Malaysia: Introduces New Cybersecurity Guidelines to Strengthen Communications Sector

Written By Jerry Sin

The Malaysian Communications and Multimedia Commission (“MCMC”) has unveiled new cybersecurity guidelines to enhance the safety and resilience of the country’s communications and multimedia industry. These guidelines aim to improve how service providers manage information and network security, which was officially announced on 8 December 2024.

Who It Applies To

The guidelines are directed at all service providers within the communications and multimedia sector unless explicitly exempted by the MCMC.

Key Focus Areas

The guidelines cover several important areas, including:

  • Security Governance: Strengthening how companies manage security processes.

  • Infrastructure Protection: Safeguarding physical and digital networks.

  • Consumer Protection: Ensuring user data is handled responsibly.

  • Reporting to MCMC: Clear rules for notifying authorities about incidents.

  • Assisting Investigations: Helping in the prevention and investigation of cyber offenses.

Consumer Data Protection Rules

Service providers are required to:

  • Obtain consent before collecting, using, or sharing customer information.

  • Provide services only on an opt-in basis.

  • Refrain from sharing personal data with parties outside Malaysia without the explicit consent of the customer and approval from Malaysian authorities.

When Do These Guidelines Take Effect?

Currently, the guidelines are considered a framework of best practices and are not mandatory. However, MCMC may enforce them in the future on a date it decides.

For more details, you can view the press release, officially published here (only available in Malay)

Jerry Sin
Previous

China: Issue New Rules for Safer Data Collection in Smart Vehicles
Next

Japan: AISI Highlights Differences in AI Risk Management Approaches by NIST and Japan