Virtual Compliance for Businesses in Malaysia
Updated: Apr 20, 2021
Businesses in Malaysia continuously feel the heat from the COVID-19 pandemic and Movement Control Orders (MCOs). However, this situation has also created opportunities for businesses to thrive online.
In making the transition from offline to online or maintaining the presence in both physical and virtual world, there are various laws that one should adhere to.
Here, we address what it means to be virtually compliant in Malaysia, focusing on aspects such as content and data.
What is Virtual Compliance?
Compliance in business means adhering to a rule, such as a policy, standard, specification, or laws governing the business's operations. Virtual compliance is adhering to the aforementioned in the virtual world. Various laws surround content and data in Malaysia.
Personal Data Protection Compliance
Naturally, you will collect your customers and users’ data as they use your tools and services. You will also collect data from employees at your place of business.
How you use and store the data is essential to ensure you are compliant with laws regulating personal data.
Firstly, what constitutes personal data? We break it down into two categories namely employee information and customer information.
IC number/ passport number
Driver's license/ birth certificate
Bank account numbers
Home address/ personal phone numbers
Sensitive Personal Data:
IC number, passport number
Personal phone number
Home address/ email address
Bank account numbers
Sensitive Personal Data:
In Malaysia, we are regulated by the Personal Data Protection Act 2010 (PDPA). The Act controls the processing of personal data for commercial purposes.
It does this by spelling out the duties throughout the data lifecycle and setting up data management standards. The Act is also put in place to help identify data risks, improve security measures, and promote data integrity.
Which industries does PDPA apply to?
Essentially, PDPA applies to all industries. The only exceptions are for the following bodies, persons and usage:
Federal & States Government
Personal, Family, Household Affairs Data
Processed Outside of Malaysia
Non-Commercial Transactions (for example, data shared on social media sites)
Credit Reporting Agencies
To ensure you adhere to PDPA, you must keep your security standards in check; update your systems and anti-virus software to prevent data intrusion, control who has access to customers and employees’ personal data and keep a record of personal data that are transferred offline, such as through mail, fax or hand-delivery.
Do also ensure that you only retain data for the period you are required to. For example, data needed for Income Tax only needs to be retained for seven-year as per the Income Tax Act 1967.
Finally, keep your data integrity up to standards by ensuring that you notify customers and employees of any personal data updates immediately. Most importantly, get their consent before utilising the personal data.
When you operate a website, you must be aware of the Communications and Multimedia Act 1998 (CMA) to regulate your post's content.
The CMA governs content that is being posted on multimedia channels, including websites. CMA prohibits content that is, in essence, indecent, obscene, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass any person. The following guidelines and procedures are set in order to assist compliance with the Act through self-regulation.
Indecent content covers offensive content, morally inappropriate content, and content against current acceptable behaviour standards. Importantly, nudity and sex cannot be shown unless approved by the Film Censorship Board.
Obscene content is content that is lewd and offensive to one's prevailing notion of decency and modesty. These types of content are prohibited in fear the showcase of them may negatively influence and corrupt the mind of those easily influenced. Specific regards are held to:
Explicit Sex Acts/Pornography
The portrayal of sexual activity, sex crimes, bestiality through animation and whether consensual or otherwise, is prohibited.
Any depiction of child pornography, including part of a minor's body in what might be reasonably considered a sexual context, is prohibited. This includes written material, visual and/or audio representation that reflects sexual activity, whether explicit or not, with a minor.
Prohibition for the portrayal of women, men or children as mere sexual objects or in a manner that demeans them.
Psychological and psychical violence or incitement to violence should be portrayed responsibly and not exploitatively. Presentation of violence must avoid the excessive, the gratuitous, the humiliating, and the instructional. Particular care should be exercised where children may see or be involved in depicting violent behaviour. Specific considerations are as follows:
The portrayal of violence that can cause upset, alarm and offend viewers and cause undue fear among the audience.
The portrayal of dangerous behaviours that may be imitated in real life.
Graphic representations of sexual violence, including rape, attempted rape, non-consensual sex acts, and violent sexual behaviour, are not allowed.
Violence and young, vulnerable audiences
Special consideration must be placed towards the susceptibility of younger audiences, particularly those impressionable minds.
Menacing content is content that threatens harm or evil, encourages or incites crime, or leads to public disorder. Hate propaganda and information that may threaten national security or public health and safety are also not to be presented.
Bad language, including expletives and profanity, is prohibited due to its offensive nature. Bad language includes the following:
False content, misleading content and incomplete information are prohibited except satire and parody content or where it is apparent to an ordinary user that the content is fiction.
Women and men should be portrayed without discrimination, as equals in economic and emotional capacity, and in both public and private situations. Notwithstanding societal discrimination, content should reflect an awareness of the need to avoid and overcome biased portrayals based on gender.
Persons with Special Needs
Humour based on physical, mental or sensory disability is risky, thus should be avoided. Reference to a disability should be portrayed in a neutral context, without prejudice.
The PDPA comes into play here again, and the privacy of individuals should be respected. No content should be imposed into a person's privacy unless required by law and/or necessary in the interest of the public, including but not limited to Section 15 of the Child Act 2001 regarding a child's privacy.
Advertising and Promotions
Part and parcel of running a business is advertising and promotion. Section 3.1 of the Content Code addresses principles that one should follow when advertising:
All advertisements must conform with this part and to the general guidelines on content.
All advertisements should be legal, decent, honest and truthful.
All advertisements should be prepared with a sense of responsibility to consumers and society.
All advertisements should respect the principles of fair competition generally accepted in business.
It is common for businesses now to offer giveaways or free products as means to encourage more traffic to their social media and websites as well as another form of advertising.
In making a free offer conditional on the purchase of other items, the material featuring the offer must clearly state consumers' liability for any costs.
An offer should be described as free only if consumers pay no more than the following:
Current public rates of postage.
Actual cost of freight or delivery.
Costs, including incidental expenses, of any travel involved if consumers collect the offer.
Advertisers should make no additional charges to consumers for packing and handling.
Virtual compliance for your business is essential to ensure you are lawfully running your business. You can also protect yourself from accidental breaches or losing your business over non-compliance. While this article addresses some main parts, there is a broad spectrum in virtual compliance. It is best you seek a lawyer who will be able to advise you better concerning your particular industry and business itself.
Note: This article does not constitute legal advice to any specific case. The facts and circumstances of each case will differ and, therefore, will require specific legal advice. Feel free to contact us for complimentary legal consultation.