The Personal Data Protection (PDP) Act 2010 (“the Act”) was passed by the Parliament of Malaysia for the purpose of regulating the processing of personal data in commercial transactions.
The Act permits the formation and designation by the Commissioner of data user forums, and the preparation of codes of practice for specific sectors/industries.
This Code of Practice is specific to the person/parties licensed in Malaysia that are engaged in the banking and financial sector of Malaysia, namely all banks financial institutions licensed under the Financial Services Act 2013, the Islamic Financial Services Act 2013 and the Development Financial Institution Act 2002, and has been developed by The Association of Banks in Malaysia (ABM) as the duly appointed Data User Forum for the banking and financial sector, with the participation and assistance of the Malaysian Investment Banking Association (MIBA), the Association of Islamic Banking Institutions Malaysia (AIBIM), and the Association of Development Finance Institutions of Malaysia (ADFIM).
1. Set minimum standards of conduct in respect of personal data that are expected of Data Users;
2. Stipulate measures to be deployed by Data Users in order to ensure that the processing of personal data does not infringe a Data Subject’s rights under the Act;
3. Stipulate matters for the consideration of Data Users in order to ensure that the risk to the personal data of Data Subjects is minimised; and
4. Establish the administrative framework to oversee and enforce compliance of Data Users with this Code.