HR’s Critical Role in Managing Corruption, Harassment and Data Risk in Malaysia

In today’s Malaysian regulatory environment, Human Resources (HR) is no longer a purely administrative function. It has evolved into a frontline risk manager responsible for safeguarding organisations against legal exposure, reputational damage, and internal misconduct. Among the most pressing areas of concern are corruption, sexual harassment, and data protection. These are not isolated issues. They are deeply interconnected and, if mismanaged, can quickly escalate into serious legal and commercial consequences.

1. Bribery & Corruption

The introduction of Section 17A of the Malaysian Anti-Corruption Commission Act 2009 marked a significant shift in how corporate liability is viewed in Malaysia. Organisations can now be held criminally liable for corrupt acts committed by employees or associated persons if such acts are carried out for the benefit of the company. The law makes it clear that ignorance is no defence.

Employers must be able to demonstrate that adequate procedures were in place to prevent corruption. This has placed HR at the centre of compliance efforts. Cases such as Public Prosecutor v Mohd Shukri bin Mohd Salleh & Ors, involving Felda Investment Corporation,

illustrate how misconduct at senior levels can expose systemic weaknesses and result in significant financial and reputational harm. From an HR perspective, this underscores the need to move beyond policies on paper. Organisations must actively embed ethical behaviour through training, enforcement, whistleblowing mechanisms, and proper screening processes. Without these, the risk under Section 17A becomes not only real, but difficult to defend.

2. Sexual Harassment

Sexual harassment presents a different but equally critical challenge, where legal obligations intersect directly with workplace culture. Under the Employment Act 1955, employers are required to inquire into complaints of sexual harassment and take appropriate action. Failure to do so can expose the organisation to claims, including constructive dismissal. 

The Industrial Court has long established that employer inaction or poor handling of workplace issues can justify such claims, as seen in Wong Chee Hong v Cathay Organisation (M) Sdn Bhd. 

In practice, the risk often lies not only in the misconduct itself, but in how the organisation responds. Poorly managed complaints can quickly erode trust and escalate into reputational crises, particularly in an era where allegations can become public within hours. HR must therefore ensure that reporting channels are safe 

and confidential, investigations are conducted impartially, and managers are properly trained to respond appropriately. Timely and consistent action is essential. Ultimately, organisations that treat harassment as a compliance exercise alone will fall short. 

3. Data Protection (PDPA)

Data protection is another area where HR carries significant exposure. The Personal Data Protection Act 2010 governs how personal data is collected, processed, and stored, and HR departments routinely handle some of the most sensitive information within the organisation. Many cases of corporate information leak and data breaches were not solely technical issues, but also due to weak internal controls and human error.

For HR, this means adopting a disciplined approach to data governance. Access to sensitive information must be strictly controlled, data should be properly classified, and employees must be educated on handling personal information responsibly. Compliance also requires proper consent management and documentation, supported by close collaboration with IT to ensure adequate security measures are in place. Beyond regulatory penalties, failures in data protection undermine employee confidence and organisational credibility.

Across these three areas, a common theme emerges. Most risks are preventable, but only where there is a structured and proactive approach. HR occupies a unique position at the intersection of policy, people, and organisational behaviour. This places it in a strategic role, not merely as an enforcer of rules, but as a key driver of governance and risk management. Organisations that adopt a reactive stance often find themselves dealing with investigations, Industrial Court claims, and public scrutiny. In contrast, those that invest in clear frameworks, training, and leadership alignment are better equipped to prevent issues before they arise.

Wong Chee Hong v Cathay Organisation (M) Sdn Bhd [1988] 1 MLJ 92, 

Public Prosecutor v Mohd Shukri bin Mohd Salleh & Ors [1995] 3 MLJ 229

Public Course:

Zero Tolerance, Full Compliance:

HR’s Guide to Corruption, Sexual Harrassment & Data Protection

To support organisations in strengthening these critical areas, we will be conducting an upcoming public course focused on corruption, workplace harassment handling, and PDPA compliance from a practical HR and IR perspective. 

Find out more