FOR POWER OUTAGE OR BREAKDOWN, PLEASE CALL 15454
FOR POWER OUTAGE OR BREAKDOWN,
PLEASE CALL 15454

Personal Data Protection Notice

This notice provides the key concepts of the full Tenaga Nasional Berhad Personal Data Protection Policy, which is available at our webpage (www.tnb.com.my (“Policy”)).

Personal Data We May Collect & How We Collect It

We may collect your personal data such as personal information directly from you, your authorized representatives, third parties or from publicly resources.

Use of Personal Data Collected

We use your personal data to enable us to provide our services and matters related to it, send information on our services, for the purpose of audit and to comply with the regulatory obligations or industry codes.

With Whom We Share Your Personal Data

We disclose your personal data to the third parties located within or outside Malaysia who work on our behalf or help to provide our services.

If Personal Data Provided by You Is Incomplete

We may not be able provide you with our services for if the personal data given is incomplete.

Your Rights to Access & Correct Your Personal Data

You may access and correct your personal data held by us.

How Long We Will Keep Your Personal Data & How We Protect It

Your personal data will be retained to fulfil the purpose for which it is collected or to comply with legislation and internal requirements in which we will keep it safe.

Consent

By submitting your personal data to us, you consented to the use of it as set out in this Policy.

Our Contact Details

Contact us at [email protected] or 1-300-88-5454.

 

For more information, please download our full PDPA Policy here:

CYBERSECURITY RISK ASSESSMENT

TNB’s cybersecurity framework adopts a strict no-ransom policy and implement defense measures through 2025. The initiative includes enhanced business continuity planning and international security standards compliance. Key measures include coordinating with the Energy Commission on cybersecurity guidelines, conducting system-wide risk assessments, and reviewing remote access protocols. The Risk Management Department oversees updates on cybersecurity operating model, digitalization strategies, and ransomware mitigation strategies among others, while the Legal Service Department assesses Malaysia’s Cyber Security Act 2024 against global benchmarks. TNB plans to achieve ISO/IEC 27001 certification across its ICT operations and will undergo thorough IT and OT security audits. TNB will also develop detailed contingency plans and crisis communication protocols.

In addition to our 24-hour cyber threat monitoring, the following measures prioritising cybersecurity are undertaken:

  • Enhance cybersecurity situational awareness through threat intelligence.
  • Adopt cybersecurity risk assessment protocols for both IT and OT systems.
  • Annual cybersecurity resilience assessments of TNB's key installations conducted by the Jawatankuasa Pemeriksaan Keselamatan Sasaran Penting under the leadership of the Malaysia Chief Government Security Officer (CGSO).
  • Group-wide effort to classify data according to criticality and sensitivity levels.

CYBERSECURITY AWARENESS THROUGH TRAINING

Cybersecurity awareness programme is implemented across the Group through multiple learning modalities, including e-learning modules, newsletters, and hybrid engagement sessions. Employees across all organisational levels are equipped with knowledge of cybersecurity risks and mitigation strategies. This educational framework extends beyond internal stakeholders to encompass contractors and vendors, ensuring a uniform approach to cybersecurity awareness across our entire operational ecosystem.

 

DATA PROTECTION MANAGEMENT

TNB is committed to safeguard data subjects’ personal data in accordance with the Personal Data Protection Act 2010 (PDPA), Personal Data Protection Code of Practice for The Utilities Sector (Electricity) Version 2.0 and other relevant internal policies, guidelines and circulars for the processing and handling of data subjects’ personal data. Additionally, TNB places a high priority on personal data protection, ensuring that our customers personal data is managed with the utmost care and in full compliance with the relevant laws and regulations including having a comprehensive Personal Data Protection (PDP) Policy. The PDP Policy is also applicable to TNB’s subsidiaries. 

 

CUSTOMER DATA MANAGEMENT OUR PRIORITY

We facilitate customer data management through Data Access and Correction Request Forms whereby our customers can easily make requests to access or rectify their personal data in the event of any inaccuracies. A structured data retention framework is implemented, aligned with corporate policies and contractual agreements, whereby data is maintained only for the duration necessary to protect stakeholder interests whilst ensuring compliance with legislative requirements. 

In addressing the demands of global digital integration, we implement security protocols, including identity verification mechanisms to safeguard customer privacy within TNB's ecosystem. We maintain stringent controls over international data transfers to external entities including our service providers and business partners. These external entities are bound by contractual obligations that mandate equivalent data protection standards and restrict data utilisation exclusively to agreed-upon services. 

TNB via its Cyber Security Operating Model (CSOM) have taken proactive and reactive measures in safeguarding our data from breaches or leakages via robust data governance such as the Enterprise Data Governance (EDG) initiative, emulating best practices through international certifications (ISO27001 and PCI DSS), technology controls and 24x7 strict monitoring by our Security Operation Center (SOC). However, in the event of data breach or leakage, our incident response plan will ensure that TNB can swiftly contain the incident and protect the affected entities involved. 

TNB practices a strict onboarding and offboarding policy for employees and contractors, guided by international cybersecurity standards, i.e. National Institute of Standards and Technology (NIST). We adopt best practices and leverage on advanced technology to ensure secure onboarding and offboarding experience for our employees and contractors. 

TNB maintains continuous PDPA compliance through systematic implementation of regular training programmes and awareness sessions across TNB and its subsidiaries. Annual observational audits of personal data protection practices are conducted at designated premises to ensure adherence to the PDPA. Additionally, TNB also implements PDPA e-learning initiative with the identified business units in TNB based on operational needs. 

TNB actively engages with the Personal Data Protection Commissioner's Office (PDP Commissioner’s Office) to establish good working relationships, seek guidance and actively participate in discussion. TNB also proactively provides comprehensive feedback on the PDPA amendments and Public Consultation Papers issued by the PDP Commissioner’s Office. This collaborative relationship facilitates informed guidance and strategic direction for personal data protection initiatives. 

For any enquiries or concerns regarding the administration of customer personal data related to electricity supply, we encourage our customers to reach out to our dedicated Customer Care team. Additionally, for matters related to TNB PDP Policy, our designated Data Protection Officer team is readily available to facilitate any concern. 

RESIDENTIAL

BRIGHTER LIVING.

COMMERCIAL & INDUSTRIAL

BRIGHTER BUSINESS GROWTH.

MEDIA & INVESTORS

TOWARDS BRIGHTER HORIZON.

BUSINESS WITH TNB

BRIGHTER BUSINESS VENTURES.

ABOUT TNB

GET TO KNOW US BETTER.

COPYRIGHT © 2025 TENAGA NASIONAL BERHAD (200866-W). ALL RIGHTS RESERVED.