It's a situation many Malaysians have faced: you’re about to enter a building when a security guard asks to hold or scan your MyKad. Out of habit or politeness, you comply. But did you know, they’re not actually allowed to do that?
According to the National Registration Department (JPN), security guards have no legal authority to request, hold, or scan your MyKad. Under Regulation 7(1) of the National Registration Regulations 1990, only five categories of officials are authorised to do so:
That’s it. No private security personnel. No mall guards. No reception desk clerks.
Photo via WeirdKaya
The issue recently gained attention after an incident where a security guard at a premise allegedly used an electronic device to scan a visitor’s MyKad. This sparked public concern — and rightly so.
JPN made it clear that even the use of electronic devices to scan MyKad data is not allowed for private entities. Such actions can breach the Personal Data Protection Act (PDPA) 2010, which protects individuals from the misuse of their personal information.
“Any processing of personal data by private parties is subject to the PDPA 2010, which sets clear guidelines and responsibilities to protect individual privacy,” JPN stated, adding that unauthorised MyKad scanning or collection could result in legal action.
As technology becomes more embedded in our daily lives, it’s easy to overlook the small actions that put our personal data at risk. But it's important to remember: your identity is yours to protect.
PSA: Never feel pressured to hand over your MyKad to anyone who isn't legally authorised. If someone insists, ask for their credentials — and don’t be afraid to walk away or report them. Your safety and identity should never be taken lightly.
