KUALA LUMPUR (Jan 4): Human rights and law reform non-governmental organisation Lawyers for Liberty (LFL) said whilst there are valid reasons advanced why the Central Database Hub (Padu) system initiative is necessary, there are legitimate and serious concerns regarding the protection and security of the data collected.
In a statement on Thursday, LFL director Zaid Malek said that as it stands, section 3(1) of the Personal Data Protection Act 2010 (PDPA) exempts the government from its application, meaning that the data collected by Padu can be disseminated or used by the government beyond its declared purpose of targeted subsidies.
He said there have been cases of misuse of data by the government before where personal data were used to disseminate propaganda by way of SMS to the public.
“It would be a massive betrayal of trust should data collected from the public be used by the government for any political purposes.
“Furthermore, with the data collected being centralised on a single platform, the security of the data must be made a priority,” he said.
Zaid said the government unfortunately has a bad track record of data protection; adding that there are numerous reports of data being stolen from multiple government agencies, exposing users to scams and data fraud with no legal recourse as the government is exempt from liability under the PDPA.
“This puts the public in a terrible disadvantage and danger of loss and damage.
Zaid also highlighted that Economy Minister Mohd Rafizi Ramli had talked about bringing in an ‘Omnibus Bill’ to deal with these matters.
“But details of this Bill are lacking. And surely it is obvious that the so-called Omnibus Bill should have come in before implementing the Padu scheme?
“It is thus not enough for the government to make verbal assurances that the data collected under Padu are not misused or will be protected,” he said.
Zaid said there is a need for an immediate amendment to the PDPA to place responsibility and liability on the government as well as the agencies responsible for the protection and security of the data collected.
“Whether there is an Omnibus Bill or not, the amendments to the PDPA must be done.
“There also must be a system in place for a public inquiry should any data breaches occur so that users that are affected can be informed of the breach and take necessary action against anyone responsible for the breach,” he said.
Zaid said without the amendments being made before the launch of Padu, the public cannot be assured that their data will be protected from misuse by the government or scammers and unscrupulous individuals who will undoubtedly target the massive database.
“This type of criminality is notoriously widespread now and has become regional.
“It is strange that the government has proceeded without fixing the law as this is tantamount to ‘putting the horse before the cart'”, he said.
Read also:
Padu to flag false info from existing databases like IRB, EPF and the cash aid STR
Padu registration should be suspended until the security flaws are fixed, says Ong Kian Ming
Rafizi allays concerns about Padu registration after former lawmaker raises possible teething issues
PM launches Padu ahead of targeted subsidy implementation
IDEAS: Uptake among ministries, public, key to ensure Padu’s success
Rafizi rubbishes Lawyers for Liberty's claim, says PDPA exemption not an issue for Padu
Lawyers for Liberty: Rafizi’s claim that govt data must not be subjected to PDPA is baseless, goes against global trend