Malaysia: Personal Data Protection Regulations 2013 entered into force

On 15 November 2013, the Personal Data Protection Regulations 2013 entered into force. The regulations are based on section 143 of the Personal Data Protection Act 2010 (Act 709) and specify the data protection principles set forth therein. In particular, the regulations provide details on the collection of the consent of a data subject, the details of the data user provideable under the Notice and Choice Principle, what information must be disclosed under the Disclosure Principle as well as the need to develop and implement a security policy as described by the Security Principle. Further, the regulations set the standards for the retention time and data integrity and provide additional information on the data access request, the refusal thereof, the receipt of a data correction request and penalties. Lastly, the regulations specify the handling of inspections and enforcement notices.