University of Hertfordshire

View graph of relations
Original languageEnglish
Number of pages14
Pages (from-to)157-170
JournalTelematics and Informatics
Journal publication date1 Jul 2017
Early online date20 Jan 2017
Publication statusPublished - 1 Jul 2017


This study examines how organizations in Malaysia frame their privacy policy notice to comply with the Personal Data Protection Act (PDPA, 2010) and if these organizations differ in their level of compliance and the readability of their privacy notices. We collected the online privacy polices of 306 organizations from 12 sectors to assess their readability and compliance with PDPA requirements. The results show that private-owned organizations have higher compliance level compared to public-owned organizations. Sectors that hold more personal sensitive data obtain higher compliance scores. Non-governmental organizations demonstrate higher compliance level compared to government-owned organizations. Despite differences in the compliance scores, most organizations fail to meet the requirements of the PDPA. Our study also reveals that readability has a negative correlation with the compliance score because simple and shorter version of the privacy policies often lack detailed information. Our findings provide valuable insights into organizations’ privacy policy compliance across different sectors in Malaysia. Specifically, the Malaysian authority should implement more effective mechanisms to enforce the compliance of the PDPA. Organizations should also take corrective actions to improve the compliance scores of their online privacy policies.


Hui Na Chua, Anthony Herbland, Siew Fan Wong, and Younghoon Chang, 'Compliance to personal data protection principles: A study of how organizations frame privacy policy notices', Telematics and Informatics, Vol. 34 (4): 157-170, July 2017, doi: © 2017 Elsevier Ltd. All rights reserved.

ID: 11121506