Verity journal

The Short Answer: No—Not Without Conditions

In today’s data-driven world, background checks without consent in Malaysia can be risky and unlawful. 

In Malaysia, you generally cannot perform a background check without the individual’s consent, unless you meet very specific criteria under the Personal Data Protection Act (PDPA) 2010. The act regulates how personal data is collected, processed, and used including during background screening in Malaysia. 

What PDPA Malaysia Says About Consent

The PDPA Malaysia has seven key principles. When it comes to background checks, two are especially important:

• Notice and Consent Principle – You must inform and get consent from the individual before collecting or processing their personal data.
• Purpose Limitation Principle – You must only use the data for legitimate and clearly defined purposes such as employment screening.

This means any PDPA-compliant background check must involve clear, documented consent unless an exception applies.

When You Can’t Skip Consent

You must NOT proceed with a background check if:

• The candidate or employee has not given written consent
• The data collected goes beyond the purpose stated
• You’re using third-party sources without disclosure
• You’re screening for personal or unrelated purposes

Doing so could lead to penalties, lawsuits, or damage to your employer brand.

When Background Check Without Consent Might Be Allowed (Limited Cases)

There are narrow scenarios where consent may not be needed, usually for public interest or legitimate legal grounds. These may include:

• Court orders or legal investigations
• Regulatory or compliance screenings under specific laws (e.g., AMLA, BNM, MACC Section 17A)
• Screening for fraud prevention or due diligence, if justified under “legitimate interest” and properly documented

Even then, you should always consult your legal or compliance team, and ensure that the process is still aligned with PDPA rules.

What Is the PDPA-Compliant Way to Run Background Checks?

To stay on the right side of PDPA Malaysia, here’s what employers must do:

1. Get written consent before initiating any employment check
2. Explain what you’re screening for (e.g., education, criminal, reference)
3. Only collect what is necessary for hiring or employment
4. Use a certified provider like Verity Intelligence that is ISO 27001 certified and PDPA-compliant

Want to Run Fast, Compliant Checks?

Use VERISafe, Verity’s instant background screening tool designed for PDPA-compliant use by employers.

It checks for:

• Criminal records
• Global sanctions
• Watchlists
• Blacklists

Stay safe, stay smart, and always screen with a trusted, PDPA-compliant provider such as Verity Intelligence.