“I don’t think that telling every single thing...while it’s good for your (the media) story...I don’t think it will help us (the government) to manage the security of the system.”
PUTRAJAYA (Jan 4): A set of access control mechanisms has been put in place for government officers’ access to data in the Central Database Hub (Padu), said Economy Minister Rafizi Ramli.
During a press conference on Thursday, in response to a question on who in the government can access the data stored in Padu, Rafizi said Padu has been developed in compliance with industry standards, including a mechanism of access control as a security measure is in place.
“It’d be long if I had to say it all, but the whole architecture [of Padu] has been developed in compliance with industry standards, a security measure for any application is access control,” said Rafizi.
“So access control means only some...if you are at this level, you can only access that. So, all the access controls are in place,” he added.
Rafizi also said that data retrieved by individuals will only have access to “granular data” and not a whole data set, which will also be scrambled — have sensitive data obfuscated or removed.
“I don’t think that telling every single thing...while it's good for your (the media) story...I don’t think it will help us (the government) to manage the security of the system," he said.
Towards further allaying data security concerns, Rafizi explained that the government employed the help of an independent panel of non-government experts with an independent mandate to audit Padu’s system architecture and security measures.
“And, based on their recommendation and endorsement, Padu was allowed to go live on Jan 2,” he said.
“[However], you can think of everything, but people have a way of using a system differently than using it as designed.
“That’s just how apps and software work nowadays, that’s why it has to go out and we have to be responsive and be transparent and we have to fix it as we go along,” he added.
Besides this, Rafizi also noted that the server storing data inputted by users on the Padu portal is separate from the data stored in the Padu system.
Read also:
Rafizi rubbishes Lawyers for Liberty's claim, says PDPA exemption not an issue for Padu
Padu to flag false info from existing databases like IRB, EPF and the cash aid STR
Padu’s March 31 deadline crucial to govt's fiscal consolidation plans — Rafizi
PM launches Padu ahead of targeted subsidy implementation