Category

Connection data

Universiti Malaya employs a robust and strategic approach with regards to data connection and management. The University meticulously collect and securely store critical information such as IP addresses, system logs, and various other ICT-related data. This practice is essential not only for efficient troubleshooting of ICT-related issues but also forms the backbone of our cybersecurity strategies. Through diligent analysis of this data, we proactively identify and address technical challenges, ensuring a seamless and secure technological environment for our community. Furthermore, this data is instrumental in continuously strengthening our cybersecurity framework, thus protecting the institution's and our students' digital integrity against the ever-evolving landscape of cyber threats.

---

Purpose

Education

Data stored at Universiti Malaya is govern by the Malaysian Act 709 and the Universiti Malaya Privacy Policy.

Lawful bases in Malaysia: Personal Data Protection Act 2010 [Act 709], Reference (as of 14 Jan 2024): HERE

Retention period

5 years

Lawful bases
Consent (GDPR Art. 6.1(a))	The data subject has given consent to the processing of his or her personal data for one or more specific purposes
Contract (GDPR Art. 6.1(b))	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legal obligation (GDPR Art 6.1(c))	Processing is necessary for compliance with a legal obligation to which the controller is subject

Sensitive personal data processing reasons
Protection of vital interests (GDPR Art. 9.2(c))	Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Category

Connection data

Universiti Malaya employs a robust and strategic approach with regards to data connection and management. The University meticulously collect and securely store critical information such as IP addresses, system logs, and various other ICT-related data. This practice is essential not only for efficient troubleshooting of ICT-related issues but also forms the backbone of our cybersecurity strategies. Through diligent analysis of this data, we proactively identify and address technical challenges, ensuring a seamless and secure technological environment for our community. Furthermore, this data is instrumental in continuously strengthening our cybersecurity framework, thus protecting the institution's and our students' digital integrity against the ever-evolving landscape of cyber threats.

---

Purpose

Education

Data stored at Universiti Malaya is govern by the Malaysian Act 709 and the Universiti Malaya Privacy Policy.

Lawful bases in Malaysia: Personal Data Protection Act 2010 [Act 709], Reference (as of 14 Jan 2024): HERE

Retention period

5 years

Lawful bases
Consent (GDPR Art. 6.1(a))	The data subject has given consent to the processing of his or her personal data for one or more specific purposes
Contract (GDPR Art. 6.1(b))	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legal obligation (GDPR Art 6.1(c))	Processing is necessary for compliance with a legal obligation to which the controller is subject

Sensitive personal data processing reasons
Protection of vital interests (GDPR Art. 9.2(c))	Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Category

Educational Data & Records of Attainment

Privacy Data in SPeCTRUM, particularly Educational Data and Records of Attainments encompassing assessed coursework, exam scripts, and results of exams and assessments, is executed with the utmost precision and care. The University under the Academic Development and Enhancement Centre (ADEC) and the ICT Department (JTM), are tasked with defining clear purposes for the processing of this data, as well as establishing specific retention periods, which are meticulously recorded in our data registry. The longevity of data retention is carefully tailored to the nature of the data; for example, student assessment submissions and records of qualifications awarded are retained indefinitely as a testament to student accomplishments. In contrast, more transient data like forum posts are securely stored up to a duration of 48 months post-graduation. Findings analysed from the generated data may also be used by the University, to develop better standard of teaching and approaches in modern education scenario.

---

Purpose

Education

Data stored at Universiti Malaya is govern by the Malaysian Act 709 and the Universiti Malaya Privacy Policy.

Lawful bases in Malaysia: Personal Data Protection Act 2010 [Act 709], Reference (as of 14 Jan 2024): HERE

Retention period

5 years

Lawful bases
Consent (GDPR Art. 6.1(a))	The data subject has given consent to the processing of his or her personal data for one or more specific purposes
Contract (GDPR Art. 6.1(b))	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legal obligation (GDPR Art 6.1(c))	Processing is necessary for compliance with a legal obligation to which the controller is subject

Sensitive personal data processing reasons
Protection of vital interests (GDPR Art. 9.2(c))	Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Category

Connection data

Universiti Malaya employs a robust and strategic approach with regards to data connection and management. The University meticulously collect and securely store critical information such as IP addresses, system logs, and various other ICT-related data. This practice is essential not only for efficient troubleshooting of ICT-related issues but also forms the backbone of our cybersecurity strategies. Through diligent analysis of this data, we proactively identify and address technical challenges, ensuring a seamless and secure technological environment for our community. Furthermore, this data is instrumental in continuously strengthening our cybersecurity framework, thus protecting the institution's and our students' digital integrity against the ever-evolving landscape of cyber threats.

---

Purpose

Education

Data stored at Universiti Malaya is govern by the Malaysian Act 709 and the Universiti Malaya Privacy Policy.

Lawful bases in Malaysia: Personal Data Protection Act 2010 [Act 709], Reference (as of 14 Jan 2024): HERE

Retention period

5 years

Lawful bases
Consent (GDPR Art. 6.1(a))	The data subject has given consent to the processing of his or her personal data for one or more specific purposes
Contract (GDPR Art. 6.1(b))	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legal obligation (GDPR Art 6.1(c))	Processing is necessary for compliance with a legal obligation to which the controller is subject

Sensitive personal data processing reasons
Protection of vital interests (GDPR Art. 9.2(c))	Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Purpose

Retention period

No retention period was defined

Purpose

Retention period

No retention period was defined