As AI tools become increasingly common in Malaysian workplaces, employers should implement clear AI usage policies to ensure PDPA 2010 compliance. Without proper controls, companies risk data leakage and quality control issues.
This guide breaks down what Malaysian employers should include in a workplace AI policy to promote responsible use of artificial intelligence and protect themselves from potential legal liability.
The law on workplace AI use
Malaysia currently has no specific legislation regulating workplace AI use. However, key points to note are that:
- employers should set clear boundaries on AI tool usage through documented policies
- existing laws still apply, including confidentiality obligations, data protection principles, and intellectual property rights
- employees remain accountable for work outputs, even when AI tools are used to assist or generate content
Why employment contracts aren’t enough
Most employment contracts include brief confidentiality clauses but don’t specifically address AI tool usage or data handling with artificial intelligence platforms or other generative AI systems.
An AI usage policy fills the gaps by explaining:
- which AI tools are approved for work use
- what data can and cannot be input into AI systems
- quality control and verification requirements for AI-generated content
- consequences for unauthorised AI tool use or data breaches
This ensures employees understand how to use AI tools safely while protecting company confidential information and maintaining work quality standards.
Key inclusions
| Area | What the policy should cover |
| Approved and prohibited AI tools |
Clearly specify which AI tools employees may and may not use for work purposes, including:
|
| Data protection and confidentiality with AI tools |
Establish clear boundaries on what information may be shared with AI systems, ensuring sensitive data is not input into AI tools, including:
|
| Quality control and human oversight |
|
| Prohibited uses of AI tools | Clearly define unacceptable AI usage, including:
|
| Consequences for policy violations |
|
Balance innovation and risk management
The goal of an AI usage policy is to enable productive AI use while managing risks, and the best practice approach will likely involve:
- providing clear approved AI tools so employees can work efficiently
- focusing restrictions on real risks rather than banning all AI use
- regularly reviewing and updating policy as AI tools and capabilities evolve
- encouraging employees to suggest useful AI tools for company evaluation
Realistically, it’s not possible to stop employees from using AI tools at work, so the focus should therefore be on ensuring employees to understand data leakage risks and take measures to prevent them.
Safely grow your business with AI
A clear AI usage policy ensures your business benefits from AI innovation while managing associated risks. If you are looking to develop an AI Usage Policy or update your existing framework, we can help you draft clear policies that enable productive AI use while protecting your business, integrated with your employment contracts and workplace policies.
