to process.
4. Security Principle
Companies must have sufficient
steps and procedures to protect
personal data from loss,
misuse, modification,
unauthorised access or
disclosure, alteration or
destruction.
Principles of Personal Data
Protection (2)
5. Retention Principle 6. Data Integrity Principle
Personal data cannot be Companies must take reasonable
kept longer than steps to ensure personal data
necessary, and must be is accurate, complete, not
destroyed or permanently
deleted if no longer misleading and kept updated.
required.

And finally,
7. Access Principle
Any person must be permitted access to his own personal data and be
entitled to correct any inaccurate, incomplete or misleading
information of himself.
The emergence of cyber law in Malaysia

• Malaysia has created the Multimedia Super Corridor (MSC) to

bring together an integrated environment with all the unique
elements and attributes necessary to create the perfect
Multimedia climate.
Regulatory Authorities
• Bank Negara – National Multipurpose Cards, e-business.
• Ministry of Education – Smart schools / Research &
Development (R&D) cluster.
• Ministry of Health – Telemedicine / telehealth.
• Ministry of Science, Technology & Environment – R&D
cluster.
• Ministry of International Trade & Industry –
technopreneur development, e-commerce.
• Multimedia Development Corporation (MDC)
– as the agency to spearhead the development
and implementation of the MSC.
– facilitate the establishment of any company
operations within the MSC, the MDC serves as the
facilitator.
– actively assists government to pioneer, develop
and update cyber laws, formulate policies and
modify practices to provide a sound framework
for the MSC.