MyKad

Detects MyKad patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: pattern has strong structural constraints (specific format, prefix, or character class restrictions) that significantly reduce false positive rates. Context label evidence plus explicit template/example exclusion improves precision for high-risk identifiers. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

my

Regulations

PDPA (Malaysia)

Frameworks

ISO 27001, ISO 27701

Data categories

pii, government-id

Scope

narrow

Risk rating

9

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible

Pattern

\b\d{6}-?\d{2}-?\d{4}\b

Corroborative evidence keywords

MyKad, NRIC, identity card, kad pengenalan, ID number, identification, ID card, license, permit, registration, certificate, data record, database record, record set, data extract, data export, database table, spreadsheet, data registry, registry entry (+14 more)

Proximity: 300 characters

Should match

• 750101-01-1234 — MyKad with state code 01
• 880512-14-5678 — MyKad with state code 14
• 920303-07-4567 — MyKad with state code 07

Should not match

• 750101-1-1234 — State code too short
• 75010-01-1234 — Date part too short
• sample template placeholder number 123456789 — Template/sample context should be excluded even when numeric-like values appear
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• The specific dash-separated format (XXXXXX-XX-XXXX) reduces false positives significantly. Mitigation: The structured format with embedded date and state code provides strong validation. Keyword context further improves accuracy.
• In multiple languages, similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.

References

• Malaysia Identity Card Number entity definition - Microsoft Learn