Unlocking The Value Of Data Why The Data Sharing Act 2025 Matters

---

 
IN the contemporary digital landscape, data serves not merely as a resource but as a cornerstone for innovation, informed decision-making, and economic advancement.
Acknowledging the significance and potential of data, Malaysia has enacted several progressive laws, including the Data Sharing Act 2025. This pivotal legislation regulates the sharing of data among public sector agencies.
Although its primary emphasis is on public institutions, the ramifications of this Act extend beyond, affecting all Malaysians and the broader private sector.
Improving public sector efficiency
A primary aim of the Data Sharing Act 2025 is to eliminate obstacles between government entities and foster collaboration driven by data.
The Act permits public sector organisations to formally solicit data from each other by detailing essential information, including the rationale for the request, the agencies involved, and the intended management of the data.
It specifies five distinct purposes for data sharing, which encompass improving service delivery, addressing emergencies, safeguarding public health, and advancing the public interest.
This framework facilitates a more streamlined and cohesive government, allowing for quicker policy responses and enhanced public service results.
For instance, during a health emergency, the exchange of real-time data between the Health Ministry and emergency services can result in swifter interventions and more informed decision-making.
(Image: Unsplash/Kah Hay Chee)Legal safeguards and responsible discretion
While the Act promotes data sharing, it does not impose it as a requirement. Rather, it grants agencies the authority to assess each request based on three fundamental criteria: the legitimacy of the data sharing purpose, its alignment with the public interest, and the presence of adequate data security measures by the requesting agency.
Furthermore, the Act delineates acceptable reasons for refusal, including issues related to national security, the safeguarding of legal professional privilege, or the potential risk to individual safety.
These provisions ensure that data sharing is conducted in a responsible, justified manner that adheres to legal and ethical standards.
Enforcing accountability and data security
Under the Act, data providers and recipients must comply with strict legal requirements once data sharing is authorised. These obligations are crucial for responsible data management.
First, all parties must adhere to relevant laws governing the data, ensuring that sharing occurs within established regulations.
Secondly, robust security measures must be implemented to protect against loss, misuse, or unauthorised access, which is essential for maintaining the integrity and confidentiality of sensitive information.
Additionally, data providers and recipients are required to keep comprehensive records of shared data. This documentation ensures accountability and aids in tracking data usage to comply with legal standards.
Any incidents of unauthorised access or data breaches must be reported promptly to promote transparency and responsiveness.
Finally, compliance with additional requirements from the National Data Sharing Committee is vital. These guidelines enhance the data sharing framework, fostering trust and accountability in the public sector.
By adhering to these protocols, organisations can protect sensitive information throughout the data handling process, thereby reinforcing public confidence in data management.
Regulating third-party involvement
Many public agencies depend on private sector companies for data management services, including cloud hosting, analytics, and software development.
The Act requires that if a data recipient plans to engage a third party for data handling, the consent of the original data provider must first be obtained.
This provision has important implications for businesses working with government agencies. It reinforces the importance of data governance and ensures that private companies handling government data operate within clearly defined legal boundaries.
As a result, it fosters more secure public-private partnerships and protects the integrity of shared data.
Penalising unauthorised use and disclosure
To deter data misuse, the Act introduces strict penalties. Any public officer or agent who discloses or uses shared data beyond the approved scope can be fined up to RM1 million, sentenced to five years’ imprisonment, or both.
This sends a clear message that data misuse will be treated seriously, strengthening accountability and ensuring public trust in the system.
(Image: Freepik)Supporting transparency through open data
While the Act regulates formal data sharing between agencies, it makes an important distinction for open data i.e., data that is freely available to the public.
The Act clarifies that open data is exempt from formal request procedures, allowing it to be accessed and reused without restriction.
This supports greater transparency and encourages innovation from the public, researchers, and private sector actors who rely on public datasets for development and analysis.
Impact on the private sector
Although the Data Sharing Act 2025 primarily applies to government agencies, the private sector is indirectly but significantly affected.
Businesses that provide digital services to public institutions must now align their operations with the standards set by the Act.
Additionally, private data held by government bodies such as utility usage, financial records, or health statistics may be subject to sharing between agencies, making it important for businesses to understand the legal environment in which their data may be used.
The Act also opens up new opportunities for technology providers, data analysts, and cybersecurity firms to support the government’s data-driven initiatives.
Companies that invest in secure, compliant data practices will be better positioned to build trusted partnerships with public agencies.
Conclusion
The Data Sharing Act 2025 represents a significant advancement in Malaysia’s approach to digital governance.
It facilitates a more interconnected, responsive, and accountable public sector, while simultaneously establishing a framework that affects the data management practices of private enterprises.
By defining explicit protocols, legal protections, and obligations, the Act provides a robust basis for the nation’s data-centric future.
As data increasingly drives innovation and change across various sectors, this legislation guarantees that Malaysia is prepared to leverage its capabilities in a secure, ethical, and transparent manner.
R. Paneir Selvam is the principal consultant of Arunachala Research & Consultancy Sdn Bhd, a think tank specialising in strategic national and geopolitical matters.
The views expressed are solely of the author and do not necessarily reflect those of MMKtT. 
- Focus Malaysia.

---