Privacy under threat? Experts scrutinise Malaysia's new data law

Malaysia's Data Sharing Act: A double-edged sword?

30 Apr 2025 08:53pm
The legislation facilitates seamless sharing of data among government agencies, but its implementation raises concerns about breaches of sensitive personal and government information, unauthorised access and the misuse of shared data. - Photo for illustration purpose only/Illustrated by Sinar Daily
The legislation facilitates seamless sharing of data among government agencies, but its implementation raises concerns about breaches of sensitive personal and government information, unauthorised access and the misuse of shared data. - Photo for illustration purpose only/Illustrated by Sinar Daily

SHAH ALAM - Malaysia’s Data Sharing Act 2025, recently introduced to enhance digital collaboration within the public sector, promises significant advancements in governance and efficiency.

However, cybersecurity experts warn that this legislative milestone comes with heightened risks to data security and privacy, necessitating robust safeguards to prevent potential exploitation.

Experts highlight several best practices to ensure the effective implementation of the Data Sharing Act 2025. - Photo illustrated by Sinar Daily
Experts highlight several best practices to ensure the effective implementation of the Data Sharing Act 2025. - Photo illustrated by Sinar Daily

CyberSecurity Malaysia Chief Executive Officer Datuk Dr Amirudin Abdul Wahab said this Act is a critical step forward in enabling data-driven decision-making and fostering inter-agency collaboration.

"However, it also expands the attack surface where data sharing between agencies creates vulnerabilities and exposed to attack especially targeting interconnected system," he said to Sinar Daily.

According to him, the legislation facilitates seamless sharing of data among government agencies, but its implementation raises concerns about breaches of sensitive personal and government information, unauthorised access and the misuse of shared data.

Amirudin noted that risks include exploitation of third-party platforms and challenges in monitoring data management handled by external vendors.

"To mitigate these challenges, the Data Sharing Act 2025 integrates several safeguards. All agencies must implement appropriate technical and organisational controls, including encryption, access controls and audit trails.

Related Articles:

"The National Data Sharing Committee reviews all data sharing requests to assess security readiness and compliance," he added.

He also highlighted the penalties for non-compliance are severe, with unauthorised disclosure or misuse of data punishable by fines of up to RM1 million or five years’ imprisonment, or both.

Additionally, he said agencies must report data incidents promptly and undertake remedial actions aligned with national cybersecurity policies. Collaboration with key entities like CyberSecurity Malaysia further strengthens the framework to manage risks effectively.

Amirudin further stressed the importance of these measures, stating that without these safeguards, the potential benefits of inter-agency collaboration could be overshadowed by catastrophic breaches that undermine public trust.

The Act’s implications extend beyond the public sector. Cybersecurity expert and Universiti Sains Islam Malaysia (USIM) lecturer Emeritus Professor Datuk Dr Mohamed Ridza Wahiddin Pusat Tamhidi noted that while the legislation primarily governs government agencies, it indirectly affects the private sector due to the interconnected nature of data ecosystems.

"Big data is central to the advancements we see in artificial intelligence and analytics today. The Data Sharing Act 2025 broadens the governance of data beyond what is outlined in the Personal Data Protection Act (PDPA) 2010.

"While the PDPA focuses on personal data, this Act encompasses a wider scope of governance, including compliance and regulation of shared data between agencies, which can often involve private entities," he said.

He further emphasised the importance of adopting international standards like ISO/IEC 27001 Information Security Management System to ensure data security and compliance under the new framework.

Despite its promise, Mohamed Ridza said the Act presents several hurdles. These include potential conflicts with existing privacy laws like the PDPA, administrative complexities in ensuring seamless data exchange between agencies using different systems and the need for effective data anonymisation to protect individuals’ privacy.

Experts suggest several best practices to ensure the effective implementation of the Act. Data minimisation—sharing only what is necessary for specific purposes—can help reduce exposure.

Encryption, role-based access controls, and multifactor authentication are critical technical measures to prevent unauthorized access.

Training personnel on cybersecurity protocols, maintaining audit trails to monitor data access, and conducting regular security assessments further enhance the resilience of data-sharing systems.

Legal agreements that define the scope, duration, and responsibilities of data-sharing arrangements are also essential to ensure accountability and prevent misuse.

The Data Sharing Act 2025 symbolises Malaysia’s commitment to embracing digital transformation while prioritising data security and privacy.

As public sector agencies adapt to this framework, close collaboration with cybersecurity experts and ongoing assessment of risks will be vital to maintaining the integrity of shared data.

----------------------------------------

SHAH ALAM - The recently introduced Malaysia’s Data Sharing Act 2025 aims to boost digital collaboration within the public sector, promising significant improvements in governance and efficiency.

However, cybersecurity experts cautioned that this legislative advancement increases data security and privacy risks, requiring strong safeguards against potential exploitation.

CyberSecurity Malaysia Chief Executive Officer (CEO) Datuk Dr Amirudin Abdul Wahab said this Act marked a crucial step forward in enabling data-driven decision-making and fostering inter-agency collaboration.

"However, it also broadens the attack surface. Data sharing between agencies creates vulnerabilities and exposes interconnected systems to attacks," he told Sinar Daily.

