The recent news report of a potential data breach at the National Registration Department (JPN) raises concern regarding the security measures that are in place to protect the rakyat’s data. The report states that a database of four million Malaysian citizens containing data freshly obtained from JPN and hasil.gov.my (Inland Revenue Board) through the MyIdentity API has been put on sale through an online forum.
1. Data security must be of a high standard
The government must be held to at least the same standard as private companies, if not higher, when it comes to both data protection and security. This is especially true for data that is highly personal in nature. JPN, in charge of one of the most important databases of personal data in the country, must be held to the highest of security standards.
For example, regular penetration testing is one of the most basic measures that should be carried out by all
government agencies controlling personal data - it should be made clear if this is currently practiced, as the intrusion analyst who first reported these leaks claims that his previous efforts to inform the agencies about these leaks were not taken seriously.
Secondly, the fact that ten different government databases are accessible through a single API suggests that it may not have been designed with the highest security standards in mind. There should be
an emphasis on security by design and privacy by design for public digital services.
2. Transparency is paramount
The fact that myIDENTITY depends on citizens voluntarily updating their personal data makes a potential breach even more consequential for public trust. Trust needs to be earned - people will be less willing to offer their personal data if they cannot be confident in the government’s ability and willingness to protect it. The most important element in building trust is to be transparent. Estonia, a world leader in e-government, has illustrated this point time and again by being fully transparent about (i) the way they use citizens’ data (use cases) and (ii) data breaches or other shortcomings. If the Malaysian government truly wants to provide better digital public services, it would do well to practice this level of transparency.
3. Invest in cybersecurity, review PDPA
The government’s ‘Cloud First’ strategy and MyDigital policy, which intends to migrate 80% of public data to hybrid cloud systems by the end of 2022, must include serious investment in cybersecurity in the public sector. We must also review our data protection laws and update the Personal Data Protection Act (PDPA) with particular attention to the question of the PDPA’s applicability to federal and state governments. One of the key provisions we need to adopt (made evident by these events) is the requirement to inform data subjects when a breach has occurred.
Whilst it is encouraging to note that the government is keen to create a more digital nation, this can only be done if our digital policies are fit for purpose with sufficient attention paid to data security. We need assurance (including in the law) that our personal data will be properly secured before further data centralisation happens and it is only by building trust would the people embrace the necessary digital disruption.
* SERI is a non-partisan think-tank dedicated to the promotion of evidence-based policies that address issues of inequality, particularly at the intersection of technology and society
**The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the position of Astro AWANI.
Astro Awani
Fri Oct 01 2021
Whilst it is encouraging to note that the government is keen to create a more digital nation, this can only be done if our digital policies are fit for purpose with sufficient attention paid to data security, says think-tank SERI - File Pic
COP29 climate summit draft proposes rich countries pay $250 billion per year
The draft finance deal criticised by both developed and developing nations.
Bomb squad sent to London's Gatwick Airport after terminal evacuation
This was following the discovery of a suspected prohibited item in luggage.
Kelantan urges caution amidst northeast monsoon rains
Kelantan has reminded the public in the state to refrain from outdoor activities with the arrival of the Northeast Monsoon season.
Former New Zealand PM Jacinda Ardern receives UN leadership award
Former New Zealand prime minister Jacinda Ardern was given a global leadership award by the United Nations Foundation.
ICC'S arrest warrants for Netanyahu, Gallant an apt decision - PM
The decision of the ICC to issue arrest warrants against Benjamin Netanyahu and Yoav Gallant is apt, said Datuk Seri Anwar Ibrahim.
KTMB provides two additional ETS trains for Christmas, school holidays
KTMB will provide two additional ETS trains for the KL Sentral-Padang Besar route and return trips in conjunction with the holidays.
BNM'S international reserves rise to USD118 bil as at Nov 15, 2024
Malaysia's international reserves rose to US$118.0 billion as at Nov 15, 2024, up from US$117.6 billion on Oct 30, 2024.
Findings by dark energy researchers back Einstein's conception of gravity
The findings announced are part of a years-long study of the history of the cosmos focusing upon dark energy.
NRES responds to Rimbawatch press release on COP29
The Ministry of Natural Resources and Environmental Sustainability (NRES) wishes to offer the following clarifications to the issues raised.
Online Safety Bill and Anti-Cyberbullying Laws must carefully balance rights and protections
The Online Safety Advocacy Group (OSAG) stands united with people in Malaysia in the fight against serious online harms.
Malaysia's inflation at 1.9 pct in Oct 2024 - DOSM
Malaysia's inflation rate for October 2024 has increased to 1.9 per cent, up from 1.8 per cent in September this year.
Saudi Arabia showcases Vision 2030 goals at Airshow China 2024
For the first time, Saudi Arabia is participating in the China International Aviation & Aerospace Exhibition held recently in Zhuhai.
King Charles' coronation cost GBP 71mil, govt accounts show
The coronation of Britain's King Charles cost taxpayers GBP72 million (US$90 million), official accounts have revealed.
Couple and associate charged with trafficking 51.9 kg of meth
A married couple and a man were charged in the Magistrate's Court here today with trafficking 51.974 kilogrammes of Methamphetamine.
PDRM to consult AGC in completing Teoh Beng Hock investigation
The police may seek new testimony from existing witnesses for additional insights into the investigation of Teoh Beng Hock's death.
Thai court rejects petition over ex-PM Thaksin's political influence
Thailand's Constitutional Court rejects a petition seeking to stop Thaksin Shinawatra from interfering in the running the Pheu Thai party.
Abidin takes oath of office as Sungai Bakap assemblyman
The State Assemblyman for Sungai Bakap, Abidin Ismail, was sworn in today at the State Assembly building, Lebuh Light.
UPNM cadet officer charged with injuring junior, stomping on him with spike boots
A cadet officer at UPNM pleaded not guilty to a charge of injuring his junior by stomping on the victim's stomach with spike boots.
How Indian billionaire Gautam Adani's alleged bribery scheme took off and unraveled
The indictment was unsealed on Nov. 20, prompting a $27 billion plunge in Adani Group companies' market value.
Elon Musk blasts Australia's planned ban on social media for children
Several countries have already vowed to curb social media use by children through legislation, but Australia's policy could become one of the most stringent.