Compliance to personal data protection principles: A study of how organizations frame privacy policy notices

Hui Na Chua, Anthony Herbland, Siew Fan Wong, Younghoon Chang

Research output: Contribution to journalArticlepeer-review

23 Citations (Scopus)

Abstract

This study examines how organizations in Malaysia frame their privacy policy notice to comply with the Personal Data Protection Act (PDPA, 2010) and if these organizations differ in their level of compliance and the readability of their privacy notices. We collected the online privacy polices of 306 organizations from 12 sectors to assess their readability and compliance with PDPA requirements. The results show that private-owned organizations have higher compliance level compared to public-owned organizations. Sectors that hold more personal sensitive data obtain higher compliance scores. Non-governmental organizations demonstrate higher compliance level compared to government-owned organizations. Despite differences in the compliance scores, most organizations fail to meet the requirements of the PDPA. Our study also reveals that readability has a negative correlation with the compliance score because simple and shorter version of the privacy policies often lack detailed information. Our findings provide valuable insights into organizations’ privacy policy compliance across different sectors in Malaysia. Specifically, the Malaysian authority should implement more effective mechanisms to enforce the compliance of the PDPA. Organizations should also take corrective actions to improve the compliance scores of their online privacy policies.
Original languageEnglish
Pages (from-to)157-170
Number of pages14
JournalTelematics and Informatics
Volume34
Issue number4
Early online date20 Jan 2017
DOIs
Publication statusPublished - 1 Jul 2017

Keywords

  • personal data protection act
  • privacy policy
  • compliance
  • personal data
  • information privacy

Fingerprint

Dive into the research topics of 'Compliance to personal data protection principles: A study of how organizations frame privacy policy notices'. Together they form a unique fingerprint.

Cite this