On December 8, 2024, the Malaysian Communications and Multimedia Commission (MCMC) published guidelines on information and network security for the communications and multimedia industry, designed to improve information and network security and the resilience of the communications and multimedia industry (INSG).  

Scope

The guidelines apply to all service providers in the INSG unless exempted by the MCMC.

Recommendations

The guidelines provide recommendations in the following areas:

• information and network security governance;
• information and network infrastructure;
• information and network security;
• consumer protection;
• reporting and notifications to the MCMC; and
• prevention of offenses and investigation assistance.

Regarding consumer protection, the guidelines note that service providers must, among other things, not collect, use, retain, disclose, or advertise any customer's information unless the customer's consent is obtained or as permitted by law, and to provide the service based on an opt-in basis. Additionally, service providers shall not transfer, disclose, or provide access to personal data to any person or entity outside Malaysia without the prior written consent of the data subject and the approval of the relevant authorities of Malaysia.

Effective date

The MCMC noted that the guidelines serve as a best practice framework and are not mandatory yet, but can become mandatory on a date appointed by the MCMC.

You can read the press release, only available in Malay, here, and the guidelines here.