PETALING JAYA: While Malaysia has made significant headway in digital payments, the country is still in the early stages with regards to data exchange and digital identity, says Ernst and Young Consulting Sdn Bhd deputy consulting leader Shankar Kanabiran.
These three components are what make up a national-scale digital public infrastructure (DPI), which is essentially a comprehensive system of digital services, tools and technologies provided by the government and other stakeholders to support a digital society.
To date, Malaysia’s DPI journey includes digital initiatives such as the development of MyDigital ID, DuitNow QR, Malaysian Government Central Data Exchange (MyGDX) and the Central Database Hub (Padu).
“In terms of digital payments like DuitNow QR, we are quite mature. In 2022, about 1.2 billion digital transactions were done via the DuitNow platform, showcasing its success. However, on the digital identity front like the recently launched MyDigital ID, while it is a good start, it is still in the early stages.
“Moreover, with regards to data exchange, we have MyGDX, which enables data sharing across public agencies, but the scope of data is limited to the administrative data of citizens,” Shankar told StarBiz.
Having a good DPI infrastructure is crucial as it helps the country to leapfrog in terms of nation building as it enhances connectivity and ease of access, he added.
Some global examples include Singapore’s Singpass, India’s Aadhaar and Estonia’s e-Residency programme, which Malaysia can use as references in developing its own DPI.
“Singpass is a good example of a successful digital ID rollout that allows residents to access services from over 700 government agencies and private sector organisations with a single indentification.
“In the case of India, prior to Aadhaar, in terms of financial inclusion, the availability of bank accounts for their citizens was in a low digit percentage coverage.”
Shankar pointed out that today, almost 80% of their citizens have bank accounts.
“Additionally, when the government of India wants to distribute benefits like cash to the poor segment of the population, the process is made easier with Aadhaar. It also reduces leakage and enhances efficiency as well,” Shankar said.
Undeniably, one of the key concerns when it comes to DPI is the security and privacy of data within the DPI infrastructure. On this note, the government has been making strides to improve data governance, security and privacy, with the Cyber Security Act 2024, the Personal Data Protection (Amendment) Bill 2024 and the soon-to-be finalised Omnibus Bill.
PwC Malaysia digital trust and cybersecurity leader Clarence Chan highlighted the need for checks and balances in ensuring policies are robust and deliver the expected results.
“The new policies enacted are definitely in the right direction. Beyond technology, the governance framework surrounding the implementation is key.
“Countries like Singapore, India, and Estonia may utilise different infrastructures and technology platforms, but a key factor in their success is the governance frameworks surrounding them.
“These governance structures coupled with strong enforcement, are ultimately what ensures the effective implementation of security, privacy and policy measures,” he said.
Chan added that the government’s initiatives in the rollout of DPI with Padu and MyGDX are well-intentioned as the setting up of a single repository is necessary in facilitating data exchange.
Nonetheless, he also opined that integration challenges remain, for instance when various government agencies, who are using a mix of legacy as well as modernised infrastructures and applications, connect to the platform.
“This may create potential vulnerabilities for cyber attackers to exploit. However, the positive point is we are not the first to invest in such infrastructure and there are numerous references and use cases from countries like India and Singapore," Chan said.
Shankar said any DPI infrastructure needs to have the right framework and cybersecurity protocols to build and maintain strong public trust in the system.
“The trust framework is defined with eight key principles; security and privacy, transparency, interoperability, accountability, reliability, redressability, user-centricity and inclusivity.”
Even with Padu, Shankar said some of these principles are applied as well.
“Padu employs a distributed database system, which minimises the risk of a total data breach.
“Encryption, multi-factor authentication, compliance with international standards like the ISO 27001, along with user control and consent management are some of the things that the government needs to take into consideration to ensure that users are comfortable with the DPI,” he said.
Apart from addressing cybersecurity concerns, stakeholder engagement is also another important aspect in having a good DPI, particularly in making sure that various agencies are onboarded to drive take-up.
“The other element is on public and private collaborations by enabling entrepreneurs and the private sector to innovate and utilise digital IDs so that it creates demand for the DPI.
“There is a fair bit of such collaboration in the space of digital payments in Malaysia looking at DuitNow QR, which has gone into retail, transportation and so on,” Shankar said.
Ultimately, there is no one way in measuring the success of the rollout and implementation of DPI. Take-up rate is also not the sole yardstick.
“The local digital economy contributes around 23% of the gross domestic product and is expected to grow to 25%. Hence, if the availability of DPI can accelerate further to drive innovation and collaboration, then that can be a measure of success.
“Additionally, ensuring that all Malaysians have a digital ID is another indicator of success, as sometimes the necessary infrastructure needs to be created first, before adoption can occur,” Shankar said.