The Top 5 Things You Need to Know About the Data Sharing Act 2025

Introduction: Understanding the Data Sharing Act 2025

The Data Sharing Act 2025 (Act 864) introduces a structured legal framework for data exchange between Malaysian public sector agencies. Enacted on 5 February 2025 and gazetted on 20 February 2025, the Act aims to improve government efficiency, transparency, and data security while safeguarding confidential and sensitive information.

This article explores five key aspects of the Data Sharing Act 2025, including its scope, governance framework, data-sharing process, penalties, and impact on businesses.

1. Purpose and Scope of the Data Sharing Act 2025

The Data Sharing Act 2025 regulates how government agencies request, process, and share data among themselves. Under section 12(1), a public sector agency may request data from another agency for the following purposes:

• Enhancing government service delivery (s. 13(a))
• Reducing public safety risks (s. 13(b))
• Responding to national emergencies (s. 13(c))
• Supporting public interest initiatives (s. 13(d))

This Act does not apply to private sector businesses, but companies working with public sector data must comply with relevant privacy and security obligations. The law also aligns with the Official Secrets Act 1972, ensuring that classified government data is handled securely (s. 4(3)).

2. The National Data Sharing Committee (NDSC)

To regulate and oversee the implementation of the Act, the National Data Sharing Committee (NDSC) was established under section 5(1).

Key Responsibilities of the NDSC (s. 6)

• Developing policies and strategies for secure data sharing (s. 6(1)(a))
• Ensuring compliance with data security standards (s. 6(2)(b))
• Providing risk management frameworks for data handling (s. 6(2)(d))

Who is in the NDSC? (s. 5(2))

The committee includes:

• The Secretary General of the Ministry responsible for digital matters (Chairman)
• Representatives from all ministries
• The National Cyber Security Agency (NACSA)
• The Personal Data Protection Department (PDPD)
• The Chief Government Security Officer

The Director General of the National Digital Department serves as the Committee Secretary, ensuring operational efficiency and policy enforcement.

3. Data Sharing Procedures and Compliance Rules

The Data Sharing Act 2025 outlines a structured process for data-sharing requests and imposes strict compliance requirements.

How Does a Government Agency Request Data? (s. 12)

A formal request must include:

• A detailed description of the requested data
• The purpose of the request
• The public agencies involved (data provider and recipient)
• The proposed data handling and security measures

How Are Requests Evaluated? (s. 14)

Before approving a request, the data provider must assess:

1. Whether the request complies with the Act
2. Whether disclosure would compromise public interest
3. Whether the requesting agency has sufficient security safeguards

The agency must respond within 14 days (s. 14(2)). If additional time is required, a written explanation must be provided (s. 14(3)).

Reasons for Refusal (s. 15)

A public sector agency may refuse data sharing if:

• It endangers national security or law enforcement (s. 15(a))
• It violates legal confidentiality agreements (s. 15(d)(i))
• It poses a risk to individuals’ safety (s. 15(f))

These safeguards ensure that only legitimate and secure data-sharing requests are approved.

4. Penalties for Data Misuse and Privacy Violations

The Data Sharing Act 2025 enforces strict penalties for unauthorized data access, sharing, or misuse.

Key Data Protection Requirements (s. 16)

Both data providers and recipients must:

• Maintain detailed records of all data-sharing activities (s. 16(c))
• Implement security measures to prevent cyber threats (s. 16(b))
• Report unauthorized data breaches to the Director General (s. 16(d))

Third-Party Data Handling and Penalties (s. 17)

If a third party (e.g., a contractor or vendor) mishandles shared government data, penalties include:

• Fines up to RM1 million (s. 17(3))
• Imprisonment of up to five years (s. 17(3))

Unauthorized Use or Disclosure of Shared Data (s. 18)

Any government employee who misuses shared data faces:

• A fine of up to RM1 million (s. 18(2))
• Imprisonment of up to five years (s. 18(2))

To enhance compliance, the Act also imposes an obligation of secrecy on all public sector officers handling shared data (s. 23).

5. Impact on Businesses and the Digital Economy

While private businesses are not directly regulated under the Data Sharing Act 2025, companies in AI, financial services, and digital technology may see indirect benefits and challenges.

How Will Businesses Benefit?

• More government data access for AI innovation
• Improved collaboration between businesses and government agencies
• Stronger cybersecurity standards in public sector projects

How Should Businesses Prepare?

• Review compliance processes for government data-sharing contracts
• Ensure cybersecurity infrastructure meets government data-handling requirements
• Monitor third-party service providers to prevent data misuse

Government Perspective on Business Impact

According to Digital Minister Gobind Singh Deo, the Act will help position Malaysia as a regional hub for data-driven innovation (The Star, 18 February 2025).

Conclusion: The Future of Public Sector Data Governance in Malaysia

The Data Sharing Act 2025 is a significant milestone in Malaysia’s digital governance strategy. By introducing clear legal structures for data exchange, it promotes:

• Government efficiency
• Stronger data security and privacy
• Business innovation in AI and digital services

However, the Act also introduces strict compliance requirements and severe penalties, making secure data-handling practices essential for both public sector agencies and businesses working with government data.