IN an era where data is king, the launch of Malaysia’s Central Database Hub (Padu) marks a significant milestone.
For the first time, the government will be collecting personal data on an unprecedented scale – everything from IC numbers and addresses to bank details and property ownership – into a single repository.
While revolutionary in its potential to streamline government services and target subsidies effectively, this initiative raises profound concerns about the security and privacy of our data.
Currently, we have the Personal Data Protection Act on the books. However, under Section 3(1) of the Act, this law does not apply to the government.
Does this mean the extensive data collected through Padu is not afforded the same protections as it would if it was collected by private entities?
Previous data misuse and breaches in government systems only exacerbate our fear.
Cybersecurity firm Surfshark has listed Malaysia as the eighth most breached country globally in Q3 2023, with 494,699 leaked accounts. This represents a 144% increase in breach rate compared to Q2 2023.
The national cybersecurity specialist agency, CyberSecurity Malaysia, under the Digital Ministry’s jurisdiction, reported that the government sector experienced the highest number of data breaches in the first half of 2023.
According to its midyear threat landscape report, leaks from the government sector constituted 22% of total security breaches from January to June 2023.
The fundamental questions cannot be avoided: Can we trust the government with so much of our personal information? What assurances are there that it will be protected against misuse and theft?
The answers, according to most analysts and experts, lie in reforming the Personal Data Protection Act (PDPA) to encompass government data handling.
Amending the PDPA to include the government and all its agencies would be a significant step toward securing public confidence.
It would ensure the same rigorous data protection standards applied to private entities are also binding upon the government.
Such an amendment would not just be a legal formality; it would be the government’s commitment to the people, a reassurance that our personal information is valued and protected with the highest standards of security and privacy.
It would demonstrate a recognition of the principle that with great power comes great responsibility, especially when that power involves access to the extensive details of one’s financial and personal life.
While Padu presents an opportunity for public administration in Malaysia to take a huge leap forward, it also poses a significant risk to personal privacy if not appropriately managed.
The need to amend the PDPA to apply to data collected by the government is not just a regulatory necessity but a critical step in building trust between the citizens and the state.
Only with such legislative safeguards can the government assure its people that their data, their most personal and sensitive information, is in safe hands.