According to him, while the legislation streamlines data sharing among government bodies, its implementation raises concerns about breaches of sensitive personal and government information, unauthorised access and the misuse of shared data.

Amirudin pointed out that risks include exploiting third-party platforms and difficulties monitoring data management by external vendors.

"To address these challenges, the Data Sharing Act 2025 incorporates several safeguards. All agencies must implement appropriate technical and organizational controls, including encryption, access controls and audit trails.

"The National Data Sharing Committee reviews all data sharing requests to assess security readiness and compliance," he added.

He also stated that penalties for non-compliance were severe. Unauthorised disclosure or misuse of data could result in fines up to RM1 million, imprisonment for five years, or both.

He added that agencies must promptly report data incidents and undertake remedial actions in line with national cybersecurity policies. Collaboration with key entities like CyberSecurity Malaysia further strengthens the framework for effective risk management.

Amirudin affirmed the importance of these measures, stating that without them, the potential benefits of inter-agency collaboration could be undermined by catastrophic breaches that erode public trust.

Meanwhile, cybersecurity expert and Universiti Sains Islam Malaysia (USIM) lecturer Emeritus Professor Datuk Dr Mohamed Ridza Wahiddin Pusat Tamhidi scrutinised that while the legislation primarily governs government agencies, it indirectly affects the private sector due to the interconnected nature of data ecosystems.

"Big data is central to the advancements in artificial intelligence and analytics today. The Data Sharing Act 2025 broadens data governance beyond the Personal Data Protection Act (PDPA) 2010.

"While the PDPA focuses on personal data, this Act encompasses a wider scope of governance, including compliance and regulation of shared data between agencies, which can often involve private entities," he said.

He further described the importance of adopting international standards like ISO/IEC 27001 Information Security Management System to ensure data security and compliance under the new framework.

Despite its promise, Ridza indicated that the Act presents several hurdles. These include potential conflicts with existing privacy laws like the PDPA, administrative complexities in ensuring seamless data exchange between agencies using different systems and the need for effective data anonymisation to protect individuals’ privacy.

Experts highlight several best practices to ensure the effective implementation of the Data Sharing Act 2025.

A key principle is data minimisation—sharing only the information necessary for specific purposes—to limit unnecessary exposure.

On the technical front, encryption, role-based access controls and multifactor authentication are critical tools to safeguard data from unauthorised access.

Equally important is ensuring that personnel are well-trained in cybersecurity protocols.

Maintaining audit trails to track data access and conducting regular security assessments further strengthen the resilience of data-sharing systems.

In addition, clear legal agreements that define the scope, duration and responsibilities of data-sharing arrangements are essential to uphold accountability and prevent misuse.

Download Sinar Daily application.Click Here!

DATA SHARING ACT 2025
MALAYSIA DATA SECURITY
DATA PROTECTION
CYBERSECURITY CHALLENGES
MALAYSIA
GOBIND SINGH
DIGITAL MINISTRY
GOVERNMENT
FRAMEWORK
Cybersecurity
data sharing
online
security
Governance

More Like This
Photo for illustration purpose only.
Photo for illustration purpose only.
Deep Dive Explainer: Everything we know about the discovery of six skeletons in Skudai plantation
By KOUSALYA SELVAM
03 Feb 2026 06:11pm
This grim find has finally revealed the fate of a family of five who had been reported missing previously.
A 20-second video that went viral on social media appears to show a male e-hailing driver attempting to touch a young female passenger seated in the rear of the vehicle while asking for her age in Mandarin.
A 20-second video that went viral on social media appears to show a male e-hailing driver attempting to touch a young female passenger seated in the rear of the vehicle while asking for her age in Mandarin.
Deep Dive What we know about the e-hailing sexual harassment case in Johor
By Sinar Daily Reporter
03 Feb 2026 05:35pm
The PSV licence of the driver involved has been cancelled with immediate effect.
The victim, Zaharullail Basir, was found dead inside her home at Taman Sultan Abdul Halim, Jalan Tanjung Bendahara, Alor Setar.
The victim, Zaharullail Basir, was found dead inside her home at Taman Sultan Abdul Halim, Jalan Tanjung Bendahara, Alor Setar.
Deep Dive Explainer: What we know about the killing of a bank executive in Alor Setar
By KOUSALYA SELVAM
03 Feb 2026 11:07am
The victim, Zaharullail Basir, was found dead inside her home at Taman Sultan Abdul Halim, Jalan Tanjung Bendahara, Alor Setar.
Police previously launched an investigation after Nawal, 23, was reported missing on Tuesday, Jan 27, after she was last seen at a condominium near Jalan Professor Diraja Ungku Aziz, Section 14, Petaling Jaya.
Police previously launched an investigation after Nawal, 23, was reported missing on Tuesday, Jan 27, after she was last seen at a condominium near Jalan Professor Diraja Ungku Aziz, Section 14, Petaling Jaya.
Deep Dive Explainer: What happened in the case of missing UM student Nawal Shahirah
By SHARIFAH SHAHIRAH
02 Feb 2026 10:52am
Authorities reminded the public to approach the matter with sensitivity.