Malaysia has introduced a new mechanism for sanctioning data protection breaches. Under section 132 of the Personal Data Protection Act 2010 supplemented by the Personal Data Protection (Compounding of Offences) Regulations 2016 (“the Regulations”), enacted on 16 March 2016, certain data protection offences may be “compounded” instead of being formally prosecuted. In other words, offenders may be given the option to pay a certain amount of money and in return no prosecution will be instituted…

Malaysia’s data protection law, still in its infancy, is set to take some noteworthy next steps. These come in the form of mandatory minimum standards with regard to data security, data retention and data integrity which the Malaysian Data Protection Commissioner is expected to issue later this year. The standards will likely provide private sector organisations subject to the Malaysian Personal Data Protection Act (the “PDPA”) with much-needed guidance on how to comply with their…