Malaysia: Implemented Personal Data Protection Act 2010 (Act 709) including data protection authority governance regulation

On 15 November 2013, the Personal Data Protection Act 2010 (Act 709) entered into force. The Act specifies that the Personal Data Protection Commissioner, as appointed by the Minister, is responsible for the implementation and enforcement of the personal data protection laws, including the implementation of policies and procedures. Further, the Act grants the Commissioner the power to carry out investigations of personal data systems. The Act also establishes an Appeal Tribunal which reviews any matters brought to it concerning the decisions of the Commissioner.