Malaysia: Implemented Personal Data Protection Act 2010 (Act 709) including cybersecurity regulation

On 15 November 2013, the Personal Data Protection Act 2010 (Act 709) entered into force. The Act contains regulations concerning cybersecurity in Section 9. Specifically, the Act tasks the data user, or the data processor if the data processing is carried out by such a data processor on behalf of the data user, with protecting the personal data against loss, misuse, modification, unauthorised access or disclosure, alteration or destruction. The Act requires practical measures and steps relating to the storage place of the data and related equipment, the personnel with access and the secure transfer of data. For data processors, the Act further states that sufficient technical and organisational measures must be in place and that the data processor must take reasonable steps to be compliant with these.