Malaysia legislation
Section 9
Section 9
(a)
to the nature of the personal data and the harm that would result from such loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction;
(b)
to the place or location where the personal data is stored;
(c)
to any security measures incorporated into any equipment in which the personal data is stored;
(d)
to the measures taken for ensuring the reliability, integrity and competence of personnel having access to the personal data; and
(e)
to the measures taken for ensuring the secure transfer of the personal data.
(2)
Where processing of personal data is carried out by a data processor on behalf of the data user, the data user shall, for the purpose of protecting the personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction, ensure that the data processor—
(a)
provides sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out; and
(b)
takes reasonable steps to ensure compliance with those measures.
Act 709
Retention Principle